Parse no deeper than MAX_PARSING_DEPTH

while true; do printf '{"deeper": '; done | jq .
author: W-Mark Kubacki <wmark@hurrikane.de> 2016-08-19 20:10:21 +0200
committer: Nico Williams <nico@cryptonector.com> 2017-01-27 09:59:44 -0600
commit: fd4ae8304e23007672af9a37855c7a76de7c78cf (patch)
tree: 65b168022902334f5ef8f1f83fdf0e71d28c460d
parent: 83e2cf607f3599d208b6b3129092fa7deb2e5292 (diff)
1 files changed, 6 insertions, 0 deletions
diff --git a/src/jv_parse.c b/src/jv_parse.c
index 84245b86..51ad9f09 100644
--- a/src/jv_parse.c
+++ b/src/jv_parse.c
@@ -10,6 +10,10 @@
 
 typedef const char* presult;
 
+#ifndef MAX_PARSING_DEPTH
+#define MAX_PARSING_DEPTH (256)
+#endif
+
 #define TRY(x) do {presult msg__ = (x); if (msg__) return msg__; } while(0)
 #ifdef __GNUC__
 #define pfunc __attribute__((warn_unused_result)) presult
@@ -147,11 +151,13 @@ static void push(struct jv_parser* p, jv v) {
 static pfunc parse_token(struct jv_parser* p, char ch) {
   switch (ch) {
   case '[':
+    if (p->stackpos >= MAX_PARSING_DEPTH) return "Exceeds depth limit for parsing";
     if (jv_is_valid(p->next)) return "Expected separator between values";
     push(p, jv_array());
     break;
 
   case '{':
+    if (p->stackpos >= MAX_PARSING_DEPTH) return "Exceeds depth limit for parsing";
     if (jv_is_valid(p->next)) return "Expected separator between values";
     push(p, jv_object());
     break;
author	W-Mark Kubacki <wmark@hurrikane.de>	2016-08-19 20:10:21 +0200
committer	Nico Williams <nico@cryptonector.com>	2017-01-27 09:59:44 -0600
commit	fd4ae8304e23007672af9a37855c7a76de7c78cf (patch)
tree	65b168022902334f5ef8f1f83fdf0e71d28c460d
parent	83e2cf607f3599d208b6b3129092fa7deb2e5292 (diff)