diff options
author | W-Mark Kubacki <wmark@hurrikane.de> | 2016-08-19 20:10:21 +0200 |
---|---|---|
committer | Nico Williams <nico@cryptonector.com> | 2017-01-27 09:59:44 -0600 |
commit | fd4ae8304e23007672af9a37855c7a76de7c78cf (patch) | |
tree | 65b168022902334f5ef8f1f83fdf0e71d28c460d /src/jv_parse.c | |
parent | 83e2cf607f3599d208b6b3129092fa7deb2e5292 (diff) |
Parse no deeper than MAX_PARSING_DEPTH
while true; do printf '{"deeper": '; done | jq .
Diffstat (limited to 'src/jv_parse.c')
-rw-r--r-- | src/jv_parse.c | 6 |
1 files changed, 6 insertions, 0 deletions
diff --git a/src/jv_parse.c b/src/jv_parse.c index 84245b86..51ad9f09 100644 --- a/src/jv_parse.c +++ b/src/jv_parse.c @@ -10,6 +10,10 @@ typedef const char* presult; +#ifndef MAX_PARSING_DEPTH +#define MAX_PARSING_DEPTH (256) +#endif + #define TRY(x) do {presult msg__ = (x); if (msg__) return msg__; } while(0) #ifdef __GNUC__ #define pfunc __attribute__((warn_unused_result)) presult @@ -147,11 +151,13 @@ static void push(struct jv_parser* p, jv v) { static pfunc parse_token(struct jv_parser* p, char ch) { switch (ch) { case '[': + if (p->stackpos >= MAX_PARSING_DEPTH) return "Exceeds depth limit for parsing"; if (jv_is_valid(p->next)) return "Expected separator between values"; push(p, jv_array()); break; case '{': + if (p->stackpos >= MAX_PARSING_DEPTH) return "Exceeds depth limit for parsing"; if (jv_is_valid(p->next)) return "Expected separator between values"; push(p, jv_object()); break; |