david.venhoff/QEMU-Nyx-fork
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

qjson: Apply nesting limit more sanely

Browse Source 
The nesting limit from commit 29c75dd "json-streamer: limit the
maximum recursion depth and maximum token count" applies separately to
braces and brackets.  This makes no sense.  Apply it to their sum,
because that's actually a measure of recursion depth.

Signed-off-by: Markus Armbruster <armbru@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Message-Id: <1448486613-17634-2-git-send-email-armbru@redhat.com>
This commit is contained in:
Markus Armbruster 2015-11-25 22:23:22 +01:00
parent 3a81a10179
commit 4f2d31fbc0
1 changed files with 1 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
qobject/json-streamer.c
View File

@ -64,8 +64,7 @@ static void json_message_process_token(JSONLexer *lexer, QString *token, JSONTok
parser->bracket_count == 0)) { parser->bracket_count == 0)) {
goto out_emit; goto out_emit;
} else if (parser->token_size > MAX_TOKEN_SIZE || } else if (parser->token_size > MAX_TOKEN_SIZE ||
parser->bracket_count > MAX_NESTING || parser->bracket_count + parser->brace_count > MAX_NESTING) {
parser->brace_count > MAX_NESTING) {
/* Security consideration, we limit total memory allocated per object /* Security consideration, we limit total memory allocated per object
* and the maximum recursion depth that a message can force. * and the maximum recursion depth that a message can force.
*/ */