3party/jsoncpp
0
0
Fork 0
mirror of https://github.com/open-source-parsers/jsoncpp.git synced 2024-12-27 11:21:02 +08:00
Code Issues Projects Releases Wiki Activity

fix security hole for string-key-lengths > 2^30

Browse Source
This commit is contained in:
Christopher Dunn 2015-03-02 23:42:12 -06:00
parent 585b267595
commit 2d653bd15d
2 changed files with 1 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
src/lib_json/json_reader.cpp
View File

@ -1430,6 +1430,7 @@ bool OurReader::readObject(Token& tokenStart) {
return addErrorAndRecover( return addErrorAndRecover(
"Missing ':' after object member name", colon, tokenObjectEnd); "Missing ':' after object member name", colon, tokenObjectEnd);
} }
if (name.length() >= (1U<<30)) throw std::runtime_error("keylength >= 2^30");
Value& value = currentValue()[name]; Value& value = currentValue()[name];
nodes_.push(&value); nodes_.push(&value);
bool ok = readValue(); bool ok = readValue();

2
src/lib_json/json_value.cpp
View File

@ -191,8 +191,6 @@ void Value::CommentInfo::setComment(const char* text, size_t len) {
// Notes: policy_ indicates if the string was allocated when // Notes: policy_ indicates if the string was allocated when
// a string is stored. // a string is stored.
//
// TODO: Check for length > 1GB, in Reader.
Value::CZString::CZString(ArrayIndex index) : cstr_(0), index_(index) {} Value::CZString::CZString(ArrayIndex index) : cstr_(0), index_(index) {}