mirrors
/
kore
mirror of https://git.kore.io/kore.git
1
0
Fork 1
Code Issues Projects Releases Wiki Activity

Small improvements to JSON parser. 

- Don't allow garbage at the end of the JSON data (except whitespace).
- Don't allow objects such as {"a":"b",} or [a,]
This commit is contained in:
Joris Vink 2020-11-19 09:07:42 +01:00
parent 8aa9af1f0c
commit 8c32f8f63b
1 changed files with 25 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

29
src/json.c
View File

@ -99,6 +99,13 @@ kore_json_parse(struct kore_json *json)
return (KORE_RESULT_ERROR);
}
/* Don't allow garbage at the end. */
json_consume_whitespace(json);
if (json->offset != json->length) {
json->error = KORE_JSON_ERR_INVALID_JSON;
return (KORE_RESULT_ERROR);
}
return (KORE_RESULT_OK);
}
@ -479,7 +486,7 @@ json_parse_object(struct kore_json *json, struct kore_json_item *object)
u_int8_t ch;
char *key;
struct kore_json_item *item;
int ret, type;
int ret, type, hasnext;
if (json->depth++ >= KORE_JSON_DEPTH_MAX) {
json->error = KORE_JSON_ERR_DEPTH;
@ -487,6 +494,7 @@ json_parse_object(struct kore_json *json, struct kore_json_item *object)
}
key = NULL;
hasnext = 0;
ret = KORE_RESULT_ERROR;
if (!json_next(json, &ch))
@ -504,6 +512,10 @@ json_parse_object(struct kore_json *json, struct kore_json_item *object)
switch (ch) {
case '}':
if (hasnext) {
json->error = KORE_JSON_ERR_INVALID_JSON;
goto cleanup;
}
json->offset++;
ret = KORE_RESULT_OK;
goto cleanup;
@ -546,8 +558,10 @@ json_parse_object(struct kore_json *json, struct kore_json_item *object)
if (!json_next(json, &ch))
goto cleanup;
if (ch == ',')
if (ch == ',') {
hasnext = 1;
continue;
}
if (ch == '}') {
ret = KORE_RESULT_OK;
@ -572,7 +586,7 @@ json_parse_array(struct kore_json *json, struct kore_json_item *array)
u_int8_t ch;
char *key;
struct kore_json_item *item;
int ret, type;
int ret, type, hasnext;
if (json->depth++ >= KORE_JSON_DEPTH_MAX) {
json->error = KORE_JSON_ERR_DEPTH;
@ -580,6 +594,7 @@ json_parse_array(struct kore_json *json, struct kore_json_item *array)
}
key = NULL;
hasnext = 0;
ret = KORE_RESULT_ERROR;
if (!json_next(json, &ch))
@ -596,6 +611,10 @@ json_parse_array(struct kore_json *json, struct kore_json_item *array)
goto cleanup;
if (ch == ']') {
if (hasnext) {
json->error = KORE_JSON_ERR_INVALID_JSON;
goto cleanup;
}
json->offset++;
ret = KORE_RESULT_OK;
goto cleanup;
@ -617,8 +636,10 @@ json_parse_array(struct kore_json *json, struct kore_json_item *array)
if (!json_next(json, &ch))
goto cleanup;
if (ch == ',')
if (ch == ',') {
hasnext = 1;
continue;
}
if (ch == ']') {
ret = KORE_RESULT_OK;