generic-library/jsoncpp
1
0
Fork 0
mirror of https://github.com/open-source-parsers/jsoncpp.git synced 2025-10-12 02:36:37 +02:00
Code Issues Projects Releases Wiki Activity

fix security hole for string-key-lengths > 2^30

Browse Source
This commit is contained in:
Christopher Dunn
2015-03-02 23:42:12 -06:00
parent 585b267595
commit 2d653bd15d
2 changed files with 1 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
src/lib_json/json_reader.cpp
View File

@@ -1430,6 +1430,7 @@ bool OurReader::readObject(Token& tokenStart) {
return addErrorAndRecover(
"Missing ':' after object member name", colon, tokenObjectEnd);
}
if (name.length() >= (1U<<30)) throw std::runtime_error("keylength >= 2^30");
Value& value = currentValue()[name];
nodes_.push(&value);
bool ok = readValue();

2
src/lib_json/json_value.cpp
View File

@@ -191,8 +191,6 @@ void Value::CommentInfo::setComment(const char* text, size_t len) {
// Notes: policy_ indicates if the string was allocated when
// a string is stored.
//
// TODO: Check for length > 1GB, in Reader.
Value::CZString::CZString(ArrayIndex index) : cstr_(0), index_(index) {}