mirror of
https://github.com/ElementsProject/lightning.git
synced 2025-03-03 10:46:58 +01:00
json: reject incoming JSON which has any unusual characters in tokens.
ie. non-printable, quotes or escapes. We allow these outside tokens (we expect tabs and \n for example). This is a big hammer, but if someone really wants we can add support later. Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
This commit is contained in:
Rusty Russell
Christian Decker
parent
112ae0d0f5
commit
5502a19d1e
1 changed files with 24 additions and 0 deletions
|
|
@ -272,11 +272,22 @@ bool json_get_params(const char *buffer, const jsmntok_t param[], ...)
|
|||
return true;
|
||||
}
|
||||
|
||||
static bool strange_chars(const char *str, size_t len)
|
||||
{
|
||||
for (size_t i = 0; i < len; i++) {
|
||||
if (!cisprint(str[i]) || str[i] == '"' || str[i] == '\\')
|
||||
return true;
|
||||
}
|
||||
|
||||
return false;
|
||||
}
|
||||
|
||||
jsmntok_t *json_parse_input(const char *input, int len, bool *valid)
|
||||
{
|
||||
jsmn_parser parser;
|
||||
jsmntok_t *toks;
|
||||
jsmnerr_t ret;
|
||||
size_t i;
|
||||
|
||||
toks = tal_arr(input, jsmntok_t, 10);
|
||||
|
||||
|
|
@ -303,6 +314,19 @@ again:
|
|||
toks[ret].type = -1;
|
||||
toks[ret].start = toks[ret].end = toks[ret].size = 0;
|
||||
|
||||
/* Don't allow tokens to contain weird characters (outside toks ok). */
|
||||
for (i = 0; i < ret; i++) {
|
||||
if (toks[i].type != JSMN_STRING
|
||||
&& toks[i].type != JSMN_PRIMITIVE)
|
||||
continue;
|
||||
|
||||
if (strange_chars(input + toks[i].start,
|
||||
toks[i].end - toks[i].start)) {
|
||||
*valid = false;
|
||||
return tal_free(toks);
|
||||
}
|
||||
}
|
||||
|
||||
return toks;
|
||||
}
|
||||
|
||||
|
|
|
|||
Loading…
Add table
Reference in a new issue