feedc0de/ArduinoJson
1
0
Fork 0
forked from bblanchon/ArduinoJson
Code Pull Requests Activity

Added a nesting limit to the parser to prevent stack overflow that could be a security issue

Browse Source
This commit is contained in:
Benoit Blanchon
2014-11-06 10:24:37 +01:00
parent 2e4dd2d591
commit a3425a6306
5 changed files with 104 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
src/Internals/JsonParser.cpp
View File

@ -39,6 +39,9 @@ bool JsonParser::skip(const char *wordToSkip) {
}
void JsonParser::parseAnythingTo(JsonVariant &destination) {
if (_nestingLimit == 0) return;
_nestingLimit--;
skipSpaces();
switch (*_ptr) {
@ -79,6 +82,8 @@ void JsonParser::parseAnythingTo(JsonVariant &destination) {
destination = parseString();
break;
}
_nestingLimit++;
}
JsonArray &JsonParser::parseArray() {

8
src/JsonBuffer.cpp
View File

@ -26,12 +26,12 @@ JsonObject &JsonBuffer::createObject() {
return JsonObject::invalid();
}
JsonArray &JsonBuffer::parseArray(char *json) {
JsonParser parser(this, json);
JsonArray &JsonBuffer::parseArray(char *json, uint8_t nestingLimit) {
JsonParser parser(this, json, nestingLimit);
return parser.parseArray();
}
JsonObject &JsonBuffer::parseObject(char *json) {
JsonParser parser(this, json);
JsonObject &JsonBuffer::parseObject(char *json, uint8_t nestingLimit) {
JsonParser parser(this, json, nestingLimit);
return parser.parseObject();
}