mirrors/janet
1
0
Fork 0
mirror of https://github.com/janet-lang/janet synced 2025-10-31 15:43:01 +00:00
Code Issues 1 Releases Wiki Activity

Prevent unmarsal DOS in arrays,buffers,tables,and structs.

Browse Source
This commit is contained in:
Calvin Rose
2020-04-05 08:16:40 -05:00
parent b145d47863
commit c4ca0490ee
1 changed files with 5 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
src/core/marsh.c
View File

@@ -1234,6 +1234,10 @@ static const uint8_t *unmarshal_one(
{
data++;
int32_t len = readnat(st, &data);
/* DOS check */
if (lead != LB_REFERENCE) {
MARSH_EOS(st, data - 1 + len);
}
if (lead == LB_ARRAY) {
/* Array */
JanetArray *array = janet_array(len);
@@ -1265,7 +1269,7 @@ static const uint8_t *unmarshal_one(
*out = janet_wrap_struct(janet_struct_end(struct_));
janet_v_push(st->lookup, *out);
} else if (lead == LB_REFERENCE) {
if (len < 0 || len >= janet_v_count(st->lookup))
if (len >= janet_v_count(st->lookup))
janet_panicf("invalid reference %d", len);
*out = st->lookup[len];
} else {