mirrors/janet
1
0
Fork 0
mirror of https://github.com/janet-lang/janet synced 2025-05-03 07:54:14 +00:00
Code Issues 1 Releases Wiki Activity

Prevent unmarsal DOS in arrays,buffers,tables,and structs.

Browse Source
This commit is contained in:
Calvin Rose 2020-04-05 08:16:40 -05:00
parent b145d47863
commit c4ca0490ee
1 changed files with 5 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
src/core/marsh.c
View File

@ -1234,6 +1234,10 @@ static const uint8_t *unmarshal_one(
{ {
data++; data++;
int32_t len = readnat(st, &data); int32_t len = readnat(st, &data);
/* DOS check */
if (lead != LB_REFERENCE) {
MARSH_EOS(st, data - 1 + len);
}
if (lead == LB_ARRAY) { if (lead == LB_ARRAY) {
/* Array */ /* Array */
JanetArray *array = janet_array(len); JanetArray *array = janet_array(len);
@ -1265,7 +1269,7 @@ static const uint8_t *unmarshal_one(
*out = janet_wrap_struct(janet_struct_end(struct_)); *out = janet_wrap_struct(janet_struct_end(struct_));
janet_v_push(st->lookup, *out); janet_v_push(st->lookup, *out);
} else if (lead == LB_REFERENCE) { } else if (lead == LB_REFERENCE) {
if (len < 0 || len >= janet_v_count(st->lookup)) if (len >= janet_v_count(st->lookup))
janet_panicf("invalid reference %d", len); janet_panicf("invalid reference %d", len);
*out = st->lookup[len]; *out = st->lookup[len];
} else { } else {