webmcp
changeset 150:35fb4f92a887
Limit maximum depth for JSON parser to 500
| author | jbe | 
|---|---|
| date | Wed Jul 30 23:11:38 2014 +0200 (2014-07-30) | 
| parents | 5229687c7601 | 
| children | 6d2bb696f736 | 
| files | Makefile.options libraries/json/json.c | 
   line diff
1.1 --- a/Makefile.options Wed Jul 30 22:56:21 2014 +0200 1.2 +++ b/Makefile.options Wed Jul 30 23:11:38 2014 +0200 1.3 @@ -8,13 +8,13 @@ 1.4 SLIB_EXT = so 1.5 1.6 # Lua binaries 1.7 -LUA_BIN = lua 1.8 -LUAC_BIN = luac 1.9 +LUA_BIN = lua52 1.10 +LUAC_BIN = luac52 1.11 1.12 # C compiler flags 1.13 # TODO: check alternatives to -D_GNU_SOURCE -fPIC 1.14 # using libtool? 1.15 -CFLAGS = -O2 -D_GNU_SOURCE -fPIC -Wall -I /usr/include -I /usr/local/include -I /usr/local/include/lua52 1.16 +CFLAGS = -g -O0 -D_GNU_SOURCE -fPIC -Wall -I /usr/include -I /usr/local/include -I /usr/local/include/lua52 1.17 1.18 # additional C compiler flags for parts which depend on PostgreSQL 1.19 CFLAGS_PGSQL = -I /usr/local/include/postgresql -I /usr/local/include/postgresql/server
2.1 --- a/libraries/json/json.c Wed Jul 30 22:56:21 2014 +0200 2.2 +++ b/libraries/json/json.c Wed Jul 30 23:11:38 2014 +0200 2.3 @@ -4,7 +4,14 @@ 2.4 #include <string.h> 2.5 2.6 // maximum number of nested JSON values (objects and arrays): 2.7 -#define JSON_MAXDEPTH 100 2.8 +// NOTE: The Lua reference states that the stack may typically contain at least 2.9 +// "a few thousand elements". Since every nested level consumes 2.10 +// 3 elements on the Lua stack (the object/array, its shadow table, 2.11 +// a string key or a placeholder), we limit the number of nested levels 2.12 +// to 500. If a stack overflow would still happen in the import function, 2.13 +// this is detected nevertheless and an error is thrown (instead of 2.14 +// returning nil and an error string). 2.15 +#define JSON_MAXDEPTH 500 2.16 2.17 // macros for usage of Lua registry: 2.18 #define JSON_REGENT char