mirror/json-c
1
0
Fork 0
mirror of https://github.com/json-c/json-c.git synced 2026-03-27 00:49:07 +08:00
Code Issues Packages Projects Releases Wiki Activity

Fix: OOM vulnerability cause by is_valid_index

Browse Source 
An OOM vulnerability exists in the json_pointer_set function (and related functions).
See issue #916 for more details.

To fix that, added a sanity check in the is_valid_index function to limit the maximum value of a parsed array index.
Provided a configurable macro for modification.

Signed-off-by: lone <lonechan314@qq.com>
This commit is contained in:
lone
2026-01-25 23:54:27 +08:00
parent d05ea4851f
commit 3d86402028
2 changed files with 18 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
json_pointer.c
View File

@@ -79,6 +79,16 @@ static int is_valid_index(const char *path, size_t *idx)
// but ULLONG_MAX will be longer than any array length so that's ok.
*idx = strtoull(path, NULL, 10);
// Check against a maximum to prevent excessive memory allocations.
// An extremely large index, even if it doesn't overflow size_t,
// will cause a huge memory allocation request via realloc,
// leading to an OOM.
if (*idx > JSON_C_POINTER_MAX_ARRAY_IDX)
{
errno = EINVAL;
return 0;
}
return 1;
}