lukechilds
/
lightning
mirror of https://github.com/lukechilds/lightning.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
Browse Source

json: reject incoming JSON which has any unusual characters in tokens. 

ie. non-printable, quotes or escapes.  We allow these outside tokens
(we expect tabs and \n for example).

This is a big hammer, but if someone really wants we can add support
later.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
ppa-0.6.1
Rusty Russell 7 years ago
committed by Christian Decker
parent
112ae0d0f5
commit
5502a19d1e
1 changed files with 24 additions and 0 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 24
      common/json.c

24
common/json.c
View File

@ -272,11 +272,22 @@ bool json_get_params(const char *buffer, const jsmntok_t param[], ...)
return true;
}
static bool strange_chars(const char *str, size_t len)
{
for (size_t i = 0; i < len; i++) {
if (!cisprint(str[i]) || str[i] == '"' || str[i] == '\\')
return true;
}
return false;
}
jsmntok_t *json_parse_input(const char *input, int len, bool *valid)
{
jsmn_parser parser;
jsmntok_t *toks;
jsmnerr_t ret;
size_t i;
toks = tal_arr(input, jsmntok_t, 10);
@ -303,6 +314,19 @@ again:
toks[ret].type = -1;
toks[ret].start = toks[ret].end = toks[ret].size = 0;
/* Don't allow tokens to contain weird characters (outside toks ok). */
for (i = 0; i < ret; i++) {
if (toks[i].type != JSMN_STRING
&& toks[i].type != JSMN_PRIMITIVE)
continue;
if (strange_chars(input + toks[i].start,
toks[i].end - toks[i].start)) {
*valid = false;
return tal_free(toks);
}
}
return toks;
}

Write Preview
Loading…
Cancel
Save