jsmn: upgrade so JSMN_OBJECT's size parameter is usable.

jsmn would accept invalid JSON objects. This is bad because it would set ->size incorrectly: we expect to have at least size * 2 tokens (in pairs). We want to rely on ->size, but this would create an exploitable buffer overflow! Fortunately, this is fixed upstream, so we add a test and upgrade to v1.0.0. Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
6 years ago · 7b59e26dd7
2 changed files with 6 additions and 1 deletions
--- a/common/test/run-json.c
+++ b/common/test/run-json.c
@ -74,6 +74,11 @@ static void test_json_tok_size(void)
 	assert(toks[0].size == 2);
 	assert(toks[2].size == 2);
 	assert(toks[6].size == 2);
+
+	/* This should *not* parse! (used to give toks[0]->size == 2!) */
+	buf = "{ 'satoshi', '546' }";
+	toks = json_parse_input(tmpctx, buf, strlen(buf), &ok);
+	assert(!ok);
 }

 static void test_json_delve(void)
--- a/external/jsmn
+++ b/external/jsmn
@ -1 +1 @@
-Subproject commit 6784c826d9674915a4d89649c6288e6aecb4110d
+Subproject commit 18e9fe42cbfe21d65076f5c77ae2be379ad1270f