X-Git-Url: https://git.proxmox.com/?a=blobdiff_plain;f=json-streamer.c;h=c255c7818f3af4c6cd9dfca71ee55e8dd63bbb7c;hb=6e1db57b2ac9025c2443c665a0d9e78748637b26;hp=a6cb28f66579c6d8525b7300768280e94cabb5cd;hpb=eca7db46ff8f24a70f4040af3e941dc19fd33ebe;p=qemu.git diff --git a/json-streamer.c b/json-streamer.c index a6cb28f66..c255c7818 100644 --- a/json-streamer.c +++ b/json-streamer.c @@ -56,29 +56,40 @@ static void json_message_process_token(JSONLexer *lexer, QString *token, JSONTok qlist_append(parser->tokens, dict); - if (parser->brace_count < 0 || + if (type == JSON_ERROR) { + goto out_emit_bad; + } else if (parser->brace_count < 0 || parser->bracket_count < 0 || (parser->brace_count == 0 && parser->bracket_count == 0)) { - parser->brace_count = 0; - parser->bracket_count = 0; - parser->emit(parser, parser->tokens); - QDECREF(parser->tokens); - parser->tokens = qlist_new(); - parser->token_size = 0; + goto out_emit; } else if (parser->token_size > MAX_TOKEN_SIZE || parser->bracket_count > MAX_NESTING || parser->brace_count > MAX_NESTING) { /* Security consideration, we limit total memory allocated per object * and the maximum recursion depth that a message can force. */ - parser->brace_count = 0; - parser->bracket_count = 0; - parser->emit(parser, parser->tokens); + goto out_emit; + } + + return; + +out_emit_bad: + /* clear out token list and tell the parser to emit and error + * indication by passing it a NULL list + */ + QDECREF(parser->tokens); + parser->tokens = NULL; +out_emit: + /* send current list of tokens to parser and reset tokenizer */ + parser->brace_count = 0; + parser->bracket_count = 0; + parser->emit(parser, parser->tokens); + if (parser->tokens) { QDECREF(parser->tokens); - parser->tokens = qlist_new(); - parser->token_size = 0; } + parser->tokens = qlist_new(); + parser->token_size = 0; } void json_message_parser_init(JSONMessageParser *parser,