File CVE-2016-4074.patch of Package jq

Overview Repositories Revisions Requests Users Attributes Meta

File CVE-2016-4074.patch of Package jq

From 83e2cf607f3599d208b6b3129092fa7deb2e5292 Mon Sep 17 00:00:00 2001
From: W-Mark Kubacki <wmark@hurrikane.de>
Date: Fri, 19 Aug 2016 19:50:39 +0200
Subject: [PATCH] Skip printing what's below a MAX_PRINT_DEPTH

This addresses #1136, and mitigates a stack exhaustion when printing
a very deeply nested term.
---
 src/jv_print.c | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/src/jv_print.c b/src/jv_print.c
index 5f4f234..ce4a59a 100644
--- a/src/jv_print.c
+++ b/src/jv_print.c
@@ -13,6 +13,10 @@
 #include "jv_dtoa.h"
 #include "jv_unicode.h"
 
+#ifndef MAX_PRINT_DEPTH
+#define MAX_PRINT_DEPTH (256)
+#endif
+
 #define ESC "\033"
 #define COL(c) (ESC "[" c "m")
 #define COLRESET (ESC "[0m")
@@ -150,7 +154,9 @@ static void jv_dump_term(struct dtoa_context* C, jv x, int flags, int indent, FI
       }
     }
   }
-  switch (jv_get_kind(x)) {
+  if (indent > MAX_PRINT_DEPTH) {
+    put_str("<skipped: too deep>", F, S, flags & JV_PRINT_ISATTY);
+  } else switch (jv_get_kind(x)) {
   default:
   case JV_KIND_INVALID:
     if (flags & JV_PRINT_INVALID) {
From fd4ae8304e23007672af9a37855c7a76de7c78cf Mon Sep 17 00:00:00 2001
From: W-Mark Kubacki <wmark@hurrikane.de>
Date: Fri, 19 Aug 2016 20:10:21 +0200
Subject: [PATCH] Parse no deeper than MAX_PARSING_DEPTH

while true; do printf '{"deeper": '; done | jq .
---
 src/jv_parse.c | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/src/jv_parse.c b/src/jv_parse.c
index 84245b8..51ad9f0 100644
--- a/src/jv_parse.c
+++ b/src/jv_parse.c
@@ -10,6 +10,10 @@
 
 typedef const char* presult;
 
+#ifndef MAX_PARSING_DEPTH
+#define MAX_PARSING_DEPTH (256)
+#endif
+
 #define TRY(x) do {presult msg__ = (x); if (msg__) return msg__; } while(0)
 #ifdef __GNUC__
 #define pfunc __attribute__((warn_unused_result)) presult
@@ -147,11 +151,13 @@ static void push(struct jv_parser* p, jv v) {
 static pfunc parse_token(struct jv_parser* p, char ch) {
   switch (ch) {
   case '[':
+    if (p->stackpos >= MAX_PARSING_DEPTH) return "Exceeds depth limit for parsing";
     if (jv_is_valid(p->next)) return "Expected separator between values";
     push(p, jv_array());
     break;
 
   case '{':
+    if (p->stackpos >= MAX_PARSING_DEPTH) return "Exceeds depth limit for parsing";
     if (jv_is_valid(p->next)) return "Expected separator between values";
     push(p, jv_object());
     break;

Places

File CVE-2016-4074.patch of Package jq

Places