Stop parsing JSON after first finished construct.

Fix https://github.com/bitcoin/bitcoin/issues/6558.  In particular, stop
parsing JSON after the first object or array is finished.  Check that no
other garbage follows, and fail the parser if it does.

1 files changed, 8 insertions, 6 deletions

diff --git a/src/univalue/univalue_read.cpp b/src/univalue/univalue_read.cpp
index 261771811d..64591234cb 100644
--- a/src/univalue/univalue_read.cpp
+++ b/src/univalue/univalue_read.cpp
@@ -244,16 +244,16 @@ bool UniValue::read(const char *raw)
     bool expectColon = false;
     vector<UniValue*> stack;
 
+    string tokenVal;
+    unsigned int consumed;
     enum jtokentype tok = JTOK_NONE;
     enum jtokentype last_tok = JTOK_NONE;
-    while (1) {
+    do {
         last_tok = tok;
 
-        string tokenVal;
-        unsigned int consumed;
         tok = getJsonToken(tokenVal, consumed, raw);
         if (tok == JTOK_NONE || tok == JTOK_ERR)
-            break;
+            return false;
         raw += consumed;
 
         switch (tok) {
@@ -377,9 +377,11 @@ bool UniValue::read(const char *raw)
         default:
             return false;
         }
-    }
+    } while (!stack.empty ());
 
-    if (stack.size() != 0)
+    /* Check that nothing follows the initial construct (parsed above).  */
+    tok = getJsonToken(tokenVal, consumed, raw);
+    if (tok != JTOK_NONE)
         return false;
 
     return true;