aboutsummaryrefslogtreecommitdiff
path: root/slirp/ip_icmp.c
diff options
context:
space:
mode:
authorMarkus Armbruster <armbru@redhat.com>2015-11-25 22:23:23 +0100
committerMarkus Armbruster <armbru@redhat.com>2015-11-26 09:18:04 +0100
commit0753113a26bb8c77f951b1ea91fd4f36d099c37a (patch)
tree3b487f57d8f3fb14e322154efb89bd57bc4fca67 /slirp/ip_icmp.c
parent4f2d31fbc0bfdf41feea7d1be49f4f7ffa005534 (diff)
qjson: Don't crash when input exceeds nesting limit
We limit nesting depth and input size to defend against input triggering excessive heap or stack memory use (commit 29c75dd json-streamer: limit the maximum recursion depth and maximum token count). However, when the nesting limit is exceeded, parser_context_peek_token()'s assertion fails. Broken in commit 65c0f1e "json-parser: don't replicate tokens at each level of recursion". To reproduce stuff 1025 open braces or brackets into QMP. Fix by taking the error exit instead of the normal one. Reported-by: Eric Blake <eblake@redhat.com> Signed-off-by: Markus Armbruster <armbru@redhat.com> Reviewed-by: Eric Blake <eblake@redhat.com> Message-Id: <1448486613-17634-3-git-send-email-armbru@redhat.com>
Diffstat (limited to 'slirp/ip_icmp.c')
0 files changed, 0 insertions, 0 deletions