From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from eggs.gnu.org ([2001:4830:134:3::10]:35592)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <armbru@redhat.com>) id 1ZzR98-0005VI-5C
	for qemu-devel@nongnu.org; Thu, 19 Nov 2015 10:29:14 -0500
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <armbru@redhat.com>) id 1ZzR94-00035Z-W9
	for qemu-devel@nongnu.org; Thu, 19 Nov 2015 10:29:14 -0500
Received: from mx1.redhat.com ([209.132.183.28]:50897)
	by eggs.gnu.org with esmtp (Exim 4.71)
	(envelope-from <armbru@redhat.com>) id 1ZzR94-000350-OD
	for qemu-devel@nongnu.org; Thu, 19 Nov 2015 10:29:10 -0500
Received: from int-mx13.intmail.prod.int.phx2.redhat.com
	(int-mx13.intmail.prod.int.phx2.redhat.com [10.5.11.26])
	by mx1.redhat.com (Postfix) with ESMTPS id 7EEC6C100463
	for <qemu-devel@nongnu.org>; Thu, 19 Nov 2015 15:29:10 +0000 (UTC)
From: Markus Armbruster <armbru@redhat.com>
Date: Thu, 19 Nov 2015 16:29:04 +0100
Message-Id: <1447946948-12489-1-git-send-email-armbru@redhat.com>
Subject: [Qemu-devel] [PATCH v2 0/4] json-streamer: Fix up code to limit
	nesting and size
List-Id: <qemu-devel.nongnu.org>
List-Unsubscribe: <https://lists.nongnu.org/mailman/options/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <http://lists.nongnu.org/archive/html/qemu-devel>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <https://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=subscribe>
To: qemu-devel@nongnu.org
Cc: lcapitulino@redhat.com

Ugh, I almost dropped this on the floor.  I think it should go into
2.5, and I plan to take it through my tree.  If you disagree, please
speak up.

We limit nesting depth and input size to defend against input
triggering excessive heap or stack memory use (commit 29c75dd
json-streamer: limit the maximum recursion depth and maximum token
count).  This limiting is flawed in multiple ways.  Fix it up some.

Not yet fixed: this JSON parser is an absurd memory hog; see last
patch.

v2:
* Trivially rebased, R-bys retained
* PATCH 3: Fix a nearby comment typo [Eric]
* PATCH 4: Simplify make_nest() slightly
* PATCH 5: Commit message tweaked

Markus Armbruster (4):
  json-streamer: Apply nesting limit more sanely
  json-streamer: Don't crash when input exceeds nesting limit
  check-qjson: Add test for JSON nesting depth limit
  json-streamer: Limit number of tokens in addition to total size

 qobject/json-streamer.c | 10 ++++++----
 tests/check-qjson.c     | 25 +++++++++++++++++++++++++
 2 files changed, 31 insertions(+), 4 deletions(-)

-- 
2.4.3