-
Notifications
You must be signed in to change notification settings - Fork 4.8k
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
fix(cjson): port cjson fix that improves robustness when handling (#1…
- Loading branch information
Showing
2 changed files
with
29 additions
and
0 deletions.
There are no files selected for viewing
26 changes: 26 additions & 0 deletions
26
build/openresty/patches/lua-cjson-2.1.0.13_01-error-on-t_end.patch
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,26 @@ | ||
From e1fca089680e76896744ec2f25219dd705fe21da Mon Sep 17 00:00:00 2001 | ||
From: Wangchong Zhou <wangchong@konghq.com> | ||
Date: Wed, 17 Apr 2024 18:00:10 +0800 | ||
Subject: [PATCH 1/4] bugfix: throw error if T_END found in the middle of input | ||
|
||
--- | ||
lua_cjson.c | 4 ++++ | ||
tests/test.lua | 5 +++++ | ||
2 files changed, 9 insertions(+) | ||
|
||
diff --git a/bundle/lua-cjson-2.1.0.13/lua_cjson.c b/bundle/lua-cjson-2.1.0.13/lua_cjson.c | ||
index 363466c..7343f32 100644 | ||
--- a/bundle/lua-cjson-2.1.0.13/lua_cjson.c | ||
+++ b/bundle/lua-cjson-2.1.0.13/lua_cjson.c | ||
@@ -1437,6 +1437,10 @@ static int json_decode(lua_State *l) | ||
if (token.type != T_END) | ||
json_throw_parse_error(l, &json, "the end", &token); | ||
|
||
+ /* Make sure T_END (\x00) doesn't occur at middle of input */ | ||
+ if (json.data + json_len > json.ptr) | ||
+ json_throw_parse_error(l, &json, "EOF", &token); | ||
+ | ||
strbuf_free(json.tmp); | ||
|
||
return 1; | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,3 @@ | ||
message: | | ||
Improve the robustness of lua-cjson when handling unexpected input. | ||
type: dependency |
28ff0cb
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Bazel Build
Docker image available
kong/kong:28ff0cb9e1d75df2f7abd0dd2ffbdea56022e456
Artifacts available https://github.com/Kong/kong/actions/runs/8813553101