Wireshark-commits: [Wireshark-commits] master 6b28772: Strengthen the JSON validator.
From: Wireshark code review <code-review-do-not-reply@xxxxxxxxxxxxx>
Date: Tue, 03 Sep 2019 02:25:49 +0000
URL: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=6b28772660ce673e1c9a30dbcea6a06bdcd2a3c7
Submitter: "Guy Harris <guy@xxxxxxxxxxxx>"
Changed: branch: master
Repository: wireshark

Commits:

6b28772 by Guy Harris (guy@xxxxxxxxxxxx):

    Strengthen the JSON validator.
    
    jsmn_parse() is handed a buffer and a count of octets in the buffer; it
    treats either running out of octets, as specified by the count, *OR*
    seeing a NUL as meaning "end of JSON string".
    
    That means that a buffer, of arbitrary size, the first octet of which is
    zero is a null string and considered valid JSON.
    
    That is clearly bogus; it messes up both tests for JSON files *and*,
    potentially, heuristic checks for JSON in packet payloads.
    
    Bug: 16031
    Change-Id: I5ee78b613df3358f19787f2ce28ddc883368f03d
    Reviewed-on: https://code.wireshark.org/review/34438
    Petri-Dish: Guy Harris <guy@xxxxxxxxxxxx>
    Tested-by: Petri Dish Buildbot
    Reviewed-by: Guy Harris <guy@xxxxxxxxxxxx>
    

Actions performed:

    from  66b868d   Strengthen the PacketLogger heuristics.
     add  6b28772   Strengthen the JSON validator.


Summary of changes:
 wsutil/wsjson.c | 12 ++++++++++++
 1 file changed, 12 insertions(+)