84 строки
3.2 KiB
Diff
84 строки
3.2 KiB
Diff
Backported from protobuf upstream:
|
|
https://go-review.googlesource.com/c/protobuf/+/569356
|
|
|
|
Modified to apply to vendored code by: corvus-callidus <108946721+corvus-callidus@users.noreply.github.com>
|
|
- Adjusted paths
|
|
- Removed references to protobuf/encoding/protojson/decode_test.go and
|
|
protobuf/internal/encoding/json/decode_test.go which are not present in the vendored code
|
|
- Modified json.EOF check to apply to our older version of skipJSONValue
|
|
|
|
|
|
From f01a588e5810b90996452eec4a28f22a0afae023 Mon Sep 17 00:00:00 2001
|
|
From: Damien Neil <dneil@google.com>
|
|
Date: Tue, 05 Mar 2024 08:54:24 -0800
|
|
Subject: [PATCH] encoding/protojson, internal/encoding/json: handle missing object values
|
|
|
|
In internal/encoding/json, report an error when encountering a }
|
|
when we are expecting an object field value. For example, the input
|
|
`{"":}` now correctly results in an error at the closing } token.
|
|
|
|
In encoding/protojson, check for an unexpected EOF token in
|
|
skipJSONValue. This is redundant with the check in internal/encoding/json,
|
|
but adds a bit more defense against any other similar bugs that
|
|
might exist.
|
|
|
|
Fixes CVE-2024-24786
|
|
|
|
Change-Id: I03d52512acb5091c8549e31ca74541d57e56c99d
|
|
Reviewed-on: https://go-review.googlesource.com/c/protobuf/+/569356
|
|
TryBot-Bypass: Damien Neil <dneil@google.com>
|
|
Reviewed-by: Roland Shoemaker <roland@golang.org>
|
|
Commit-Queue: Damien Neil <dneil@google.com>
|
|
---
|
|
|
|
diff --git a/vendor/google.golang.org/protobuf/encoding/protojson/well_known_types.go b/vendor/google.golang.org/protobuf/encoding/protojson/well_known_types.go
|
|
index 25329b7..4b177c8 100644
|
|
--- a/vendor/google.golang.org/protobuf/encoding/protojson/well_known_types.go
|
|
+++ b/vendor/google.golang.org/protobuf/encoding/protojson/well_known_types.go
|
|
@@ -328,6 +328,10 @@ func (d decoder) skipJSONValue() error {
|
|
if err := d.skipJSONValue(); err != nil {
|
|
return err
|
|
}
|
|
+ case json.EOF:
|
|
+ // This can only happen if there's a bug in Decoder.Read.
|
|
+ // Avoid an infinite loop if this does happen.
|
|
+ return errors.New("unexpected EOF")
|
|
}
|
|
}
|
|
|
|
@@ -341,6 +345,10 @@ func (d decoder) skipJSONValue() error {
|
|
case json.ArrayClose:
|
|
d.Read()
|
|
return nil
|
|
+ case json.EOF:
|
|
+ // This can only happen if there's a bug in Decoder.Read.
|
|
+ // Avoid an infinite loop if this does happen.
|
|
+ return errors.New("unexpected EOF")
|
|
default:
|
|
// Skip array item.
|
|
if err := d.skipJSONValue(); err != nil {
|
|
@@ -348,6 +356,10 @@ func (d decoder) skipJSONValue() error {
|
|
}
|
|
}
|
|
}
|
|
+ case json.EOF:
|
|
+ // This can only happen if there's a bug in Decoder.Read.
|
|
+ // Avoid an infinite loop if this does happen.
|
|
+ return errors.New("unexpected EOF")
|
|
}
|
|
return nil
|
|
}
|
|
diff --git a/vendor/google.golang.org/protobuf/internal/encoding/json/decode.go b/vendor/google.golang.org/protobuf/internal/encoding/json/decode.go
|
|
index d043a6e..d2b3ac0 100644
|
|
--- a/vendor/google.golang.org/protobuf/internal/encoding/json/decode.go
|
|
+++ b/vendor/google.golang.org/protobuf/internal/encoding/json/decode.go
|
|
@@ -121,7 +121,7 @@
|
|
|
|
case ObjectClose:
|
|
if len(d.openStack) == 0 ||
|
|
- d.lastToken.kind == comma ||
|
|
+ d.lastToken.kind&(Name|comma) != 0 ||
|
|
d.openStack[len(d.openStack)-1] != ObjectOpen {
|
|
return Token{}, d.newSyntaxError(tok.pos, unexpectedFmt, tok.RawString())
|
|
}
|