diff options
| author | Graham Leggett <minfrin@apache.org> | 2018-09-02 22:30:43 +0000 |
|---|---|---|
| committer | Graham Leggett <minfrin@apache.org> | 2018-09-02 22:30:43 +0000 |
| commit | b372e142adb3ca2f67f432b549c2b5af141ead9d (patch) | |
| tree | 8a217987822ac0707139152b76b029d4511128b6 /jose | |
| parent | cd6d71ec1cd0559de0d476e7f64361d4e4cd9782 (diff) | |
| download | apr-b372e142adb3ca2f67f432b549c2b5af141ead9d.tar.gz | |
Perform nesting level checks before each invocation of apr_jose_decode()
(when a jose structure has been created to carry the error message).
git-svn-id: https://svn.apache.org/repos/asf/apr/apr/trunk@1839897 13f79535-47bb-0310-9956-ffa450edef68
Diffstat (limited to 'jose')
| -rw-r--r-- | jose/apr_jose_decode.c | 35 |
1 files changed, 35 insertions, 0 deletions
diff --git a/jose/apr_jose_decode.c b/jose/apr_jose_decode.c index defe06a34..7c1a90125 100644 --- a/jose/apr_jose_decode.c +++ b/jose/apr_jose_decode.c @@ -796,6 +796,13 @@ apr_status_t apr_jose_decode_compact(apr_jose_t **jose, const char *typ, } else { + if (level <= 0) { + apr_errprintf(&(*jose)->result, pool, NULL, 0, + "Syntax error: too many nested JOSE payloads"); + return APR_EINVAL; + } + level--; + status = apr_jose_decode( flags & APR_JOSE_FLAG_DECODE_ALL ? &(*jose)->jose.jws->payload : jose, typ, bb, cb, @@ -1005,6 +1012,13 @@ apr_status_t apr_jose_decode_json_jws(apr_jose_t **jose, apr_json_value_t *val, bb->bucket_alloc); APR_BRIGADE_INSERT_TAIL(bb, e); + if (level <= 0) { + apr_errprintf(&(*jose)->result, pool, NULL, 0, + "Syntax error: too many nested JOSE payloads"); + return APR_EINVAL; + } + level--; + status = apr_jose_decode( flags & APR_JOSE_FLAG_DECODE_ALL ? &(*jose)->jose.jwe->payload : jose, typ, @@ -1144,6 +1158,13 @@ apr_status_t apr_jose_decode_json_jws(apr_jose_t **jose, apr_json_value_t *val, bb->bucket_alloc); APR_BRIGADE_INSERT_TAIL(bb, e); + if (level <= 0) { + apr_errprintf(&(*jose)->result, pool, NULL, 0, + "Syntax error: too many nested JOSE payloads"); + return APR_EINVAL; + } + level--; + return apr_jose_decode( flags & APR_JOSE_FLAG_DECODE_ALL ? &(*jose)->jose.jws->payload : jose, typ, bb, cb, @@ -1442,6 +1463,13 @@ apr_status_t apr_jose_decode_json_jwe(apr_jose_t **jose, apr_json_value_t *val, if (decrypt == 1) { + if (level <= 0) { + apr_errprintf(&(*jose)->result, pool, NULL, 0, + "Syntax error: too many nested JOSE payloads"); + return APR_EINVAL; + } + level--; + status = apr_jose_decode( flags & APR_JOSE_FLAG_DECODE_ALL ? &(*jose)->jose.jwe->payload : jose, typ, @@ -1518,6 +1546,13 @@ apr_status_t apr_jose_decode_json_jwe(apr_jose_t **jose, apr_json_value_t *val, if (APR_SUCCESS == status) { + if (level <= 0) { + apr_errprintf(&(*jose)->result, pool, NULL, 0, + "Syntax error: too many nested JOSE payloads"); + return APR_EINVAL; + } + level--; + return apr_jose_decode( flags & APR_JOSE_FLAG_DECODE_ALL ? &(*jose)->jose.jwe->payload : jose, typ, bb, |