diff options
| author | Yann Ylavic <ylavic@apache.org> | 2018-07-16 10:45:39 +0000 |
|---|---|---|
| committer | Yann Ylavic <ylavic@apache.org> | 2018-07-16 10:45:39 +0000 |
| commit | 1fda70d6a930a371d79f5879cc7c28e27c64c7a1 (patch) | |
| tree | d8e43db1a8d641a59c280f3d1f8cdbe3db3fcedd /json | |
| parent | 29b7269db5ba57d59421f2c55371626aa2861553 (diff) | |
| download | apr-1fda70d6a930a371d79f5879cc7c28e27c64c7a1.tar.gz | |
apr_json: strengthen decoding of float and object key.
A float number can't start with a dot, and an object key is a string so we
can avoid parsing any type before failing.
git-svn-id: https://svn.apache.org/repos/asf/apr/apr/trunk@1836017 13f79535-47bb-0310-9956-ffa450edef68
Diffstat (limited to 'json')
| -rw-r--r-- | json/apr_json_decode.c | 35 |
1 files changed, 22 insertions, 13 deletions
diff --git a/json/apr_json_decode.c b/json/apr_json_decode.c index 940497a71..0e0fa4d3d 100644 --- a/json/apr_json_decode.c +++ b/json/apr_json_decode.c @@ -34,7 +34,10 @@ typedef struct apr_json_scanner_t { int level; } apr_json_scanner_t; -static apr_status_t apr_json_decode_value(apr_json_scanner_t * self, apr_json_value_t ** retval); +static apr_status_t apr_json_decode_space(apr_json_scanner_t * self, + const char **space); +static apr_status_t apr_json_decode_value(apr_json_scanner_t * self, + apr_json_value_t ** retval); /* stolen from mod_mime_magic.c :) */ /* Single hex char to int; -1 if not a hex char. */ @@ -468,19 +471,30 @@ static apr_status_t apr_json_decode_object(apr_json_scanner_t * self, break; } - if ((status = apr_json_decode_value(self, &key))) + key = apr_json_value_create(self->pool); + if ((status = apr_json_decode_space(self, &key->pre))) goto out; - if (key->type != APR_JSON_STRING) { + if (self->p == self->e) { + status = APR_EOF; + goto out; + } + if (*self->p != '"') { status = APR_BADCH; goto out; } + key->type = APR_JSON_STRING; + if ((status = apr_json_decode_string(self, &key->value.string))) + goto out; + + if ((status = apr_json_decode_space(self, &key->post))) + goto out; + if (self->p == self->e) { status = APR_EOF; goto out; } - if (*self->p != ':') { status = APR_BADCH; goto out; @@ -553,13 +567,6 @@ static apr_status_t apr_json_decode_number(apr_json_scanner_t * self, apr_json_v return APR_EOF; c = *(unsigned char *)p; } - if (c == '.') { - p++; - if (p >= e) - return APR_EOF; - c = *(unsigned char *)p; - treat_as_float = 1; - } if (!isdigit(c)) { status = APR_BADCH; goto out; @@ -771,8 +778,10 @@ static apr_status_t apr_json_decode_value(apr_json_scanner_t * self, apr_json_va } if (status == APR_SUCCESS) { - *retval = apr_json_value_create(self->pool); - **retval = value; + *retval = apr_pmemdup(self->pool, &value, sizeof(value)); + } + else { + *retval = NULL; } return status; } |