ObjFW  Check-in [c0d8a3426c]

Overview
Comment:Add depth limit for MessagePack
Downloads: Tarball | ZIP archive | SQL archive
Timelines: family | ancestors | descendants | both | trunk
Files: files | file ages | folders
SHA3-256: c0d8a3426cce307995c0b17bd6a8c2e93a20944349c7e20bb195891e96219fd1
User & Date: js on 2017-05-13 23:27:40
Other Links: manifest | tags
Context
2017-05-14
00:11
Small optimization for objc_storeStrong() check-in: 9d12f9759f user: js tags: trunk
2017-05-13
23:27
Add depth limit for MessagePack check-in: c0d8a3426c user: js tags: trunk
22:38
Reduce retain + autorelease check-in: 504e13cf00 user: js tags: trunk
Changes
Hide Diffs Side-by-Side Diffs Ignore Whitespace Patch

Modified src/OFDataArray+MessagePackValue.h from [87bd9c3480] to [19398bebc1]. 

29
30
31
32
33
34
35









36
37
38

29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47








+
+
+
+
+
+
+
+
+




@interface OFDataArray (MessagePackValue)
/*!
 * @brief Parses the MessagePack representation and returns it as an object.
 *
 * @return The MessagePack representation as an object
 */
- (id)messagePackValue;

/*!
 * @brief Parses the MessagePack representation and returns it as an object.
 *
 * @param depthLimit The maximum depth the parser should accept (defaults to 32
 *		     if not specified, 0 means no limit (insecure!))
 * @return The MessagePack representation as an object
 */
- (id)messagePackValueWithDepthLimit: (size_t)depthLimit;
@end

OF_ASSUME_NONNULL_END

Modified src/OFDataArray+MessagePackValue.m from [d21c98d61f] to [c085900a12]. 

25
26
27
28
29
30
31
32


33
34
35
36
37
38
39

25
26
27
28
29
30
31

32
33
34
35
36
37
38
39
40








-
+
+








#import "OFDictionary.h"
#import "OFMessagePackExtension.h"

#import "OFInvalidFormatException.h"

int _OFDataArray_MessagePackValue_reference;

static size_t parseObject(const uint8_t *, size_t, id *);
static size_t parseObject(const uint8_t *buffer, size_t length, id *object,
    size_t depthLimit);

static uint16_t
readUInt16(const uint8_t *buffer)
{
	return ((uint16_t)buffer[0] << 8) | buffer[1];
}


50
51
52
53
54
55
56
57


58
59
60





61
62
63
64
65
66
67
68
69
70
71
72
73
74
75


76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93


94
95
96





97
98
99
100
101
102
103
104
105
106
107
108
109
110
111


112
113
114
115
116
117
118
119
120


121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139


140
141
142
143
144
145
146

51
52
53
54
55
56
57

58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81

82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100

101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124

125
126
127
128
129
130
131
132
133
134

135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154

155
156
157
158
159
160
161
162
163








-
+
+



+
+
+
+
+














-
+
+

















-
+
+



+
+
+
+
+














-
+
+








-
+
+


















-
+
+








	return ((uint64_t)buffer[0] << 56) | ((uint64_t)buffer[1] << 48) |
	    ((uint64_t)buffer[2] << 40) | ((uint64_t)buffer[3] << 32) |
	    ((uint64_t)buffer[4] << 24) | ((uint64_t)buffer[5] << 16) |
	    ((uint64_t)buffer[6] << 8) | buffer[7];
}

static size_t
parseArray(const uint8_t *buffer, size_t length, id *object, size_t count)
parseArray(const uint8_t *buffer, size_t length, id *object, size_t count,
    size_t depthLimit)
{
	void *pool;
	size_t pos = 0;

	if (--depthLimit == 0) {
		*object = nil;
		return 0;
	}

	/*
	 * Don't use capacity! For data and strings, this is safe, as we can
	 * check if we still have enough bytes left. For an array however, we
	 * can't know this, as every child can be more than one byte.
	 */
	*object = [OFMutableArray array];

	for (size_t i = 0; i < count; i++) {
		id child;
		size_t childLength;

		pool = objc_autoreleasePoolPush();

		childLength = parseObject(buffer + pos, length - pos, &child);
		childLength = parseObject(buffer + pos, length - pos, &child,
		    depthLimit);
		if (childLength == 0 || child == nil) {
			objc_autoreleasePoolPop(pool);

			*object = nil;
			return 0;
		}
		pos += childLength;

		[*object addObject: child];

		objc_autoreleasePoolPop(pool);
	}

	return pos;
}

static size_t
parseTable(const uint8_t *buffer, size_t length, id *object, size_t count)
parseTable(const uint8_t *buffer, size_t length, id *object, size_t count,
    size_t depthLimit)
{
	void *pool;
	size_t pos = 0;

	if (--depthLimit == 0) {
		*object = nil;
		return 0;
	}

	/*
	 * Don't use capacity! For data and strings, this is safe, as we can
	 * check if we still have enough bytes left. For a dictionary however,
	 * we can't know this, as every key / value can be more than one byte.
	 */
	*object = [OFMutableDictionary dictionary];

	for (size_t i = 0; i < count; i++) {
		id key, value;
		size_t keyLength, valueLength;

		pool = objc_autoreleasePoolPush();

		keyLength = parseObject(buffer + pos, length - pos, &key);
		keyLength = parseObject(buffer + pos, length - pos, &key,
		    depthLimit);
		if (keyLength == 0 || key == nil) {
			objc_autoreleasePoolPop(pool);

			*object = nil;
			return 0;
		}
		pos += keyLength;

		valueLength = parseObject(buffer + pos, length - pos, &value);
		valueLength = parseObject(buffer + pos, length - pos, &value,
		    depthLimit);
		if (valueLength == 0 || value == nil) {
			objc_autoreleasePoolPop(pool);

			*object = nil;
			return 0;
		}
		pos += valueLength;

		[*object setObject: value
			    forKey: key];

		objc_autoreleasePoolPop(pool);
	}

	return pos;
}

static size_t
parseObject(const uint8_t *buffer, size_t length, id *object)
parseObject(const uint8_t *buffer, size_t length, id *object,
    size_t depthLimit)
{
	size_t count;
	int8_t type;
	OFDataArray *data;

	if (length < 1)
		goto error;

169
170
171
172
173
174
175
176

177
178
179
180
181

182
183
184
185
186
187
188

186
187
188
189
190
191
192

193
194
195
196
197

198
199
200
201
202
203
204
205








-
+




-
+








				  length: count];
		return count + 1;
	}

	/* fixarray */
	if ((buffer[0] & 0xF0) == 0x90)
		return parseArray(buffer + 1, length - 1, object,
		    buffer[0] & 0xF) + 1;
		    buffer[0] & 0xF, depthLimit) + 1;

	/* fixmap */
	if ((buffer[0] & 0xF0) == 0x80)
		return parseTable(buffer + 1, length - 1, object,
		    buffer[0] & 0xF) + 1;
		    buffer[0] & 0xF, depthLimit) + 1;

	/* Prefix byte */
	switch (*buffer) {
	/* Unsigned integers */
	case 0xCC: /* uint8 */
		if (length < 2)
			goto error;

423
424
425
426
427
428
429
430

431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449

450
451
452
453
454
455
456

440
441
442
443
444
445
446

447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465

466
467
468
469
470
471
472
473








-
+


















-
+








			    extensionWithType: type
					 data: data];
		} @finally {
			[data release];
		}

		return 4;
	case 0xD6: /* fixtext 4 */
	case 0xD6: /* fixext 4 */
		if (length < 6)
			goto error;

		type = buffer[1];

		data = [[OFDataArray alloc] initWithCapacity: 4];
		@try {
			[data addItems: buffer + 2
				 count: 4];

			*object = [OFMessagePackExtension
			    extensionWithType: type
					 data: data];
		} @finally {
			[data release];
		}

		return 6;
	case 0xD7: /* fixtext 8 */
	case 0xD7: /* fixext 8 */
		if (length < 10)
			goto error;

		type = buffer[1];

		data = [[OFDataArray alloc] initWithCapacity: 8];
		@try {

526
527
528
529
530
531
532
533

534
535
536
537
538
539

540
541
542
543
544
545
546

547
548
549
550
551
552

553
554
555
556
557
558
559
560
561
562






563
564
565
566

567
568
569




570
571
572

543
544
545
546
547
548
549

550
551
552
553
554
555

556
557
558
559
560
561
562

563
564
565
566
567
568

569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588

589
590
591
592
593
594
595
596
597
598
599








-
+





-
+






-
+





-
+










+
+
+
+
+
+



-
+



+
+
+
+




		return count + 5;
	/* Arrays */
	case 0xDC: /* array 16 */
		if (length < 3)
			goto error;

		return parseArray(buffer + 3, length - 3, object,
		    readUInt16(buffer + 1)) + 3;
		    readUInt16(buffer + 1), depthLimit) + 3;
	case 0xDD: /* array 32 */
		if (length < 5)
			goto error;

		return parseArray(buffer + 5, length - 5, object,
		    readUInt32(buffer + 1)) + 5;
		    readUInt32(buffer + 1), depthLimit) + 5;
	/* Maps */
	case 0xDE: /* map 16 */
		if (length < 3)
			goto error;

		return parseTable(buffer + 3, length - 3, object,
		    readUInt16(buffer + 1)) + 3;
		    readUInt16(buffer + 1), depthLimit) + 3;
	case 0xDF: /* map 32 */
		if (length < 5)
			goto error;

		return parseTable(buffer + 5, length - 5, object,
		    readUInt32(buffer + 1)) + 5;
		    readUInt32(buffer + 1), depthLimit) + 5;
	}

error:
	*object = nil;
	return 0;
}

@implementation OFDataArray (MessagePackValue)
- (id)messagePackValue
{
	return [self messagePackValueWithDepthLimit: 32];
}

- (id)messagePackValueWithDepthLimit: (size_t)depthLimit
{
	void *pool = objc_autoreleasePoolPush();
	size_t count = [self count];
	id object;

	if (parseObject([self items], count, &object) != count ||
	if (parseObject([self items], count, &object, depthLimit) != count ||
	    object == nil)
		@throw [OFInvalidFormatException exception];

	[object retain];

	objc_autoreleasePoolPop(pool);

	return object;
}
@end

Modified src/OFString+JSONValue.m from [a9f012805c] to [9ab88e7a0f]. 

30
31
32
33
34
35
36
37

38
39
40
41
42
43
44

30
31
32
33
34
35
36

37
38
39
40
41
42
43
44








-
+








#import "OFNull.h"

#import "OFInvalidJSONException.h"

int _OFString_JSONValue_reference;

static id nextObject(const char **pointer, const char *stop, size_t *line,
    size_t depth, size_t depthLimit);
    size_t depthLimit);

static void
skipWhitespaces(const char **pointer, const char *stop, size_t *line)
{
	while (*pointer < stop && (**pointer == ' ' || **pointer == '\t' ||
	    **pointer == '\r' || **pointer == '\n')) {
		if (**pointer == '\n')

386
387
388
389
390
391
392
393

394
395
396
397
398
399
400

401
402
403
404
405
406
407

386
387
388
389
390
391
392

393
394
395
396
397
398
399

400
401
402
403
404
405
406
407








-
+






-
+








	 * reach stop.
	 */
	return nil;
}

static inline OFMutableArray *
parseArray(const char **pointer, const char *stop, size_t *line,
    size_t depth, size_t depthLimit)
    size_t depthLimit)
{
	OFMutableArray *array = [OFMutableArray array];

	if (++(*pointer) >= stop)
		return nil;

	if (++depth > depthLimit)
	if (--depthLimit == 0)
		return nil;

	while (**pointer != ']') {
		id object;

		skipWhitespacesAndComments(pointer, stop, line);
		if (*pointer >= stop)

416
417
418
419
420
421
422
423

424
425
426
427
428
429
430

416
417
418
419
420
421
422

423
424
425
426
427
428
429
430








-
+









			if (*pointer >= stop || **pointer != ']')
				return nil;

			break;
		}

		object = nextObject(pointer, stop, line, depth, depthLimit);
		object = nextObject(pointer, stop, line, depthLimit);
		if (object == nil)
			return nil;

		[array addObject: object];

		skipWhitespacesAndComments(pointer, stop, line);
		if (*pointer >= stop)

443
444
445
446
447
448
449
450

451
452
453
454
455
456
457

458
459
460
461
462
463
464

443
444
445
446
447
448
449

450
451
452
453
454
455
456

457
458
459
460
461
462
463
464








-
+






-
+








	(*pointer)++;

	return array;
}

static inline OFMutableDictionary *
parseDictionary(const char **pointer, const char *stop, size_t *line,
    size_t depth, size_t depthLimit)
    size_t depthLimit)
{
	OFMutableDictionary *dictionary = [OFMutableDictionary dictionary];

	if (++(*pointer) >= stop)
		return nil;

	if (++depth > depthLimit)
	if (--depthLimit == 0)
		return nil;

	while (**pointer != '}') {
		id key, object;

		skipWhitespacesAndComments(pointer, stop, line);
		if (*pointer >= stop)

482
483
484
485
486
487
488
489

490
491
492
493
494
495
496
497
498
499
500
501

502
503
504
505
506
507
508

482
483
484
485
486
487
488

489

490
491
492
493
494
495
496
497
498
499

500
501
502
503
504
505
506
507








-
+
-










-
+








			return nil;

		if ((**pointer >= 'a' && **pointer <= 'z') ||
		    (**pointer >= 'A' && **pointer <= 'Z') ||
		    **pointer == '_' || **pointer == '$' || **pointer == '\\')
			key = parseIdentifier(pointer, stop);
		else
			key = nextObject(pointer, stop, line,
			key = nextObject(pointer, stop, line, depthLimit);
			    depth, depthLimit);

		if (key == nil)
			return nil;

		skipWhitespacesAndComments(pointer, stop, line);
		if (*pointer + 1 >= stop || **pointer != ':')
			return nil;

		(*pointer)++;

		object = nextObject(pointer, stop, line, depth, depthLimit);
		object = nextObject(pointer, stop, line, depthLimit);
		if (object == nil)
			return nil;

		[dictionary setObject: object
			       forKey: key];

		skipWhitespacesAndComments(pointer, stop, line);

571
572
573
574
575
576
577
578

579
580
581
582
583
584
585
586
587
588
589
590

591
592

593
594
595
596
597
598
599

570
571
572
573
574
575
576

577
578
579
580
581
582
583
584
585
586
587
588

589
590

591
592
593
594
595
596
597
598








-
+











-
+

-
+








	}

	return number;
}

static id
nextObject(const char **pointer, const char *stop, size_t *line,
    size_t depth, size_t depthLimit)
    size_t depthLimit)
{
	skipWhitespacesAndComments(pointer, stop, line);

	if (*pointer >= stop)
		return nil;

	switch (**pointer) {
	case '"':
	case '\'':
		return parseString(pointer, stop, line);
	case '[':
		return parseArray(pointer, stop, line, depth, depthLimit);
		return parseArray(pointer, stop, line, depthLimit);
	case '{':
		return parseDictionary(pointer, stop, line, depth, depthLimit);
		return parseDictionary(pointer, stop, line, depthLimit);
	case 't':
		if (*pointer + 3 >= stop)
			return nil;

		if (memcmp(*pointer, "true", 4) != 0)
			return nil;


650
651
652
653
654
655
656
657

658
659
660
661
662
663
664
665
666
667
668
669
670

649
650
651
652
653
654
655

656
657
658
659
660
661
662
663
664
665
666
667
668
669








-
+














{
	void *pool = objc_autoreleasePoolPush();
	const char *pointer = [self UTF8String];
	const char *stop = pointer + [self UTF8StringLength];
	id object;
	size_t line = 1;

	object = nextObject(&pointer, stop, &line, 0, depthLimit);
	object = nextObject(&pointer, stop, &line, depthLimit);
	skipWhitespacesAndComments(&pointer, stop, &line);

	if (pointer < stop || object == nil)
		@throw [OFInvalidJSONException exceptionWithString: self
							      line: line];

	[object retain];

	objc_autoreleasePoolPop(pool);

	return [object autorelease];
}
@end

Modified tests/OFJSONTests.m from [0d2731c6ad] to [e1f8244382]. 

64
65
66
67
68
69
70
























71
72
73
74

64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98








+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+





	    [@"{" JSONValue])
	EXPECT_EXCEPTION(@"-[JSONValue] #3", OFInvalidJSONException,
	    [@"]" JSONValue])
	EXPECT_EXCEPTION(@"-[JSONValue] #4", OFInvalidJSONException,
	    [@"bar" JSONValue])
	EXPECT_EXCEPTION(@"-[JSONValue] #5", OFInvalidJSONException,
	    [@"[\"a\" \"b\"]" JSONValue])

	TEST(@"-[JSONValue] #6",
	    [[@"[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[{}]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]"
	    JSONValue] isEqual: [OFArray arrayWithObject:
	    [OFArray arrayWithObject: [OFArray arrayWithObject:
	    [OFArray arrayWithObject: [OFArray arrayWithObject:
	    [OFArray arrayWithObject: [OFArray arrayWithObject:
	    [OFArray arrayWithObject: [OFArray arrayWithObject:
	    [OFArray arrayWithObject: [OFArray arrayWithObject:
	    [OFArray arrayWithObject: [OFArray arrayWithObject:
	    [OFArray arrayWithObject: [OFArray arrayWithObject:
	    [OFArray arrayWithObject: [OFArray arrayWithObject:
	    [OFArray arrayWithObject: [OFArray arrayWithObject:
	    [OFArray arrayWithObject: [OFArray arrayWithObject:
	    [OFArray arrayWithObject: [OFArray arrayWithObject:
	    [OFArray arrayWithObject: [OFArray arrayWithObject:
	    [OFArray arrayWithObject: [OFArray arrayWithObject:
	    [OFArray arrayWithObject: [OFArray arrayWithObject:
	    [OFArray arrayWithObject:
	    [OFDictionary dictionary]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]])

	EXPECT_EXCEPTION(@"-[JSONValue] #7", OFInvalidJSONException,
	    [@"[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[{}]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]"
	    JSONValue])

	[pool drain];
}
@end

Fossil 2.23 [47362306a7] 2023-11-01 18:56:47
This page was generated in about 0.018s