Squashed 'src/univalue/' changes from 5a58a46671..98261b1e7b

98261b1e7b Merge #22: Clamp JSON object depth to PHP limit 54c4015415 Clamp JSON object depth to PHP limit git-subtree-dir: src/univalue git-subtree-split: 98261b1e7be4ce9820e25c8ce37d40cdef19ab20
2025-11-11 22:50:59 +01:00 · 2020-02-09 07:43:12 -08:00
parent fa0b3da36c
commit 97aa5740c0
5 changed files with 17 additions and 0 deletions
--- a/lib/univalue_read.cpp
+++ b/lib/univalue_read.cpp
@@ -8,6 +8,14 @@
 #include "univalue.h"
 #include "univalue_utffilter.h"

+/*
+ * According to stackexchange, the original json test suite wanted
+ * to limit depth to 22.  Widely-deployed PHP bails at depth 512,
+ * so we will follow PHP's lead, which should be more than sufficient
+ * (further stackexchange comments indicate depth > 32 rarely occurs).
+ */
+static const size_t MAX_JSON_DEPTH = 512;
+
 static bool json_isdigit(int ch)
 {
    return ((ch >= '0') && (ch <= '9'));
@@ -323,6 +331,9 @@ bool UniValue::read(const char *raw, size_t size)
                stack.push_back(newTop);
            }

+            if (stack.size() > MAX_JSON_DEPTH)
+                return false;
+
            if (utyp == VOBJ)
                setExpect(OBJ_NAME);
            else