43 lines
1.6 KiB
Diff
43 lines
1.6 KiB
Diff
|
From 8781560e1bf30e2b7fa564865d138f663bbfa125 Mon Sep 17 00:00:00 2001
|
||
|
|
From: "Todd C. Miller" <Todd.Miller@sudo.ws>
|
||
|
|
Date: Fri, 29 Jan 2021 09:23:51 -0700
|
||
|
|
Subject: [PATCH] In json_stack_push() treat stack exhaustion like memory
|
||
|
|
allocation failure. Return NULL instead of treating as a fatal error. This
|
||
|
|
should make life a little easier for oss-fuzz.
|
||
|
|
|
||
|
|
---
|
||
|
|
lib/iolog/iolog_json.c | 10 +++++++---
|
||
|
|
1 file changed, 7 insertions(+), 3 deletions(-)
|
||
|
|
|
||
|
|
diff --git a/lib/iolog/iolog_json.c b/lib/iolog/iolog_json.c
|
||
|
|
index 684f938..9c7754f 100644
|
||
|
|
--- a/lib/iolog/iolog_json.c
|
||
|
|
+++ b/lib/iolog/iolog_json.c
|
||
|
|
@@ -548,6 +548,12 @@ json_stack_push(struct json_stack *stack, struct json_item_list *items,
|
||
|
|
struct json_item *item;
|
||
|
|
debug_decl(iolog_parse_loginfo_json, SUDO_DEBUG_UTIL);
|
||
|
|
|
||
|
|
+ /* We limit the stack size rather than expanding it. */
|
||
|
|
+ if (stack->depth >= stack->maxdepth) {
|
||
|
|
+ sudo_warnx(U_("json stack exhausted (max %u frames)"), stack->maxdepth);
|
||
|
|
+ debug_return_ptr(NULL);
|
||
|
|
+ }
|
||
|
|
+
|
||
|
|
/* Allocate a new item and insert it into the list. */
|
||
|
|
if ((item = new_json_item(type, name, lineno)) == NULL)
|
||
|
|
debug_return_ptr(NULL);
|
||
|
|
@@ -555,9 +561,7 @@ json_stack_push(struct json_stack *stack, struct json_item_list *items,
|
||
|
|
item->u.child.parent = item;
|
||
|
|
TAILQ_INSERT_TAIL(items, item, entries);
|
||
|
|
|
||
|
|
- /* Push the current frame onto the stack. */
|
||
|
|
- if (stack->depth == stack->maxdepth)
|
||
|
|
- sudo_fatalx(U_("internal error, %s overflow"), __func__);
|
||
|
|
+ /* Push the current frame onto the stack (depth check performed above). */
|
||
|
|
stack->frames[stack->depth++] = frame;
|
||
|
|
|
||
|
|
/* Return the new frame */
|
||
|
|
--
|
||
|
|
1.8.3.1
|
||
|
|
|