From 8781560e1bf30e2b7fa564865d138f663bbfa125 Mon Sep 17 00:00:00 2001 From: "Todd C. Miller" Date: Fri, 29 Jan 2021 09:23:51 -0700 Subject: [PATCH] In json_stack_push() treat stack exhaustion like memory allocation failure. Return NULL instead of treating as a fatal error. This should make life a little easier for oss-fuzz. --- lib/iolog/iolog_json.c | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) diff --git a/lib/iolog/iolog_json.c b/lib/iolog/iolog_json.c index 684f938..9c7754f 100644 --- a/lib/iolog/iolog_json.c +++ b/lib/iolog/iolog_json.c @@ -548,6 +548,12 @@ json_stack_push(struct json_stack *stack, struct json_item_list *items, struct json_item *item; debug_decl(iolog_parse_loginfo_json, SUDO_DEBUG_UTIL); + /* We limit the stack size rather than expanding it. */ + if (stack->depth >= stack->maxdepth) { + sudo_warnx(U_("json stack exhausted (max %u frames)"), stack->maxdepth); + debug_return_ptr(NULL); + } + /* Allocate a new item and insert it into the list. */ if ((item = new_json_item(type, name, lineno)) == NULL) debug_return_ptr(NULL); @@ -555,9 +561,7 @@ json_stack_push(struct json_stack *stack, struct json_item_list *items, item->u.child.parent = item; TAILQ_INSERT_TAIL(items, item, entries); - /* Push the current frame onto the stack. */ - if (stack->depth == stack->maxdepth) - sudo_fatalx(U_("internal error, %s overflow"), __func__); + /* Push the current frame onto the stack (depth check performed above). */ stack->frames[stack->depth++] = frame; /* Return the new frame */ -- 1.8.3.1