diff options
author | Johannes Rudolph <johannes.rudolph@gmail.com> | 2018-11-08 10:38:05 +0100 |
---|---|---|
committer | GitHub <noreply@github.com> | 2018-11-08 10:38:05 +0100 |
commit | b2f485e695f8ba2789089f20d48554bb80c77396 (patch) | |
tree | 42dbd2c37a172f9534b33a04fbef589dfa5ea886 /src/main/scala/spray/json/JsonParser.scala | |
parent | d56d7f42134ffdc3266188c4a459780b699d8056 (diff) | |
parent | a8c45e7abb575705e5538c00d1113688197e1849 (diff) | |
download | spray-json-b2f485e695f8ba2789089f20d48554bb80c77396.tar.gz spray-json-b2f485e695f8ba2789089f20d48554bb80c77396.tar.bz2 spray-json-b2f485e695f8ba2789089f20d48554bb80c77396.zip |
Merge pull request #283 from jrudolph/limit-size-of-numbers
CVE-2018-18853 Limit the number of characters for numbers in the parser, fixes #278
Diffstat (limited to 'src/main/scala/spray/json/JsonParser.scala')
-rw-r--r-- | src/main/scala/spray/json/JsonParser.scala | 12 |
1 files changed, 11 insertions, 1 deletions
diff --git a/src/main/scala/spray/json/JsonParser.scala b/src/main/scala/spray/json/JsonParser.scala index 4a723b5..3efdac8 100644 --- a/src/main/scala/spray/json/JsonParser.scala +++ b/src/main/scala/spray/json/JsonParser.scala @@ -135,9 +135,19 @@ class JsonParser(input: ParserInput, settings: JsonParserSettings = JsonParserSe `int`() `frac`() `exp`() + val numberLength = input.cursor - start + jsValue = if (startChar == '0' && input.cursor - start == 1) JsNumber.zero - else JsNumber(input.sliceCharArray(start, input.cursor)) + else if (numberLength <= settings.maxNumberCharacters) JsNumber(input.sliceCharArray(start, input.cursor)) + else { + val numberSnippet = new String(input.sliceCharArray(start, math.min(input.cursor, start + 20))) + throw new ParsingException("Number too long", + s"The number starting with '$numberSnippet' had " + + s"$numberLength characters which is more than the allowed limit maxNumberCharacters = ${settings.maxNumberCharacters}. If this is legit input " + + s"consider increasing the limit." + ) + } ws() } |