CVE-2018-18855 Fix uncontrolled recursion in the JsonParser by imposing a configurable limit on the depth, fixes #286

1 files changed, 18 insertions, 1 deletions

diff --git a/src/main/scala/spray/json/JsonParserSettings.scala b/src/main/scala/spray/json/JsonParserSettings.scala
index 31692fd..d07075e 100644
--- a/src/main/scala/spray/json/JsonParserSettings.scala
+++ b/src/main/scala/spray/json/JsonParserSettings.scala
@@ -1,10 +1,27 @@
 package spray.json
 
 trait JsonParserSettings {
+  /**
+   * The JsonParser uses recursive decent parsing that keeps intermediate values on the stack. To prevent
+   * StackOverflowExceptions a limit is enforced on the depth of the parsed JSON structure.
+   *
+   * As a guideline we tested that one level of depth needs about 300 bytes of stack space.
+   *
+   * The default is a depth of 1000.
+   */
+  def maxDepth: Int
 
+  /**
+   * Return a copy of this settings object with the `maxDepth` setting changed to the new value.
+   */
+  def withMaxDepth(newValue: Int): JsonParserSettings
 }
 object JsonParserSettings {
   val default: JsonParserSettings = SettingsImpl()
 
-  private case class SettingsImpl() extends JsonParserSettings
+  private case class SettingsImpl(
+    maxDepth: Int = 1000
+  ) extends JsonParserSettings {
+    override def withMaxDepth(newValue: Int): JsonParserSettings = copy(maxDepth = newValue)
+  }
 }
\ No newline at end of file