From 6fa17e759737e3225c6cc4ba830b921428c50781 Mon Sep 17 00:00:00 2001 From: Jon Skeet Date: Thu, 5 Nov 2015 19:44:26 +0000 Subject: Reimplement JSON recursion by detecting the depth in the tokenizer. Added a TODO around a possible change to the tokenizer API, changing PushBack(token) into just Rewind() or something similar. --- csharp/src/Google.Protobuf/InvalidProtocolBufferException.cs | 7 +++++++ 1 file changed, 7 insertions(+) (limited to 'csharp/src/Google.Protobuf/InvalidProtocolBufferException.cs') diff --git a/csharp/src/Google.Protobuf/InvalidProtocolBufferException.cs b/csharp/src/Google.Protobuf/InvalidProtocolBufferException.cs index 01d55395..cacda648 100644 --- a/csharp/src/Google.Protobuf/InvalidProtocolBufferException.cs +++ b/csharp/src/Google.Protobuf/InvalidProtocolBufferException.cs @@ -95,6 +95,13 @@ namespace Google.Protobuf "Use CodedInputStream.SetRecursionLimit() to increase the depth limit."); } + internal static InvalidProtocolBufferException JsonRecursionLimitExceeded() + { + return new InvalidProtocolBufferException( + "Protocol message had too many levels of nesting. May be malicious. " + + "Use JsonParser.Settings to increase the depth limit."); + } + internal static InvalidProtocolBufferException SizeLimitExceeded() { return new InvalidProtocolBufferException( -- cgit v1.2.3 From 1a34ac03bed31434caa110acc25537d871966f9d Mon Sep 17 00:00:00 2001 From: Jon Skeet Date: Fri, 15 Jan 2016 10:43:06 +0000 Subject: Throw a better exception when invalid base64 is detected in JSON --- csharp/src/Google.Protobuf.Test/JsonParserTest.cs | 9 +++++++++ csharp/src/Google.Protobuf/InvalidProtocolBufferException.cs | 11 +++++++++++ csharp/src/Google.Protobuf/JsonParser.cs | 9 ++++++++- 3 files changed, 28 insertions(+), 1 deletion(-) (limited to 'csharp/src/Google.Protobuf/InvalidProtocolBufferException.cs') diff --git a/csharp/src/Google.Protobuf.Test/JsonParserTest.cs b/csharp/src/Google.Protobuf.Test/JsonParserTest.cs index b8fe67f8..b12fe895 100644 --- a/csharp/src/Google.Protobuf.Test/JsonParserTest.cs +++ b/csharp/src/Google.Protobuf.Test/JsonParserTest.cs @@ -821,6 +821,15 @@ namespace Google.Protobuf Assert.Throws(() => parser63.Parse(data64)); } + [Test] + [TestCase("AQI")] + [TestCase("_-==")] + public void Bytes_InvalidBase64(string badBase64) + { + string json = "{ \"singleBytes\": \"" + badBase64 + "\" }"; + Assert.Throws(() => TestAllTypes.Parser.ParseJson(json)); + } + [Test] [TestCase("\"FOREIGN_BAR\"")] [TestCase("5")] diff --git a/csharp/src/Google.Protobuf/InvalidProtocolBufferException.cs b/csharp/src/Google.Protobuf/InvalidProtocolBufferException.cs index cacda648..eeb0f13a 100644 --- a/csharp/src/Google.Protobuf/InvalidProtocolBufferException.cs +++ b/csharp/src/Google.Protobuf/InvalidProtocolBufferException.cs @@ -30,6 +30,7 @@ // OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. #endregion +using System; using System.IO; namespace Google.Protobuf @@ -45,6 +46,11 @@ namespace Google.Protobuf { } + internal InvalidProtocolBufferException(string message, Exception innerException) + : base(message, innerException) + { + } + internal static InvalidProtocolBufferException MoreDataAvailable() { return new InvalidProtocolBufferException( @@ -82,6 +88,11 @@ namespace Google.Protobuf "Protocol message contained an invalid tag (zero)."); } + internal static InvalidProtocolBufferException InvalidBase64(Exception innerException) + { + return new InvalidProtocolBufferException("Invalid base64 data", innerException); + } + internal static InvalidProtocolBufferException InvalidEndTag() { return new InvalidProtocolBufferException( diff --git a/csharp/src/Google.Protobuf/JsonParser.cs b/csharp/src/Google.Protobuf/JsonParser.cs index 25afd0f2..10b05362 100644 --- a/csharp/src/Google.Protobuf/JsonParser.cs +++ b/csharp/src/Google.Protobuf/JsonParser.cs @@ -647,7 +647,14 @@ namespace Google.Protobuf case FieldType.String: return text; case FieldType.Bytes: - return ByteString.FromBase64(text); + try + { + return ByteString.FromBase64(text); + } + catch (FormatException e) + { + throw InvalidProtocolBufferException.InvalidBase64(e); + } case FieldType.Int32: case FieldType.SInt32: case FieldType.SFixed32: -- cgit v1.2.3