json: Configure rapidjson to use iterative parsing (#5893)

2024-11-06 17:45:22 +00:00 · 2019-10-19 15:25:21 -04:00 · 2019-10-19 15:25:21 -04:00 · 15d522f447
commit 15d522f447
parent 0bf2245396
2 changed files with 21 additions and 0 deletions
--- a/osquery/utils/json/json.h
+++ b/osquery/utils/json/json.h
@ -19,6 +19,14 @@
 #pragma warning(disable : 4715)
 #endif

+/**
+ * This protects parsing from overflowing the stack.
+ * See http://rapidjson.org/md_doc_features.html for more details.
+ *
+ * This must be defined before including RapidJSON headers.
+ */
+#define RAPIDJSON_PARSE_DEFAULT_FLAGS (kParseIterativeFlag)
+
 #include <rapidjson/document.h>
 #include <rapidjson/error/en.h>
 #include <rapidjson/stringbuffer.h>
--- a/osquery/utils/json/tests/json.cpp
+++ b/osquery/utils/json/tests/json.cpp
@ -228,4 +228,17 @@ TEST_F(ConversionsTests, test_json_bool_like) {
  EXPECT_FALSE(JSON::valueToBool(doc.doc()["false6"]));
 }

+/*
+ * By default, rapidjson will use recursive parsing without stack guards,
+ * which would result in a segfault for this test. To guard against
+ * malicious json, we should be configured to use iterative mode.
+ * https://github.com/Tencent/rapidjson/issues/632
+ */
+TEST_F(ConversionsTests, test_iterativeparsing) {
+  std::string json(543210, '[');
+  auto doc = JSON::newObject();
+
+  EXPECT_FALSE(doc.fromString(json).ok());
+}
+
 } // namespace osquery