You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@apr.apache.org by mi...@apache.org on 2018/09/02 22:31:19 UTC
svn commit: r1839898 - /apr/apr-util/branches/1.7.x/jose/apr_jose_decode.c
Author: minfrin
Date: Sun Sep 2 22:31:19 2018
New Revision: 1839898
URL: http://svn.apache.org/viewvc?rev=1839898&view=rev
Log:
Backport r1839897
Perform nesting level checks before each invocation of apr_jose_decode()
(when a jose structure has been created to carry the error message).
Modified:
apr/apr-util/branches/1.7.x/jose/apr_jose_decode.c
Modified: apr/apr-util/branches/1.7.x/jose/apr_jose_decode.c
URL: http://svn.apache.org/viewvc/apr/apr-util/branches/1.7.x/jose/apr_jose_decode.c?rev=1839898&r1=1839897&r2=1839898&view=diff
==============================================================================
--- apr/apr-util/branches/1.7.x/jose/apr_jose_decode.c (original)
+++ apr/apr-util/branches/1.7.x/jose/apr_jose_decode.c Sun Sep 2 22:31:19 2018
@@ -796,6 +796,13 @@ apr_status_t apr_jose_decode_compact(apr
}
else {
+ if (level <= 0) {
+ apr_errprintf(&(*jose)->result, pool, NULL, 0,
+ "Syntax error: too many nested JOSE payloads");
+ return APR_EINVAL;
+ }
+ level--;
+
status = apr_jose_decode(
flags & APR_JOSE_FLAG_DECODE_ALL ?
&(*jose)->jose.jws->payload : jose, typ, bb, cb,
@@ -1005,6 +1012,13 @@ apr_status_t apr_jose_decode_json_jws(ap
bb->bucket_alloc);
APR_BRIGADE_INSERT_TAIL(bb, e);
+ if (level <= 0) {
+ apr_errprintf(&(*jose)->result, pool, NULL, 0,
+ "Syntax error: too many nested JOSE payloads");
+ return APR_EINVAL;
+ }
+ level--;
+
status = apr_jose_decode(
flags & APR_JOSE_FLAG_DECODE_ALL ?
&(*jose)->jose.jwe->payload : jose, typ,
@@ -1144,6 +1158,13 @@ apr_status_t apr_jose_decode_json_jws(ap
bb->bucket_alloc);
APR_BRIGADE_INSERT_TAIL(bb, e);
+ if (level <= 0) {
+ apr_errprintf(&(*jose)->result, pool, NULL, 0,
+ "Syntax error: too many nested JOSE payloads");
+ return APR_EINVAL;
+ }
+ level--;
+
return apr_jose_decode(
flags & APR_JOSE_FLAG_DECODE_ALL ?
&(*jose)->jose.jws->payload : jose, typ, bb, cb,
@@ -1442,6 +1463,13 @@ apr_status_t apr_jose_decode_json_jwe(ap
if (decrypt == 1) {
+ if (level <= 0) {
+ apr_errprintf(&(*jose)->result, pool, NULL, 0,
+ "Syntax error: too many nested JOSE payloads");
+ return APR_EINVAL;
+ }
+ level--;
+
status = apr_jose_decode(
flags & APR_JOSE_FLAG_DECODE_ALL ?
&(*jose)->jose.jwe->payload : jose, typ,
@@ -1518,6 +1546,13 @@ apr_status_t apr_jose_decode_json_jwe(ap
if (APR_SUCCESS == status) {
+ if (level <= 0) {
+ apr_errprintf(&(*jose)->result, pool, NULL, 0,
+ "Syntax error: too many nested JOSE payloads");
+ return APR_EINVAL;
+ }
+ level--;
+
return apr_jose_decode(
flags & APR_JOSE_FLAG_DECODE_ALL ?
&(*jose)->jose.jwe->payload : jose, typ, bb,