From: Markus Armbruster <armbru@redhat.com>
Date: Wed, 25 Nov 2015 21:23:22 +0000 (+0100)
Subject: qjson: Apply nesting limit more sanely
X-Git-Tag: v2.5.0-rc2~2^2~11
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=4f2d31fbc0bfdf41feea7d1be49f4f7ffa005534;p=thirdparty%2Fqemu.git

qjson: Apply nesting limit more sanely

The nesting limit from commit 29c75dd "json-streamer: limit the
maximum recursion depth and maximum token count" applies separately to
braces and brackets.  This makes no sense.  Apply it to their sum,
because that's actually a measure of recursion depth.

Signed-off-by: Markus Armbruster <armbru@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Message-Id: <1448486613-17634-2-git-send-email-armbru@redhat.com>
---

diff --git a/qobject/json-streamer.c b/qobject/json-streamer.c
index 1b2f9b1d107..dced2c77a19 100644
--- a/qobject/json-streamer.c
+++ b/qobject/json-streamer.c
@@ -64,8 +64,7 @@ static void json_message_process_token(JSONLexer *lexer, QString *token, JSONTok
          parser->bracket_count == 0)) {
         goto out_emit;
     } else if (parser->token_size > MAX_TOKEN_SIZE ||
-               parser->bracket_count > MAX_NESTING ||
-               parser->brace_count > MAX_NESTING) {
+               parser->bracket_count + parser->brace_count > MAX_NESTING) {
         /* Security consideration, we limit total memory allocated per object
          * and the maximum recursion depth that a message can force.
          */