From: Stephan Bosch Date: Sun, 9 Dec 2018 20:08:53 +0000 (+0100) Subject: lib-oauth2: Fix asynchronous parsing of JSON response payload. X-Git-Tag: 2.3.6~46 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=679286c27a86f5bcdf859c0ded3c20997713c22e;p=thirdparty%2Fdovecot%2Fcore.git lib-oauth2: Fix asynchronous parsing of JSON response payload. The problem was caused by the fact that req->field_name was reset in the beginning of oauth2_parse_json(), which is continuously called when more payload can be read from the input stream. This leads to corruption of the parser state machine each time parsing is continued. To fix this issue, the field_name is now reset only when the parsing commences. --- diff --git a/src/lib-oauth2/oauth2-introspect.c b/src/lib-oauth2/oauth2-introspect.c index 9a2784e0f2..023bb5af4e 100644 --- a/src/lib-oauth2/oauth2-introspect.c +++ b/src/lib-oauth2/oauth2-introspect.c @@ -53,6 +53,7 @@ oauth2_introspect_response(const struct http_response *response, req->parser = json_parser_init(req->is); req->json_parsed_cb = oauth2_introspect_continue; req->io = io_add_istream(req->is, oauth2_parse_json, req); + req->field_name = NULL; oauth2_parse_json(req); } } diff --git a/src/lib-oauth2/oauth2-refresh.c b/src/lib-oauth2/oauth2-refresh.c index 1233652716..2c6b720ea2 100644 --- a/src/lib-oauth2/oauth2-refresh.c +++ b/src/lib-oauth2/oauth2-refresh.c @@ -93,6 +93,7 @@ oauth2_refresh_response(const struct http_response *response, req->parser = json_parser_init(req->is); req->json_parsed_cb = oauth2_refresh_continue; req->io = io_add_istream(req->is, oauth2_parse_json, req); + req->field_name = NULL; oauth2_parse_json(req); } } diff --git a/src/lib-oauth2/oauth2-token-validate.c b/src/lib-oauth2/oauth2-token-validate.c index ca6b1c37e1..17d977dc34 100644 --- a/src/lib-oauth2/oauth2-token-validate.c +++ b/src/lib-oauth2/oauth2-token-validate.c @@ -82,6 +82,7 @@ oauth2_token_validate_response(const struct http_response *response, req->parser = json_parser_init(req->is); req->json_parsed_cb = oauth2_token_validate_continue; req->io = io_add_istream(req->is, oauth2_parse_json, req); + req->field_name = NULL; oauth2_parse_json(req); } } diff --git a/src/lib-oauth2/oauth2.c b/src/lib-oauth2/oauth2.c index b63686de23..a5080b97a5 100644 --- a/src/lib-oauth2/oauth2.c +++ b/src/lib-oauth2/oauth2.c @@ -17,8 +17,6 @@ oauth2_parse_json(struct oauth2_request *req) const char *token, *error; int ret; - req->field_name = NULL; - while((ret = json_parse_next(req->parser, &type, &token)) > 0) { if (req->field_name == NULL) { if (type != JSON_TYPE_OBJECT_KEY) break;