From: Lennart Poettering <lennart@poettering.net>
Date: Mon, 20 Jan 2020 19:13:46 +0000 (+0100)
Subject: json: lower maximum allowed recursion to 2K
X-Git-Tag: v245-rc1~101
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=898820edb5c94bdfc7562125f5f6b746948cb39f;p=thirdparty%2Fsystemd.git

json: lower maximum allowed recursion to 2K

Apparently 4K is too high still, let's halve it.

Fixes: #14396
---

diff --git a/src/shared/json.c b/src/shared/json.c
index 869aa279eee..e9ae88c7473 100644
--- a/src/shared/json.c
+++ b/src/shared/json.c
@@ -26,11 +26,17 @@
 #include "user-util.h"
 #include "utf8.h"
 
-/* Refuse putting together variants with a larger depth than 4K by default (as a protection against overflowing stacks
+/* Refuse putting together variants with a larger depth than 2K by default (as a protection against overflowing stacks
  * if code processes JSON objects recursively. Note that we store the depth in an uint16_t, hence make sure this
  * remains under 2^16.
- * The value was 16k, but it was discovered to be too high on llvm/x86-64. See also the issue #10738. */
-#define DEPTH_MAX (4U*1024U)
+ *
+ * The value first was 16k, but it was discovered to be too high on llvm/x86-64. See also:
+ * https://github.com/systemd/systemd/issues/10738
+ *
+ * The value then was 4k, but it was discovered to be too high on s390x/aarch64. See also:
+ * https://github.com/systemd/systemd/issues/14396 */
+
+#define DEPTH_MAX (2U*1024U)
 assert_cc(DEPTH_MAX <= UINT16_MAX);
 
 typedef struct JsonSource {