[c-lightning] Security issue in c-lightning
ZmnSCPxj
ZmnSCPxj at protonmail.com
Tue Jun 9 03:04:26 AEST 2020
Good morning list,
I created a function that could potentially be used to check if the result of `jsmn_parse` is valid, specifically that objects always have string keys and the keys have a size of exactly 1.
I added it to the previous program so we can get some hands-on trial on whether the function gets any false-positives / false-negatives.
The new function is `validate_jsmn_result`, and it requires a support function `find_jsmn_bounds`.
Please see attached code.
It is probably a good idea to feed the program into some kind of fuzzer at this point.
The intent is that instead of `*valid = true` in `json_parse_input`, we should use `*valid = validate_jsmn_result(toks, toks + ret);`
I will enter into cyclic reduced-power state soon, sorry.
Regards,
ZmnSCPxj
-------------- next part --------------
A non-text attachment was scrubbed...
Name: main.c
Type: text/x-csrc
Size: 2980 bytes
Desc: not available
URL: <http://lists.ozlabs.org/pipermail/c-lightning/attachments/20200608/9b951652/attachment-0001.c>
More information about the c-lightning
mailing list