[c-lightning] Security issue in c-lightning

ZmnSCPxj ZmnSCPxj at protonmail.com
Tue Jun 9 03:04:26 AEST 2020

Good morning list,

I created a function that could potentially be used to check if the result of `jsmn_parse` is valid, specifically that objects always have string keys and the keys have a size of exactly 1.

I added it to the previous program so we can get some hands-on trial on whether the function gets any false-positives / false-negatives.

The new function is `validate_jsmn_result`, and it requires a support function `find_jsmn_bounds`.
Please see attached code.

It is probably a good idea to feed the program into some kind of fuzzer at this point.

The intent is that instead of `*valid = true` in `json_parse_input`, we should use `*valid = validate_jsmn_result(toks, toks + ret);`

I will enter into cyclic reduced-power state soon, sorry.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: main.c
Type: text/x-csrc
Size: 2980 bytes
Desc: not available
URL: <http://lists.ozlabs.org/pipermail/c-lightning/attachments/20200608/9b951652/attachment-0001.c>

More information about the c-lightning mailing list