[c-lightning] Security issue in c-lightning
ZmnSCPxj at protonmail.com
Tue Jun 9 03:04:26 AEST 2020
Good morning list,
I created a function that could potentially be used to check if the result of `jsmn_parse` is valid, specifically that objects always have string keys and the keys have a size of exactly 1.
I added it to the previous program so we can get some hands-on trial on whether the function gets any false-positives / false-negatives.
The new function is `validate_jsmn_result`, and it requires a support function `find_jsmn_bounds`.
Please see attached code.
It is probably a good idea to feed the program into some kind of fuzzer at this point.
The intent is that instead of `*valid = true` in `json_parse_input`, we should use `*valid = validate_jsmn_result(toks, toks + ret);`
I will enter into cyclic reduced-power state soon, sorry.
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 2980 bytes
Desc: not available
More information about the c-lightning