do-agent icon indicating copy to clipboard operation
do-agent copied to clipboard

Published 20 hours ago verified publisher icon digitalocean

Bug Fix protojson.Unmarshal function infinite loop when unmarshaling certain forms of invalid JSON

Open sufatmawati opened this issue 10 months ago • 0 comments

encoding/protojson, internal/encoding/json: handle missing object values In internal/encoding/json, report an error when encountering a } when we are expecting an object field value. For example, the input {"":} now correctly results in an error at the closing } token. In encoding/protojson, check for an unexpected EOF token in skipJSONValue. This is redundant with the check in internal/encoding/json, but adds a bit more defense against any other similar bugs that might exist.

The protojson.Unmarshal function can enter an infinite loop when unmarshaling certain forms of invalid JSON. This condition can occur when unmarshaling into a message which contains a google.protobuf.Any value, or when the UnmarshalOptions.DiscardUnknown option is set.

@@ -121,7 +121,7 @@ func (d *Decoder) Read() (Token, error) {

	case ObjectClose:
		if len(d.openStack) == 0 ||
			d.lastToken.kind == comma ||
			d.lastToken.kind&(Name|comma) != 0 ||
			d.openStack[len(d.openStack)-1] != ObjectOpen {
			return Token{}, d.newSyntaxError(tok.pos, unexpectedFmt, tok.RawString())
		}

CVE-2024-24786 CWE-835

sufatmawati avatar Apr 23 '24 15:04 sufatmawati