java icon indicating copy to clipboard operation
java copied to clipboard

Published 20 hours ago verified publisher icon json-iterator

Null parsing accepts bad input

Open mtdowling opened this issue 1 year ago • 5 comments

Various places in this library that parse null will see 'n' and then skip the next three characters without validating that the next three characters are 'u' 'l' 'l'. So this is parsed as null: nope.

See for example https://github.com/json-iterator/java/blob/master/src/main/java/com/jsoniter/IterImplObject.java#L10-L12

    public static final String readObject(JsonIterator iter) throws IOException {
        byte c = IterImpl.nextToken(iter);
        switch (c) {
            case 'n':
                IterImpl.skipFixedBytes(iter, 3);
                return null;

Edit: also note that this same issue is present for true and false.

mtdowling avatar Jun 27 '24 18:06 mtdowling

Hello, I'm new to open-source contribution and I would like to help. Are you working on this? if not, can you please assign this to me?

TDila avatar Aug 12 '24 23:08 TDila

I’m not working on this, please feel free.

mtdowling avatar Aug 13 '24 00:08 mtdowling

@mtdowling thanks 👍

TDila avatar Aug 13 '24 00:08 TDila

@mtdowling I'm new to open source and I would love to give it a try(even if it does not help).

bodasiddartha avatar Aug 26 '24 19:08 bodasiddartha

Hey, we are a team of 5 university students working on contributing to OSS projects. We would love to work on this issue if it is still unassigned. Thank you for your time.

ChristoJobyAntony avatar Oct 11 '24 00:10 ChristoJobyAntony