Home > mailing lists

Re: [PATCH] oauth: Prevent stack overflow by limiting JSON parse depth - Mailing list pgsql-hackers

From	Aleksander Alekseev
Subject	Re: [PATCH] oauth: Prevent stack overflow by limiting JSON parse depth
Date	May 8 15:22:35
Msg-id	CAJ7c6TO_MwMnpuw3+dub+Gif7c2tkS90YjHbyR+tmzpSP_ooXw@mail.gmail.com Whole thread Raw
Responses	Re: [PATCH] oauth: Prevent stack overflow by limiting JSON parse depth
List	pgsql-hackers

Tree view

Hi Jacob,

> I forgot to put a recursion limit in the new OAuth parsers; the
> server-side depth checks don't apply to the client, and it's not using
> the incremental parser to move the burden from the stack to the heap.
> Luckily, we track the nesting level already, so a fix (attached) can
> be pretty small.
>
> [...]

Thanks for the patch. It looks good to me. It's well documented and
covered with tests. I can confirm that the tests pass. Also they fail
if I decrease the $nesting_limit value to 15.

--
Best regards,
Aleksander Alekseev

pgsql-hackers by date:

From: Aleksander Alekseev
Date: 08 May, 15:20:49
Subject: Re: Valgrind - showing memory leaks?

From: Noboru Saito
Date: 08 May, 15:31:33
Subject: Re: [PATCH] Fix tags in func.sgml

Re: [PATCH] oauth: Prevent stack overflow by limiting JSON parse depth - Mailing list pgsql-hackers

Previous

Next