search

digitalocean / do-agent

Collects system metrics from DigitalOcean Droplets
Apache License 2.0
597 stars 99 forks source link

Update Patched Fix protojson.Unmarshal function infinite loop when unmarshaling certain forms of invalid JSON #310

Closed bangtabil closed 4 months ago

bangtabil commented 6 months ago

Descriptions :

The protojson.Unmarshal function can enter an infinite loop when unmarshaling certain forms of invalid JSON. This condition can occur when unmarshaling into a message which contains a google.protobuf.Any value, or when the UnmarshalOptions.DiscardUnknown option is set.

encoding/protojson, internal/encoding/json: handle missing object values In internal/encoding/json, report an error when encountering a } when we are expecting an object field value. the input {"":} now correctly results in an error at the closing } token.

In encoding/protojson, check for an unexpected EOF token in skipJSONValue. This is redundant with the check in internal/encoding/json, but adds a bit more defense against any other similar bugs that might exist.

    case ObjectClose:
        if len(d.openStack) == 0 ||
            d.lastToken.kind == comma ||
            d.lastToken.kind&(Name|comma) != 0 ||
            d.openStack[len(d.openStack)-1] != ObjectOpen {
            return Token{}, d.newSyntaxError(tok.pos, unexpectedFmt, tok.RawString())
        }
        inputText:    `{"foo":{"bar":[{"baz":[{}]]}}`,
        umo:          protojson.UnmarshalOptions{RecursionLimit: 5, DiscardUnknown: true},
        wantErr:      "exceeded max recursion depth",
    }, {
        desc:         "Object missing value: no DiscardUnknown",
        inputMessage: &testpb.TestAllTypes{},
        inputText:    `{"":}`,
        umo:          protojson.UnmarshalOptions{RecursionLimit: 5, DiscardUnknown: false},
        wantErr:      `(line 1:2): unknown field ""`,
    }, {
        desc:         "Object missing value: DiscardUnknown",
        inputMessage: &testpb.TestAllTypes{},
        inputText:    `{"":}`,
        umo:          protojson.UnmarshalOptions{RecursionLimit: 5, DiscardUnknown: true},
        wantErr:      `(line 1:5): unexpected token`,
    }, {
        desc:         "Object missing value: Any",
        inputMessage: &anypb.Any{},
        inputText:    `{"":}`,
        wantErr:      `(line 1:5): unexpected token`,
    }}

CVE-2024-24786 CWE-835

bangtabil commented 6 months ago

Hi! @elohimmarron Lets merged this pull-request for patching fix vulnerabilities and release the new updated!

Best regards, @bangtabil