Trim tokens in error messages to 256 byte to prevent attacks

asoldano · asoldano · commit d4d596ea6716 · 2016-10-06T23:38:51.000+02:00
diff --git a/src/main/java/com/fasterxml/jackson/core/json/UTF8StreamJsonParser.java b/src/main/java/com/fasterxml/jackson/core/json/UTF8StreamJsonParser.java
@@ -3510,7 +3510,8 @@ protected void _reportInvalidToken(String matchedPart, String msg) throws IOExce
           * regular Java identifier character rules. It's just a heuristic,
           * nothing fancy here (nor fast).
           */
-         while (true) {
+         final int maxTokenLength = 256;
+         while (sb.length() < maxTokenLength) {
              if (_inputPtr >= _inputEnd && !_loadMore()) {
                  break;
              }
@@ -3521,6 +3522,9 @@ protected void _reportInvalidToken(String matchedPart, String msg) throws IOExce
              }
              sb.append(c);
          }
+         if (sb.length() == maxTokenLength) {
+                sb.append("...");
+         }
          _reportError("Unrecognized token '"+sb.toString()+"': was expecting "+msg);
      }
         

Original file line number	Diff line number	Diff line change
`@@ -3510,7 +3510,8 @@ protected void _reportInvalidToken(String matchedPart, String msg) throws IOExce`
`3510`	`3510`	`* regular Java identifier character rules. It's just a heuristic,`
`3511`	`3511`	`* nothing fancy here (nor fast).`
`3512`	`3512`	`*/`
`3513`		`- while (true) {`
	`3513`	`+ final int maxTokenLength = 256;`
	`3514`	`+ while (sb.length() < maxTokenLength) {`
`3514`	`3515`	`if (_inputPtr >= _inputEnd && !_loadMore()) {`
`3515`	`3516`	`break;`
`3516`	`3517`	`}`
`@@ -3521,6 +3522,9 @@ protected void _reportInvalidToken(String matchedPart, String msg) throws IOExce`
`3521`	`3522`	`}`
`3522`	`3523`	`sb.append(c);`
`3523`	`3524`	`}`
	`3525`	`+ if (sb.length() == maxTokenLength) {`
	`3526`	`+ sb.append("...");`
	`3527`	`+ }`
`3524`	`3528`	`_reportError("Unrecognized token '"+sb.toString()+"': was expecting "+msg);`
`3525`	`3529`	`}`
`3526`	`3530`