mirror/protobuf-go
1
0
Fork 0
mirror of https://github.com/protocolbuffers/protobuf-go.git synced 2025-01-04 02:38:50 +00:00
Code Issues Packages Projects Releases Wiki Activity
e216807546
protobuf-go/encoding
History
Damien Neil f01a588e58 encoding/protojson, internal/encoding/json: handle missing object values 
In internal/encoding/json, report an error when encountering a }
when we are expecting an object field value. For example, the input
`{"":}` now correctly results in an error at the closing } token.

In encoding/protojson, check for an unexpected EOF token in
skipJSONValue. This is redundant with the check in internal/encoding/json,
but adds a bit more defense against any other similar bugs that
might exist.

Fixes CVE-2024-24786

Change-Id: I03d52512acb5091c8549e31ca74541d57e56c99d
Reviewed-on: https://go-review.googlesource.com/c/protobuf/+/569356
TryBot-Bypass: Damien Neil <dneil@google.com>
Reviewed-by: Roland Shoemaker <roland@golang.org>
Commit-Queue: Damien Neil <dneil@google.com>
2024-03-05 19:00:02 +00:00
..
protodelim all: modernize documentation 2023-09-05 14:55:28 +00:00
protojson encoding/protojson, internal/encoding/json: handle missing object values 2024-03-05 19:00:02 +00:00
prototext encoding/prototext: add proto editions and fuzz tests 2024-02-23 12:14:08 +00:00
protowire all: modernize documentation 2023-09-05 14:55:28 +00:00
bench_test.go all: remove shorthand import aliases 2022-05-24 20:05:50 +00:00