Damien Neil f01a588e58 encoding/protojson, internal/encoding/json: handle missing object values ... In internal/encoding/json, report an error when encountering a } when we are expecting an object field value. For example, the input `{"":}` now correctly results in an error at the closing } token. In encoding/protojson, check for an unexpected EOF token in skipJSONValue. This is redundant with the check in internal/encoding/json, but adds a bit more defense against any other similar bugs that might exist. Fixes CVE-2024-24786 Change-Id: I03d52512acb5091c8549e31ca74541d57e56c99d Reviewed-on: https://go-review.googlesource.com/c/protobuf/+/569356 TryBot-Bypass: Damien Neil <dneil@google.com> Reviewed-by: Roland Shoemaker <roland@golang.org> Commit-Queue: Damien Neil <dneil@google.com>		2024-03-05 19:00:02 +00:00
..
benchmarks	internal/benchmarks: make download_benchdata print an error	2023-11-03 08:27:41 +00:00
cmd	internal/conformance: make conformance tests work with editions	2024-02-26 08:14:29 +00:00
conformance	internal/conformance: make conformance tests work with editions	2024-02-26 08:14:29 +00:00
descfmt	all: avoid non-const reflect.MethodByName calls	2023-10-03 07:25:07 +00:00
descopts
detrand
editiondefaults	internal/filedesc: implement runtime editions support	2024-02-13 12:20:49 +00:00
encoding	encoding/protojson, internal/encoding/json: handle missing object values	2024-03-05 19:00:02 +00:00
errors
filedesc	internal/filedesc: make descriptor initialization goroutine-safe	2024-03-04 08:49:27 +00:00
filetype
flags
fuzz
fuzztest
genid	internal/filedesc: implement runtime editions support	2024-02-13 12:20:49 +00:00
impl	all: add more test for editions and fix some bugs in the implementation	2024-02-16 14:47:55 +00:00
msgfmt
order
pragma
protobuild
protolegacy
set
strs	reflect/protodesc: add editions support	2024-02-19 07:03:53 +00:00
testprotos	internal/filedesc: make descriptor initialization goroutine-safe	2024-03-04 08:49:27 +00:00
version	all: start v1.32.0-devel	2023-12-22 09:30:39 +00:00
weakdeps