check key length in preamble

Error rather than assert, if key length is greater than INT_MAX

Author: kevinAlbs

src/libbson/src/bson/bson-json.c

@@ -347,13 +347,17 @@ _noop (void)
       bson->code_data.in_scope = false; \
    } while (0)
 #define STACK_POP_DBPOINTER STACK_POP_DOC (_noop ())
-#define BASIC_CB_PREAMBLE                         \
-   const char *key;                               \
-   size_t len;                                    \
-   bson_json_reader_bson_t *bson = &reader->bson; \
-   _bson_json_read_fixup_key (bson);              \
-   key = bson->key;                               \
-   len = bson->key_buf.len;                       \
+#define BASIC_CB_PREAMBLE                                                                                            \
+   const char *key;                                                                                                  \
+   size_t len;                                                                                                       \
+   bson_json_reader_bson_t *bson = &reader->bson;                                                                    \
+   _bson_json_read_fixup_key (bson);                                                                                 \
+   key = bson->key;                                                                                                  \
+   len = bson->key_buf.len;                                                                                          \
+   if (len > INT_MAX) {                                                                                              \
+      _bson_json_read_set_error (reader, "Failed to read JSON. key size %zu is too large. Max is %d", len, INT_MAX); \
+      return;                                                                                                        \
+   }                                                                                                                 \
    (void) 0
 #define BASIC_CB_BAIL_IF_NOT_NORMAL(_type)                                                                   \
    if (bson->read_state != BSON_JSON_REGULAR) {                                                              \
@@ -396,7 +400,7 @@ bson_json_opts_new (bson_json_mode_t mode, int32_t max_len)
    bson_json_opts_t *opts;
 
    opts = (bson_json_opts_t *) bson_malloc (sizeof *opts);
-   *opts = (bson_json_opts_t){
+   *opts = (bson_json_opts_t) {
       .mode = mode,
       .max_len = max_len,
       .is_outermost_array = false,
@@ -622,8 +626,6 @@ _bson_json_read_integer (bson_json_reader_t *reader, uint64_t val, int64_t sign)
 
    if (rs == BSON_JSON_REGULAR) {
       BASIC_CB_BAIL_IF_NOT_NORMAL ("integer");
-      BSON_ASSERT (mlib_in_range (int, len));
-
       if (val <= INT32_MAX || (sign == -1 && val <= (uint64_t) INT32_MAX + 1)) {
          bson_append_int32 (STACK_BSON_CHILD, key, (int) len, (int32_t) ((int64_t) val * sign));
       } else if (sign == -1) {

src/libbson/tests/test-json.c

@@ -13,6 +13,7 @@
 #include <common-json-private.h>
 #include <bson/bson-iso8601-private.h>
 #include <bson/bson-json-private.h>
+#include "test-libmongoc.h" // skip_if_no_large_allocations
 
 static ssize_t
 test_bson_json_read_cb_helper (void *string, uint8_t *buf, size_t len)
@@ -3793,6 +3794,42 @@ test_bson_as_json_all_formats (void)
    }
 }
 
+static void
+test_json_big_key (void *unused)
+{
+   BSON_UNUSED (unused);
+
+   // Create a JSON string like: { "<'a' repeated INT_MAX + 1 times>": 123 }
+   size_t keylen = INT_MAX + 1u;
+   size_t json_len = strlen ("{\"") + keylen + strlen ("\":123}");
+   char *json = bson_malloc (json_len + 1);
+   json[json_len] = '\0';
+
+   size_t offset = 0;
+   // Write {"
+   {
+      bson_strncpy (json, "{\"", json_len + 1);
+      offset += strlen ("{\"");
+   }
+   // Write key of repeated a
+   {
+      for (size_t i = 0; i < keylen; i++) {
+         json[offset++] = 'a';
+      }
+   }
+   // Write remaining ":123}
+   {
+      bson_strncpy (json + offset, "\":123}", json_len + 1 - offset);
+      offset += strlen ("\":123}");
+   }
+
+   bson_error_t error;
+   bson_t b;
+   bool ok = bson_init_from_json (&b, json, (ssize_t) json_len, &error);
+   ASSERT (!ok);
+   ASSERT_ERROR_CONTAINS (error, BSON_ERROR_JSON, BSON_JSON_ERROR_READ_INVALID_PARAM, "too large");
+   bson_free (json);
+}
 
 void
 test_json_install (TestSuite *suite)
@@ -3899,4 +3936,5 @@ test_json_install (TestSuite *suite)
    TestSuite_Add (suite, "/bson/parse_array", test_parse_array);
    TestSuite_Add (suite, "/bson/decimal128_overflowing_exponent", test_decimal128_overflowing_exponent);
    TestSuite_Add (suite, "/bson/as_json/all_formats", test_bson_as_json_all_formats);
+   TestSuite_AddFull (suite, "/bson/json/big_key", test_json_big_key, NULL, NULL, skip_if_no_large_allocations);
 }