use depth prepass check in client (#13897)

keybase · Sep 24, 2018 · ce8751d · ce8751d
1 parent 95d519e
commit ce8751d
Show file tree

Hide file tree

Showing 9 changed files with 160 additions and 6 deletions.
diff --git a/go/libkb/api.go b/go/libkb/api.go
@@ -4,6 +4,7 @@
 package libkb
 
 import (
+	"bufio"
 	"bytes"
 	"encoding/base64"
 	"encoding/json"
@@ -330,7 +331,14 @@ func doRequestShared(m MetaContext, api Requester, arg APIArg, req *http.Request
 	}
 
 	if wantJSONRes {
-		reader := newCountingReader(internalResp.Body)
+		var buf bytes.Buffer
+		bodyTee := io.TeeReader(internalResp.Body, &buf)
+		err = jsonw.EnsureMaxDepthDefault(bufio.NewReader(bodyTee))
+		if err != nil {
+			return nil, finisher, nil, err
+		}
+
+		reader := newCountingReader(&buf)
 		decoder := json.NewDecoder(reader)
 		var obj interface{}
 		decoder.UseNumber()

diff --git a/go/libkb/db.go b/go/libkb/db.go
@@ -60,6 +60,10 @@ func jsonLocalDbGetInto(ops LocalDbOps, obj interface{}, id DbKey) (found bool,
 	var buf []byte
 	buf, found, err = ops.Get(id)
 	if err == nil && found {
+		err = jsonw.EnsureMaxDepthBytesDefault(buf)
+		if err != nil {
+			return found, err
+		}
 		err = json.Unmarshal(buf, &obj)
 	}
 	return found, err

diff --git a/go/libkb/json.go b/go/libkb/json.go
@@ -4,6 +4,8 @@
 package libkb
 
 import (
+	"bufio"
+	"bytes"
 	"encoding/json"
 	"errors"
 	"fmt"
@@ -72,7 +74,15 @@ func (f *JSONFile) Load(warnOnNotFound bool) error {
 	}
 	f.exists = true
 	defer file.Close()
-	decoder := json.NewDecoder(file)
+
+	var buf bytes.Buffer
+	fileTee := io.TeeReader(bufio.NewReader(file), &buf)
+	err = jsonw.EnsureMaxDepthDefault(bufio.NewReader(fileTee))
+	if err != nil {
+		return err
+	}
+
+	decoder := json.NewDecoder(&buf)
 	obj := make(map[string]interface{})
 	// Treat empty files like an empty dictionary
 	if err = decoder.Decode(&obj); err != nil && err != io.EOF {

diff --git a/go/libkb/log_send.go b/go/libkb/log_send.go
@@ -22,6 +22,8 @@ import (
 
 	"github.com/keybase/client/go/logger"
 	"github.com/keybase/client/go/protocol/keybase1"
+
+	jsonw "github.com/keybase/go-jsonw"
 )
 
 // Logs is the struct to specify the path of log files
@@ -535,8 +537,13 @@ func (l *LogSendContext) LogSend(statusJSON, feedback string, sendLogs bool, num
 // mergeExtendedStatus adds the extended status to the given status json blob.
 // If any errors occur the original status is returned unmodified.
 func (l *LogSendContext) mergeExtendedStatus(status string) string {
+	err := jsonw.EnsureMaxDepthBytesDefault([]byte(status))
+	if err != nil {
+		return status
+	}
+
 	var statusObj map[string]interface{}
-	if err := json.Unmarshal([]byte(status), &statusObj); err != nil {
+	if err = json.Unmarshal([]byte(status), &statusObj); err != nil {
 		return status
 	}
 

diff --git a/go/libkb/log_send_test.go b/go/libkb/log_send_test.go
@@ -10,6 +10,8 @@ import (
 
 	"github.com/keybase/client/go/logger"
 	"github.com/stretchr/testify/require"
+
+	jsonw "github.com/keybase/go-jsonw"
 )
 
 func testTail(t *testing.T, testname, filename string, count, actual int, first, last string) {
@@ -76,8 +78,12 @@ func TestMergeExtendedStatus(t *testing.T) {
 	status := `{"status":{"foo":"bar"}}`
 	fullStatus = lsCtx.mergeExtendedStatus(status)
 	require.True(t, strings.Contains(fullStatus, status))
+
+	err := jsonw.EnsureMaxDepthBytesDefault([]byte(fullStatus))
+	require.NoError(t, err)
+
 	fullStatusMap := map[string]interface{}{}
-	err := json.Unmarshal([]byte(fullStatus), &fullStatusMap)
+	err = json.Unmarshal([]byte(fullStatus), &fullStatusMap)
 	require.NoError(t, err)
 	_, ok := fullStatusMap["status"]
 	require.True(t, ok)

diff --git a/go/lru/lru.go b/go/lru/lru.go
@@ -5,6 +5,7 @@ import (
 	lru "github.com/hashicorp/golang-lru"
 	libkb "github.com/keybase/client/go/libkb"
 	keybase1 "github.com/keybase/client/go/protocol/keybase1"
+	jsonw "github.com/keybase/go-jsonw"
 	context "golang.org/x/net/context"
 	"reflect"
 	"sync"
@@ -75,6 +76,12 @@ func (c *Cache) Get(ctx context.Context, lctx libkb.LRUContext, k libkb.LRUKeyer
 	if len(w.Data) > 0 {
 		tmp := reflect.New(c.typ)
 		ret = tmp.Interface()
+
+		err = jsonw.EnsureMaxDepthBytesDefault([]byte(w.Data))
+		if err != nil {
+			return nil, err
+		}
+
 		err = json.Unmarshal([]byte(w.Data), ret)
 		if err != nil {
 			return nil, err

diff --git a/go/service/apiserver.go b/go/service/apiserver.go
@@ -115,6 +115,10 @@ func (a *APIServerHandler) doPostJSON(rawarg keybase1.PostJSONArg) (res keybase1
 	jsonPayload := make(libkb.JSONPayload)
 	for _, kvpair := range rawarg.JSONPayload {
 		var value interface{}
+		err = jsonw.EnsureMaxDepthBytesDefault([]byte(kvpair.Value))
+		if err != nil {
+			return keybase1.APIRes{}, err
+		}
 		err := json.Unmarshal([]byte(kvpair.Value), &value)
 		if err != nil {
 			return keybase1.APIRes{}, err

diff --git a/go/teams/loader_chain_test.go b/go/teams/loader_chain_test.go
@@ -14,6 +14,8 @@ import (
 
 	"github.com/keybase/client/go/libkb"
 	"github.com/keybase/client/go/protocol/keybase1"
+
+	jsonw "github.com/keybase/go-jsonw"
 )
 
 type TestCase struct {
@@ -139,6 +141,12 @@ func runUnit(t *testing.T, unit TestCase) (lastLoadRet *Team) {
 			err := json.Unmarshal(link, &outer)
 			require.NoError(t, err)
 			var inner interface{}
+
+			err = jsonw.EnsureMaxDepthBytesDefault([]byte(outer.PayloadJSON))
+			if err != nil {
+				t.Logf("team link '%v' #'%v': JSON exceeds max depth permissable: %v", teamLabel, i+1, err)
+			}
+			require.NoError(t, err)
 			err = json.Unmarshal([]byte(outer.PayloadJSON), &inner)
 			if err != nil {
 				t.Logf("team link '%v' #'%v': corrupted: %v", teamLabel, i+1, err)

diff --git a/go/vendor/github.com/keybase/go-jsonw/jsonw.go b/go/vendor/github.com/keybase/go-jsonw/jsonw.go