@@ 7,6 7,11 @@
#include "private.h"
+/**
+ * Limit the max nesting depth to prevent stack overflow.
+ */
+#define MAX_NESTING_DEPTH 10000
+
static const char *jsch_token_type_str(enum jsch_token_type type) {
switch (type) {
case JSCH_TOKEN_EOF:
@@ 93,6 98,11 @@ static int jsch_buf_append_ch(struct jsch_decoder *dec, char ch) {
}
static int jsch_stack_push(struct jsch_decoder *dec, char delim) {
+ if (dec->stack_len + 1 >= MAX_NESTING_DEPTH) {
+ jsch_decoder_add_error(dec, "exceeded max depth");
+ return -EINVAL;
+ }
+
if (dec->stack_len >= dec->stack_cap) {
size_t new_cap = 2 * dec->stack_cap;
if (new_cap == 0) {