View Issue Details

IDProjectCategoryView StatusLast Update
0000356fileGeneralpublic2022-06-11 11:45
Reporterdavewhite Assigned To 
PrioritynormalSeverityminorReproducibilityalways
Status newResolutionopen 
PlatformLinuxOSUbuntuOS Version20.04
Product Version5.42 
Summary0000356: JSON parsing incorrectly accepts misspellings for true/false/null in json_parse_const()
DescriptionA JSON file containing the structure
{"test":true}
Is detected as 'JSON data'. The text
{"test":txxx}
Is also considered valid JSON.

During parsing, when detecting 't' (in file is_json.c:374) the json_parse_const() is called with the value "true".

json_parse_const() verifies the text found matches the expected constant, but does nothing with the
result of the test, and always returns true as long as the first letter matches (t for true, f for false or n for null)
and the word found was the correct length.

Hence
{"test":nxx} is invalid, while
{"test":nxxx} is valid json.
Steps To Reproduce$ echo '{"test":txxx}' > file.json
$ file file.json
file.json: JSON data
Additional InformationIssue exists when built from latest source.
Tagsjson

Activities

davewhite

2022-06-11 11:45

reporter   ~0003761

The following batch resolves the issue

diff --git src/is_json.c src/is_json.c
index 86def31..8053d4f 100644
--- src/is_json.c
+++ src/is_json.c
@@ -327,6 +327,7 @@ json_parse_const(const unsigned char **ucp, const unsigned char *ue,
    for (len--; uc < ue && --len;) {
        if (*uc++ == *++str)
            continue;
+ break
    }
    if (len)
        DPRINTF("Bad const: ", uc, *ucp);

Issue History

Date Modified Username Field Change
2022-06-11 11:42 davewhite New Issue
2022-06-11 11:42 davewhite Tag Attached: json
2022-06-11 11:45 davewhite Note Added: 0003761