SimpleJSON icon indicating copy to clipboard operation
SimpleJSON copied to clipboard
verified publisher icon nbsdx

SimpleJSON read out of bounds - information leak

Open dzonerzy opened this issue 8 years ago • 3 comments

While i was testing SimpleJSON security i found a crash during string parsing inside parse_string function , below a screenshot.

schermata 2017-02-07 alle 01 41 24

This seems to be an information leak bug since the parser will try to parse a string until it found a matching " character in order to close the string inside the object, so providing something similar will result in a read out of bounds!

Step to reproduce:

schermata 2017-02-07 alle 01 45 28

Let me know if you need more information!

Regards, Daniele Linguaglossa

dzonerzy avatar Feb 07 '17 00:02 dzonerzy

Ohhhh cool :D I saw you had a JSON fuzzer on your github; is that how you found this?

Thanks for the heads up, I'll look into this, but I'm not sure how long it'll be. I'm in the middle of changing jobs and moving so I'm kinda swamped.

nbsdx avatar Feb 07 '17 03:02 nbsdx

Yeah, taking a quick look at this, I'm going to probably need to rewrite the parser :/

nbsdx avatar Feb 07 '17 03:02 nbsdx

@nbsdx sure i found it using PyJFuzz :) so feel free to use it as a test suite during your development!

dzonerzy avatar Feb 07 '17 09:02 dzonerzy