protojson: vuln: malicious JSON can trivially induce stack overflow
jhump opened this issue · comments
Joshua Humphries commented
The binary format has a default recursion depth of 10,000. And that depth is configurable via proto.UnmarshalOptions
. But the protojson
package has no such limit. So if a schema allows arbitrary depth (such as using a recursive/hierarchical type, mutually recursive types, or open-ended JSON types such as google.protobuf.Value
), an attacker can easily trigger a stack overflow, which results in a process crashing. Since a stack overflow is a fatal error, not a panic, it cannot be handled via recover
, which. makes this a serious DOS issue.