1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
|
From: HAPPY <pcy190@126.com>
Date: Fri, 16 Apr 2021 11:22:47 +0800
Subject: CVE-2021-31684: Fix indexOf
A vulnerability was discovered in the indexOf function of JSONParserByteArray
in JSON Smart versions 1.3 and 2.4 which causes a denial of service (DOS)
via a crafted web request.
origin: https://github.com/netplex/json-smart-v2/commit/6ecff1c2974eaaab2e74e441bdf5ba8495227bf5.patch
bug: https://github.com/netplex/json-smart-v2/issues/67
---
.../src/main/java/net/minidev/json/parser/JSONParserByteArray.java | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/json-smart/src/main/java/net/minidev/json/parser/JSONParserByteArray.java b/json-smart/src/main/java/net/minidev/json/parser/JSONParserByteArray.java
index 1849116..605d007 100644
--- a/json-smart/src/main/java/net/minidev/json/parser/JSONParserByteArray.java
+++ b/json-smart/src/main/java/net/minidev/json/parser/JSONParserByteArray.java
@@ -75,7 +75,7 @@ class JSONParserByteArray extends JSONParserMemory {
}
protected int indexOf(char c, int pos) {
- for (int i = pos; pos < len; i++)
+ for (int i = pos; i < len; i++)
if (in[i] == (byte) c)
return i;
return -1;
|
