From 7cee5237dc6c0831e3f9dc490394eaea44636861 Mon Sep 17 00:00:00 2001
From: Eric Hawicz <erh+git@nimenees.com>
Date: Thu, 3 Apr 2025 21:09:05 -0400
Subject: [PATCH] Issue #867 - also disallow control characters in keys

---
 json_tokener.c            |  6 ++++++
 tests/test_parse.c        | 36 ++++++++++++++++++++++++++++++++++++
 tests/test_parse.expected | 36 +++++++++++++++++++++++++++++++++++-
 3 files changed, 77 insertions(+), 1 deletion(-)

diff --git a/json_tokener.c b/json_tokener.c
index 53ef209..a6bcbbb 100644
--- a/json_tokener.c
+++ b/json_tokener.c
@@ -1250,6 +1250,12 @@ struct json_object *json_tokener_parse_ex(struct json_tokener *tok, const char *
 					state = json_tokener_state_string_escape;
 					break;
 				}
+				else if ((tok->flags & JSON_TOKENER_STRICT) && (unsigned char)c <= 0x1f)
+				{
+					// Disallow control characters in strict mode
+					tok->err = json_tokener_error_parse_string;
+					goto out;
+				}
 				if (!ADVANCE_CHAR(str, tok) || !PEEK_CHAR(c, tok))
 				{
 					printbuf_memappend_checked(tok->pb, case_start,
diff --git a/tests/test_parse.c b/tests/test_parse.c
index 525f68c..71b881c 100644
--- a/tests/test_parse.c
+++ b/tests/test_parse.c
@@ -611,6 +611,10 @@ struct incremental_step
       "\x10\x11\x12\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f\"",
       -1, -1, json_tokener_success, 1, 0 },
 
+    { "{\"0\x01\x02\x02\x03\x04\x05\x06\x07\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f" \
+      "\x10\x11\x12\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f\":1}",
+      -1, -1, json_tokener_success, 1, 0 },
+
     // Test control chars again, this time in strict mode, which should fail
     { "\"\x01\"", -1, 1, json_tokener_error_parse_string, 1, JSON_TOKENER_STRICT },
     { "\"\x02\"", -1, 1, json_tokener_error_parse_string, 1, JSON_TOKENER_STRICT },
@@ -644,6 +648,38 @@ struct incremental_step
     { "\"\x1e\"", -1, 1, json_tokener_error_parse_string, 1, JSON_TOKENER_STRICT },
     { "\"\x1f\"", -1, 1, json_tokener_error_parse_string, 1, JSON_TOKENER_STRICT },
 
+    { "{\"\x01\":1}", -1, 2, json_tokener_error_parse_string, 1, JSON_TOKENER_STRICT },
+    { "{\"\x02\":1}", -1, 2, json_tokener_error_parse_string, 1, JSON_TOKENER_STRICT },
+    { "{\"\x03\":1}", -1, 2, json_tokener_error_parse_string, 1, JSON_TOKENER_STRICT },
+    { "{\"\x04\":1}", -1, 2, json_tokener_error_parse_string, 1, JSON_TOKENER_STRICT },
+    { "{\"\x05\":1}", -1, 2, json_tokener_error_parse_string, 1, JSON_TOKENER_STRICT },
+    { "{\"\x06\":1}", -1, 2, json_tokener_error_parse_string, 1, JSON_TOKENER_STRICT },
+    { "{\"\x07\":1}", -1, 2, json_tokener_error_parse_string, 1, JSON_TOKENER_STRICT },
+    { "{\"\x08\":1}", -1, 2, json_tokener_error_parse_string, 1, JSON_TOKENER_STRICT },
+    { "{\"\x09\":1}", -1, 2, json_tokener_error_parse_string, 1, JSON_TOKENER_STRICT },
+    { "{\"\x0a\":1}", -1, 2, json_tokener_error_parse_string, 1, JSON_TOKENER_STRICT },
+    { "{\"\x0b\":1}", -1, 2, json_tokener_error_parse_string, 1, JSON_TOKENER_STRICT },
+    { "{\"\x0c\":1}", -1, 2, json_tokener_error_parse_string, 1, JSON_TOKENER_STRICT },
+    { "{\"\x0d\":1}", -1, 2, json_tokener_error_parse_string, 1, JSON_TOKENER_STRICT },
+    { "{\"\x0e\":1}", -1, 2, json_tokener_error_parse_string, 1, JSON_TOKENER_STRICT },
+    { "{\"\x0f\":1}", -1, 2, json_tokener_error_parse_string, 1, JSON_TOKENER_STRICT },
+    { "{\"\x10\":1}", -1, 2, json_tokener_error_parse_string, 1, JSON_TOKENER_STRICT },
+    { "{\"\x11\":1}", -1, 2, json_tokener_error_parse_string, 1, JSON_TOKENER_STRICT },
+    { "{\"\x12\":1}", -1, 2, json_tokener_error_parse_string, 1, JSON_TOKENER_STRICT },
+    { "{\"\x13\":1}", -1, 2, json_tokener_error_parse_string, 1, JSON_TOKENER_STRICT },
+    { "{\"\x14\":1}", -1, 2, json_tokener_error_parse_string, 1, JSON_TOKENER_STRICT },
+    { "{\"\x15\":1}", -1, 2, json_tokener_error_parse_string, 1, JSON_TOKENER_STRICT },
+    { "{\"\x16\":1}", -1, 2, json_tokener_error_parse_string, 1, JSON_TOKENER_STRICT },
+    { "{\"\x17\":1}", -1, 2, json_tokener_error_parse_string, 1, JSON_TOKENER_STRICT },
+    { "{\"\x18\":1}", -1, 2, json_tokener_error_parse_string, 1, JSON_TOKENER_STRICT },
+    { "{\"\x19\":1}", -1, 2, json_tokener_error_parse_string, 1, JSON_TOKENER_STRICT },
+    { "{\"\x1a\":1}", -1, 2, json_tokener_error_parse_string, 1, JSON_TOKENER_STRICT },
+    { "{\"\x1b\":1}", -1, 2, json_tokener_error_parse_string, 1, JSON_TOKENER_STRICT },
+    { "{\"\x1c\":1}", -1, 2, json_tokener_error_parse_string, 1, JSON_TOKENER_STRICT },
+    { "{\"\x1d\":1}", -1, 2, json_tokener_error_parse_string, 1, JSON_TOKENER_STRICT },
+    { "{\"\x1e\":1}", -1, 2, json_tokener_error_parse_string, 1, JSON_TOKENER_STRICT },
+    { "{\"\x1f\":1}", -1, 2, json_tokener_error_parse_string, 1, JSON_TOKENER_STRICT },
+
     {NULL, -1, -1, json_tokener_success, 0, 0},
 };
 
diff --git a/tests/test_parse.expected b/tests/test_parse.expected
index cc5dd10..c82cfd1 100644
--- a/tests/test_parse.expected
+++ b/tests/test_parse.expected
@@ -297,6 +297,8 @@ json_tokener_parse_ex(tok, 11
 json_tokener_parse_ex(tok, {"1�":1}    ,   8) ... OK: got correct error: invalid utf-8 string
 json_tokener_parse_ex(tok, "0
	
 
",  36) ... OK: got object of type [string]: "0\u0001\u0002\u0002\u0003\u0004\u0005\u0006\u0007\b\t\n\u000b\f\r\u000e\u000f\u0010\u0011\u0012\u0012\u0013\u0014\u0015\u0016\u0017\u0018\u0019\u001a\u001b\u001c\u001d\u001e\u001f"
+json_tokener_parse_ex(tok, {"0
	
+
":1},  40) ... OK: got object of type [object]: { "0\u0001\u0002\u0002\u0003\u0004\u0005\u0006\u0007\b\t\n\u000b\f\r\u000e\u000f\u0010\u0011\u0012\u0012\u0013\u0014\u0015\u0016\u0017\u0018\u0019\u001a\u001b\u001c\u001d\u001e\u001f": 1 }
 json_tokener_parse_ex(tok, "
"         ,   3) ... OK: got correct error: invalid string sequence
 json_tokener_parse_ex(tok, ""         ,   3) ... OK: got correct error: invalid string sequence
 json_tokener_parse_ex(tok, ""         ,   3) ... OK: got correct error: invalid string sequence
@@ -329,5 +331,37 @@ json_tokener_parse_ex(tok, ""         ,   3) ... OK: got correct error: invalid
 json_tokener_parse_ex(tok, ""         ,   3) ... OK: got correct error: invalid string sequence
 json_tokener_parse_ex(tok, ""         ,   3) ... OK: got correct error: invalid string sequence
 json_tokener_parse_ex(tok, ""         ,   3) ... OK: got correct error: invalid string sequence
-End Incremental Tests OK=237 ERROR=0
+json_tokener_parse_ex(tok, {"
":1}     ,   7) ... OK: got correct error: invalid string sequence
+json_tokener_parse_ex(tok, {"":1}     ,   7) ... OK: got correct error: invalid string sequence
+json_tokener_parse_ex(tok, {"":1}     ,   7) ... OK: got correct error: invalid string sequence
+json_tokener_parse_ex(tok, {"":1}     ,   7) ... OK: got correct error: invalid string sequence
+json_tokener_parse_ex(tok, {"":1}     ,   7) ... OK: got correct error: invalid string sequence
+json_tokener_parse_ex(tok, {"":1}     ,   7) ... OK: got correct error: invalid string sequence
+json_tokener_parse_ex(tok, {"":1}     ,   7) ... OK: got correct error: invalid string sequence
+json_tokener_parse_ex(tok, {"":1}     ,   7) ... OK: got correct error: invalid string sequence
+json_tokener_parse_ex(tok, {"	":1}     ,   7) ... OK: got correct error: invalid string sequence
+json_tokener_parse_ex(tok, {"
+":1}     ,   7) ... OK: got correct error: invalid string sequence
+json_tokener_parse_ex(tok, {"":1}     ,   7) ... OK: got correct error: invalid string sequence
+json_tokener_parse_ex(tok, {"":1}     ,   7) ... OK: got correct error: invalid string sequence
+json_tokener_parse_ex(tok, {"
":1}     ,   7) ... OK: got correct error: invalid string sequence
+json_tokener_parse_ex(tok, {"":1}     ,   7) ... OK: got correct error: invalid string sequence
+json_tokener_parse_ex(tok, {"":1}     ,   7) ... OK: got correct error: invalid string sequence
+json_tokener_parse_ex(tok, {"":1}     ,   7) ... OK: got correct error: invalid string sequence
+json_tokener_parse_ex(tok, {"":1}     ,   7) ... OK: got correct error: invalid string sequence
+json_tokener_parse_ex(tok, {"":1}     ,   7) ... OK: got correct error: invalid string sequence
+json_tokener_parse_ex(tok, {"":1}     ,   7) ... OK: got correct error: invalid string sequence
+json_tokener_parse_ex(tok, {"":1}     ,   7) ... OK: got correct error: invalid string sequence
+json_tokener_parse_ex(tok, {"":1}     ,   7) ... OK: got correct error: invalid string sequence
+json_tokener_parse_ex(tok, {"":1}     ,   7) ... OK: got correct error: invalid string sequence
+json_tokener_parse_ex(tok, {"":1}     ,   7) ... OK: got correct error: invalid string sequence
+json_tokener_parse_ex(tok, {"":1}     ,   7) ... OK: got correct error: invalid string sequence
+json_tokener_parse_ex(tok, {"":1}     ,   7) ... OK: got correct error: invalid string sequence
+json_tokener_parse_ex(tok, {"":1}     ,   7) ... OK: got correct error: invalid string sequence
+json_tokener_parse_ex(tok, {"":1}     ,   7) ... OK: got correct error: invalid string sequence
+json_tokener_parse_ex(tok, {"":1}     ,   7) ... OK: got correct error: invalid string sequence
+json_tokener_parse_ex(tok, {"":1}     ,   7) ... OK: got correct error: invalid string sequence
+json_tokener_parse_ex(tok, {"":1}     ,   7) ... OK: got correct error: invalid string sequence
+json_tokener_parse_ex(tok, {"":1}     ,   7) ... OK: got correct error: invalid string sequence
+End Incremental Tests OK=269 ERROR=0
 ==================================