From 326ea272e532751e4b2644c9f05bd236495181e2 Mon Sep 17 00:00:00 2001
From: Ignacio Bortolazzi <ignacio.bortolazzi@protonmail.com>
Date: Sat, 17 Apr 2021 12:08:08 +0200
Subject: [PATCH] Removed strcmp and replaced with strncmp to prevent buffer
 overruns. This forced the definition of a MAX_PROPERTY_SIZE arbitrarily
 chosen of 64

---
 tiny-json.c | 13 ++++++++++---
 1 file changed, 10 insertions(+), 3 deletions(-)

diff --git a/tiny-json.c b/tiny-json.c
index ef0f1f4..541d5da 100644
--- a/tiny-json.c
+++ b/tiny-json.c
@@ -30,6 +30,7 @@
 #include <string.h>
 #include <ctype.h>
 #include "tiny-json.h"
+#define MAX_PROPERTY_SIZE 64
 
 /** Structure to handle a heap of JSON properties. */
 typedef struct jsonStaticPool_s {
@@ -43,9 +44,15 @@ typedef struct jsonStaticPool_s {
 json_t const* json_getProperty( json_t const* obj, char const* property ) {
     json_t const* sibling;
     for( sibling = obj->u.c.child; sibling; sibling = sibling->sibling ){
-        if ( sibling->name && !strcmp( sibling->name, property ) ){
-            return sibling;
+        if (strlen(property)>MAX_PROPERTY_SIZE)
+        {
+            return 0;
         }
+        else{
+            if ( sibling->name && !strncmp( sibling->name, property,MAX_PROPERTY_SIZE) ){
+            return sibling;
+            }
+        }      
     }
     return 0;
 }
@@ -358,7 +365,7 @@ static char* numValue( char* ptr, json_t* property ) {
             char const tmp = *ptr;
             char const* const threshold = negative ? min: max;
             *ptr = '\0';
-        if ( 0 > strcmp( threshold, value ) ){
+        if ( 0 > strncmp( threshold, value, len) ){
                 return 0;
             }
             *ptr = tmp;