From 847177d9f944625d870ad44af8c2c4424a692c99 Mon Sep 17 00:00:00 2001
From: Ignacio Bortolazzi <ignacio.bortolazzi@protonmail.com>
Date: Sat, 17 Apr 2021 12:08:08 +0200
Subject: [PATCH] Removed strcmp and replaced with strncmp to prevent buffer
 overruns. This forced the definition of a MAX_PROPERTY_SIZE arbitrarily
 chosen of 64

---
 tiny-json.c | 14 +++++++++++---
 1 file changed, 11 insertions(+), 3 deletions(-)

diff --git a/tiny-json.c b/tiny-json.c
index ef0f1f4..ab213ce 100644
--- a/tiny-json.c
+++ b/tiny-json.c
@@ -30,6 +30,8 @@
 #include <string.h>
 #include <ctype.h>
 #include "tiny-json.h"
+#include <stdio.h>
+#define MAX_PROPERTY_SIZE 64
 
 /** Structure to handle a heap of JSON properties. */
 typedef struct jsonStaticPool_s {
@@ -43,9 +45,15 @@ typedef struct jsonStaticPool_s {
 json_t const* json_getProperty( json_t const* obj, char const* property ) {
     json_t const* sibling;
     for( sibling = obj->u.c.child; sibling; sibling = sibling->sibling ){
-        if ( sibling->name && !strcmp( sibling->name, property ) ){
-            return sibling;
+        if (strlen(property)>MAX_PROPERTY_SIZE)
+        {
+            return 0;
         }
+        else{
+            if ( sibling->name && !strncmp( sibling->name, property,MAX_PROPERTY_SIZE) ){
+            return sibling;
+            }
+        }      
     }
     return 0;
 }
@@ -358,7 +366,7 @@ static char* numValue( char* ptr, json_t* property ) {
             char const tmp = *ptr;
             char const* const threshold = negative ? min: max;
             *ptr = '\0';
-        if ( 0 > strcmp( threshold, value ) ){
+        if ( 0 > strncmp( threshold, value, len) ){
                 return 0;
             }
             *ptr = tmp;