Validate JSON matrix dimensions by kevinherron · Pull Request #1744 · eclipse-milo/milo

kevinherron · 2026-05-17T13:52:43Z

The JSON decoder accepted attacker-controlled Dimensions arrays and constructed Matrix objects without validating dimensions, which could lead to uncontrolled allocations and an OutOfMemoryError (DoS).
The binary decoder performed per-dimension and total-length checks but the JSON decoder lacked equivalent validation for the flat Array + Dimensions representation introduced for compact JSON matrices.

Add a new validateMatrixDimensions(Object flatArray, int[] dimensions) helper in OpcUaJsonDecoder that rejects missing Array/Dimensions, negative dimensions, per-dimension sizes exceeding EncodingLimits.getMaxMessageSize(), overflow/over-limit products, and mismatched product vs flat array length.
Call validateMatrixDimensions(...) in all JSON matrix construction paths: the Variant multi-dimensional array path, decodeMatrix(...), and decodeStructMatrix(...).
Add unit tests to OpcUaJsonDecoderTest that assert oversized, negative, and mismatched Dimensions are rejected for Variant, built-in Matrix, and structured Matrix decoding.

Validate JSON matrix dimensions

fe68ac7

kevinherron added bug stack labels May 17, 2026

kevinherron closed this May 17, 2026

Fix JSON matrix dimension regression test

bcf7f0f

kevinherron reopened this May 17, 2026

kevinherron added this to the 1.1.4 milestone May 17, 2026

kevinherron merged commit b2abf4c into eclipse-milo:main May 17, 2026
4 of 5 checks passed

Provide feedback