From da91cde3047749db21c443936ca883d2c847ff14 Mon Sep 17 00:00:00 2001
From: Phillip Webb <pwebb@vmware.com>
Date: Tue, 26 Jul 2022 15:52:57 +0100
Subject: [PATCH] Protect against deeply nested JSON maps

See gh-31868
---
 .../org/springframework/boot/json/BasicJsonParser.java    | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/spring-boot-project/spring-boot/src/main/java/org/springframework/boot/json/BasicJsonParser.java b/spring-boot-project/spring-boot/src/main/java/org/springframework/boot/json/BasicJsonParser.java
index 5e1c260b34d..da029cdce43 100644
--- a/spring-boot-project/spring-boot/src/main/java/org/springframework/boot/json/BasicJsonParser.java
+++ b/spring-boot-project/spring-boot/src/main/java/org/springframework/boot/json/BasicJsonParser.java
@@ -42,7 +42,7 @@ public class BasicJsonParser extends AbstractJsonParser {
 
 	@Override
 	public Map<String, Object> parseMap(String json) {
-		return tryParse(() -> parseMap(json, this::parseMapInternal), Exception.class);
+		return tryParse(() -> parseMap(json, (jsonToParse) -> parseMapInternal(0, jsonToParse)), Exception.class);
 	}
 
 	@Override
@@ -67,7 +67,7 @@ public class BasicJsonParser extends AbstractJsonParser {
 			return parseListInternal(nesting + 1, json);
 		}
 		if (json.startsWith("{")) {
-			return parseMapInternal(json);
+			return parseMapInternal(nesting, json);
 		}
 		if (json.startsWith("\"")) {
 			return trimTrailingCharacter(trimLeadingCharacter(json, '"'), '"');
@@ -87,7 +87,7 @@ public class BasicJsonParser extends AbstractJsonParser {
 		return json;
 	}
 
-	private Map<String, Object> parseMapInternal(String json) {
+	private Map<String, Object> parseMapInternal(int nesting, String json) {
 		Map<String, Object> map = new LinkedHashMap<>();
 		json = trimLeadingCharacter(trimTrailingCharacter(json, '}'), '{').trim();
 		for (String pair : tokenize(json)) {
@@ -95,7 +95,7 @@ public class BasicJsonParser extends AbstractJsonParser {
 			Assert.state(values[0].startsWith("\"") && values[0].endsWith("\""),
 					"Expecting double-quotes around field names");
 			String key = trimLeadingCharacter(trimTrailingCharacter(values[0], '"'), '"');
-			Object value = parseInternal(0, values[1]);
+			Object value = parseInternal(nesting, values[1]);
 			map.put(key, value);
 		}
 		return map;