json-c: fix CVE-2021-32292

author Adrian Freihofer <adrian.freihofer@gmail.com>

Tue, 29 Aug 2023 17:00:46 +0000 (19:00 +0200)

committer Steve Sakoman <steve@sakoman.com>

Wed, 30 Aug 2023 16:28:04 +0000 (06:28 -1000)
author Adrian Freihofer <adrian.freihofer@gmail.com>
Tue, 29 Aug 2023 17:00:46 +0000 (19:00 +0200)
committer Steve Sakoman <steve@sakoman.com>
Wed, 30 Aug 2023 16:28:04 +0000 (06:28 -1000)
diff --git a/meta/recipes-devtools/json-c/json-c/CVE-2021-32292.patch b/meta/recipes-devtools/json-c/json-c/CVE-2021-32292.patch

new file mode 100644 (file)

index 0000000..28da522
--- /dev/null
+++ b/meta/recipes-devtools/json-c/json-c/CVE-2021-32292.patch
@@ -0,0 +1,30 @@
+From da22ae6541584068f8169315274016920da11d8b Mon Sep 17 00:00:00 2001
+From: Marc <34656315+MarcT512@users.noreply.github.com>
+Date: Fri, 7 Aug 2020 10:49:45 +0100
+Subject: [PATCH] Fix read past end of buffer
+
+Fixes: CVE-2021-32292
+Issue: https://github.com/json-c/json-c/issues/654
+
+Upstream-Status: Backport [4e9e44e5258dee7654f74948b0dd5da39c28beec]
+CVE: CVE-2021-32292
+
+Signed-off-by: Adrian Freihofer <adrian.freihofer@siemens.com>
+---
+ apps/json_parse.c | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+diff --git a/apps/json_parse.c b/apps/json_parse.c
+index bba4622..72b31a8 100644
+--- a/apps/json_parse.c
++++ b/apps/json_parse.c
+@@ -82,7 +82,8 @@ static int parseit(int fd, int (*callback)(struct json_object *))
+                       int parse_end = json_tokener_get_parse_end(tok);
+                       if (obj == NULL && jerr != json_tokener_continue)
+                       {
+-                              char *aterr = &buf[start_pos + parse_end];
++                              char *aterr = (start_pos + parse_end < sizeof(buf)) ?
++                                      &buf[start_pos + parse_end] : "";
+                               fflush(stdout);
+                               int fail_offset = total_read - ret + start_pos + parse_end;
+                               fprintf(stderr, "Failed at offset %d: %s %c\n", fail_offset,
diff --git a/meta/recipes-devtools/json-c/json-c_0.15.bb b/meta/recipes-devtools/json-c/json-c_0.15.bb

index 7cbed55b3b8e4bc2e42c4942a6f605fabf904b17..4da30bc50cdee7fd8e4e10bd53822094e4998e44 100644 (file)
--- a/meta/recipes-devtools/json-c/json-c_0.15.bb
+++ b/meta/recipes-devtools/json-c/json-c_0.15.bb
@@ -7,6 +7,7 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=de54b60fbbc35123ba193fea8ee216f2"
  SRC_URI = " \
      https://s3.amazonaws.com/json-c_releases/releases/${BP}.tar.gz \
      file://run-ptest \
+    file://CVE-2021-32292.patch \
  "
  
  SRC_URI[sha256sum] = "b8d80a1ddb718b3ba7492916237bbf86609e9709fb007e7f7d4322f02341a4c6"
author	Adrian Freihofer <adrian.freihofer@gmail.com>
	Tue, 29 Aug 2023 17:00:46 +0000 (19:00 +0200)
committer	Steve Sakoman <steve@sakoman.com>
	Wed, 30 Aug 2023 16:28:04 +0000 (06:28 -1000)
meta/recipes-devtools/json-c/json-c/CVE-2021-32292.patch	[new file with mode: 0644]	patch \| blob
meta/recipes-devtools/json-c/json-c_0.15.bb		patch \| blob \| blame \| history