pool/libyajl
SHA256
4
0
Fork 1
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Accepting request 994725 from devel:libraries:c_c++

Browse Source 
OBS-URL: https://build.opensuse.org/request/show/994725
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/libyajl?expand=0&rev=24
This commit is contained in:
Dominique Leuenberger 2022-08-14 13:55:22 +00:00 committed by Git OBS Bridge
commit a5fe047c5c
3 changed files with 44 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

36
libyajl-CVE-2022-24795.patch Normal file
View File

@ -0,0 +1,36 @@
From d3a528c788ba9e531fab91db41d3a833c54da325 Mon Sep 17 00:00:00 2001
From: Jacek Tomasiak <jacek.tomasiak@gmail.com>
Date: Thu, 12 May 2022 13:02:47 +0200
Subject: [PATCH] Fix CVE-2022-24795 (from brianmario/yajl-ruby)
The buffer reallocation could cause heap corruption because of `need`
overflow for large inputs. In addition, there's a possible infinite loop
in case `need` reaches zero.
The fix is to `abort()` if the loop ends with lower value of `need` than
when it started.
---
src/yajl_buf.c | 10 +++++++++-
1 file changed, 9 insertions(+), 1 deletion(-)
Index: yajl-2.1.0/src/yajl_buf.c
===================================================================
--- yajl-2.1.0.orig/src/yajl_buf.c
+++ yajl-2.1.0/src/yajl_buf.c
@@ -45,7 +45,15 @@ void yajl_buf_ensure_available(yajl_buf
need = buf->len;
- while (want >= (need - buf->used)) need <<= 1;
+ while (need > 0 && want >= (need - buf->used)) {
+ /* this eventually "overflows" to zero */
+ need <<= 1;
+ }
+
+ /* overflow */
+ if (need < buf->len) {
+ abort();
+ }
if (need != buf->len) {
buf->data = (unsigned char *) YA_REALLOC(buf->alloc, buf->data, need);

5
libyajl.changes
View File

@ -1,3 +1,8 @@
-------------------------------------------------------------------
Fri May 13 10:24:20 UTC 2022 - Jacek Tomasiak <jtomasiak@suse.com>
- add libyajl-CVE-2022-24795.patch (CVE-2022-24795, bsc#1198405)
-------------------------------------------------------------------
Fri Aug 2 08:00:08 UTC 2019 - Martin Liška <mliska@suse.cz>

5
libyajl.spec
View File

@ -1,7 +1,7 @@
#
# spec file for package libyajl
#
# Copyright (c) 2019 SUSE LINUX GmbH, Nuernberg, Germany.
# Copyright (c) 2022 SUSE LLC
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
@ -23,7 +23,7 @@ Release: 0
Summary: Yet Another JSON Library
License: ISC
Group: System/Libraries
Url: http://lloyd.github.com/yajl/
URL: http://lloyd.github.com/yajl/
Source0: https://github.com/lloyd/yajl/archive/%{version}.tar.gz
Source1: baselibs.conf
Source2: json_reformat.1
@ -32,6 +32,7 @@ Source99: %{name}-rpmlintrc
Patch1: libyajl-optflags.patch
Patch2: libyajl-lib_suffix.patch
Patch3: libyajl-pkgconfig.patch
Patch4: libyajl-CVE-2022-24795.patch
BuildRequires: bison
BuildRequires: cmake
BuildRequires: doxygen