From 2b8f0ec453715e264637382c27453475635d2ab1 Mon Sep 17 00:00:00 2001 From: alakatos Date: Tue, 16 May 2023 14:20:56 +0200 Subject: [PATCH] Address CVE-2020-12762 Resolves: rhbz#2203171 --- libfastjson-CVE-2020-12762.patch | 52 ++++++++++++++++++++++++++++++++ libfastjson.spec | 8 ++++- 2 files changed, 59 insertions(+), 1 deletion(-) create mode 100644 libfastjson-CVE-2020-12762.patch diff --git a/libfastjson-CVE-2020-12762.patch b/libfastjson-CVE-2020-12762.patch new file mode 100644 index 0000000..9c8ce74 --- /dev/null +++ b/libfastjson-CVE-2020-12762.patch @@ -0,0 +1,52 @@ +diff --git a/printbuf.c b/printbuf.c +index e9cde11..b02a363 100644 +--- a/printbuf.c ++++ b/printbuf.c +@@ -13,6 +13,7 @@ + + #include "config.h" + ++#include + #include + #include + #include +@@ -68,9 +69,16 @@ static int printbuf_extend(struct printbuf *p, int min_size) + if (p->size >= min_size) + return 0; + +- new_size = p->size * 2; +- if (new_size < min_size + 8) +- new_size = min_size + 8; ++ /* Prevent signed integer overflows with large buffers. */ ++ if (min_size > INT_MAX - 8) ++ return -1; ++ if (p->size > INT_MAX / 2) ++ new_size = min_size + 8; ++ else { ++ new_size = p->size * 2; ++ if (new_size < min_size + 8) ++ new_size = min_size + 8; ++ } + #ifdef PRINTBUF_DEBUG + MC_DEBUG("printbuf_memappend: realloc " + "bpos=%d min_size=%d old_size=%d new_size=%d\n", +@@ -85,6 +93,9 @@ static int printbuf_extend(struct printbuf *p, int min_size) + + int printbuf_memappend(struct printbuf *p, const char *buf, int size) + { ++ /* Prevent signed integer overflows with large buffers. */ ++ if (size > INT_MAX - p->bpos - 1) ++ return -1; + if (p->size <= p->bpos + size + 1) { + if (printbuf_extend(p, p->bpos + size + 1) < 0) + return -1; +@@ -136,6 +147,9 @@ int printbuf_memset(struct printbuf *pb, int offset, int charvalue, int len) + + if (offset == -1) + offset = pb->bpos; ++ /* Prevent signed integer overflows with large buffers. */ ++ if (len > INT_MAX - offset) ++ return -1; + size_needed = offset + len; + if (pb->size < size_needed) + { diff --git a/libfastjson.spec b/libfastjson.spec index c7c71cc..b74cf99 100644 --- a/libfastjson.spec +++ b/libfastjson.spec @@ -1,12 +1,13 @@ Name: libfastjson Version: 0.99.9 -Release: 1%{?dist} +Release: 2%{?dist} Summary: A JSON implementation in C License: MIT URL: https://github.com/rsyslog/libfastjson Source0: http://download.rsyslog.com/libfastjson/libfastjson-%{version}.tar.gz BuildRequires: autoconf automake libtool +Patch0: libfastjson-CVE-2020-12762.patch %description LIBFASTJSON implements a reference counting object @@ -26,6 +27,7 @@ developing applications that use libfastjson. %prep %setup -q +%patch0 -p1 -b .CVE-2020-12762 for doc in ChangeLog; do iconv -f iso-8859-1 -t utf8 $doc > $doc.new && @@ -61,6 +63,10 @@ make V=1 check %{_libdir}/pkgconfig/libfastjson.pc %changelog +* Tue May 16 2023 Attila Lakatos - 0.99.9-2 +- Address CVE-2020-12762 +Resolves: rhbz#2203171 + * Thu Apr 22 2021 Attila Lakatos - 0.99.9-1 - rebase to v0.99.9 Resolves: rhbz#1936807