Fix multiple memory leaks (CVE-2023-33460)

Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
This commit is contained in:
Daniel P. Berrangé 2023-07-10 14:18:30 +01:00
parent 9c33a12015
commit 1f9c12340f
3 changed files with 74 additions and 0 deletions

View File

@ -0,0 +1,41 @@
From c4304a2c04a1b392eb1464a9da892a9e0dff7683 Mon Sep 17 00:00:00 2001
From: wujing <wujing50@huawei.com>
Date: Thu, 14 Feb 2019 03:12:30 +0800
Subject: [PATCH 7/8] yajl: fix memory leak problem
reason: fix memory leak problem
(cherry picked from commit 3d65cb0c6db4d433e5e42ee7d91d8a04e21337cf
in https://github.com/openEuler-BaseService)
Fixes: https://github.com/lloyd/yajl/issues/250 (CVE-2023-33460)
---
src/yajl_tree.c | 6 +++++-
1 file changed, 5 insertions(+), 1 deletion(-)
diff --git a/src/yajl_tree.c b/src/yajl_tree.c
index 3d357a3..4b3cf2b 100644
--- a/src/yajl_tree.c
+++ b/src/yajl_tree.c
@@ -143,7 +143,7 @@ static yajl_val context_pop(context_t *ctx)
ctx->stack = stack->next;
v = stack->value;
-
+ free (stack->key);
free (stack);
return (v);
@@ -444,6 +444,10 @@ yajl_val yajl_tree_parse (const char *input,
snprintf(error_buffer, error_buffer_size, "%s", internal_err_str);
YA_FREE(&(handle->alloc), internal_err_str);
}
+ while(ctx.stack != NULL) {
+ yajl_val v = context_pop(&ctx);
+ yajl_tree_free(v);
+ }
yajl_free (handle);
return NULL;
}
--
2.41.0

View File

@ -0,0 +1,30 @@
From 9cb871049261eeda844b8943d15580763a0ac3d3 Mon Sep 17 00:00:00 2001
From: "zhang.jiujiu" <282627424@qq.com>
Date: Tue, 7 Dec 2021 22:37:02 +0800
Subject: [PATCH 8/8] fix memory leaks
(cherry picked from commit 23a122eddaa28165a6c219000adcc31ff9a8a698
in https://github.com/openEuler-BaseService)
Fixes: https://github.com/lloyd/yajl/issues/250 (CVE-2023-33460)
---
src/yajl_tree.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/src/yajl_tree.c b/src/yajl_tree.c
index 4b3cf2b..56c7012 100644
--- a/src/yajl_tree.c
+++ b/src/yajl_tree.c
@@ -449,6 +449,9 @@ yajl_val yajl_tree_parse (const char *input,
yajl_tree_free(v);
}
yajl_free (handle);
+ //If the requested memory is not released in time, it will cause memory leakage
+ if(ctx.root)
+ yajl_tree_free(ctx.root);
return NULL;
}
--
2.41.0

View File

@ -27,6 +27,8 @@ Patch: 0003-fix-patch-to-test-files-to-take-account-of-vpath.patch
Patch: 0004-drop-bogus-_s-suffix-from-yajl-dynamic-library.patch
Patch: 0005-Fix-for-CVE-2017-16516.patch
Patch: 0006-Fix-CVE-2022-24795.patch
Patch: 0007-yajl-fix-memory-leak-problem.patch
Patch: 0008-fix-memory-leaks.patch
BuildRequires: gcc
BuildRequires: cmake
@ -99,6 +101,7 @@ cd test
- Switch to using git for managing patches
- Fix potential buffer overread (CVE-2017-16516)
- Fix integer overflow leading to heap corruption (CVE-2022-24795)
- Fix multiple memory leaks (CVE-2023-33460)
* Sat Jan 21 2023 Fedora Release Engineering <releng@fedoraproject.org> - 2.1.0-20
- Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild