yajl-2.1.0-21.el9

- fix CVE-2022-24795
- Related: #2061316

Signed-off-by: Jindrich Novy <jnovy@redhat.com>
This commit is contained in:
Jindrich Novy 2022-04-26 12:55:04 +02:00
parent 3323eab74d
commit 6f8063282a
2 changed files with 61 additions and 1 deletions

View File

@ -0,0 +1,54 @@
From 49923ccb2143e36850bcdeb781e2bcdf5ce22f15 Mon Sep 17 00:00:00 2001
From: John Hawthorn <john@hawthorn.email>
Date: Wed, 2 Mar 2022 14:17:59 -0800
Subject: [PATCH] Check need < buf->used
We're guaranteed a power of 2 so that this becomes 0, but we might as
well use a check for overflow that works in more cases.
Unsigned integer overflow is defined behaviour, so this should be safe.
(cherry picked from commit 36410d536b676e836637bb20574a56ebc920eb83)
---
src/yajl_buf.c | 9 +++++++--
1 file changed, 7 insertions(+), 2 deletions(-)
diff --git a/src/yajl_buf.c b/src/yajl_buf.c
index 1aeafde0..8bd1bea7 100644
--- a/src/yajl_buf.c
+++ b/src/yajl_buf.c
@@ -30,7 +30,7 @@ struct yajl_buf_t {
};
static
-void yajl_buf_ensure_available(yajl_buf buf, size_t want)
+int yajl_buf_ensure_available(yajl_buf buf, size_t want)
{
size_t need;
@@ -46,11 +46,15 @@ void yajl_buf_ensure_available(yajl_buf buf, size_t want)
need = buf->len;
while (want >= (need - buf->used)) need <<= 1;
+ if (need < buf->used) {
+ return -1;
+ }
if (need != buf->len) {
buf->data = (unsigned char *) YA_REALLOC(buf->alloc, buf->data, need);
buf->len = need;
}
+ return 0;
}
yajl_buf yajl_buf_alloc(yajl_alloc_funcs * alloc)
@@ -70,7 +74,8 @@ void yajl_buf_free(yajl_buf buf)
void yajl_buf_append(yajl_buf buf, const void * data, size_t len)
{
- yajl_buf_ensure_available(buf, len);
+ if (yajl_buf_ensure_available(buf, len))
+ return;
if (len > 0) {
assert(data != NULL);
memcpy(buf->data + buf->used, data, len);

View File

@ -3,7 +3,7 @@
Name: yajl Name: yajl
Version: 2.1.0 Version: 2.1.0
Release: 20%{?dist} Release: 21%{?dist}
Summary: Yet Another JSON Library (YAJL) Summary: Yet Another JSON Library (YAJL)
License: ISC License: ISC
@ -23,6 +23,7 @@ Patch1: %{name}-%{version}-pkgconfig-location.patch
Patch2: %{name}-%{version}-pkgconfig-includedir.patch Patch2: %{name}-%{version}-pkgconfig-includedir.patch
Patch3: %{name}-%{version}-test-location.patch Patch3: %{name}-%{version}-test-location.patch
Patch4: %{name}-%{version}-dynlink-binaries.patch Patch4: %{name}-%{version}-dynlink-binaries.patch
Patch5: https://github.com/containers/yajl/commit/49923ccb2143e36850bcdeb781e2bcdf5ce22f15.patch
BuildRequires: gcc BuildRequires: gcc
BuildRequires: cmake BuildRequires: cmake
@ -50,6 +51,7 @@ necessary for developing against the YAJL library
%patch2 -p1 %patch2 -p1
%patch3 -p1 %patch3 -p1
%patch4 -p1 %patch4 -p1
%patch5 -p1
%build %build
# NB, we are not using upstream's 'configure'/'make' # NB, we are not using upstream's 'configure'/'make'
@ -94,6 +96,10 @@ cd test
%changelog %changelog
* Tue Apr 26 2022 Jindrich Novy <jnovy@redhat.com> - 2.1.0-21
- fix CVE-2022-24795
- Related: #2061316
* Fri Oct 01 2021 Jindrich Novy <jnovy@redhat.com> - 2.1.0-20 * Fri Oct 01 2021 Jindrich Novy <jnovy@redhat.com> - 2.1.0-20
- perform only sanity/installability tests for now - perform only sanity/installability tests for now
- Related: #2000051 - Related: #2000051