!50 [sync] PR-49: Fix read past end of buffer

From: @openeuler-sync-bot Reviewed-by: @yanan-rock Signed-off-by: @yanan-rock
2023-08-30 02:19:45 +00:00 · 2023-08-30 02:19:45 +00:00 · 88990cc5c9
commit 88990cc5c9
parent 3606dd0600 ba376f1a53
2 changed files with 37 additions and 1 deletions
--- a/backport-CVE-2021-32292-Fix-read-past-end-of-buffer.patch
+++ b/backport-CVE-2021-32292-Fix-read-past-end-of-buffer.patch
@ -0,0 +1,30 @@
+From 4e9e44e5258dee7654f74948b0dd5da39c28beec Mon Sep 17 00:00:00 2001
+From: Marc <34656315+MarcT512@users.noreply.github.com>
+Date: Fri, 7 Aug 2020 10:49:45 +0100
+Subject: [PATCH] Fix read past end of buffer
+
+Resolves https://github.com/json-c/json-c/issues/654
+
+Conflict:NA
+Reference:https://github.com/json-c/json-c/commit/4e9e44e5258dee7654f74948b0dd5da39c28beec
+
+---
+ apps/json_parse.c | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+diff --git a/apps/json_parse.c b/apps/json_parse.c
+index bba4622183..72b31a860a 100644
+--- a/apps/json_parse.c
+++ b/apps/json_parse.c
+@@ -82,7 +82,8 @@ static int parseit(int fd, int (*callback)(struct json_object *))
+ 			int parse_end = json_tokener_get_parse_end(tok);
+ 			if (obj == NULL && jerr != json_tokener_continue)
+ 			{
+-				char *aterr = &buf[start_pos + parse_end];
+				char *aterr = (start_pos + parse_end < sizeof(buf)) ?
+					&buf[start_pos + parse_end] : "";
+ 				fflush(stdout);
+ 				int fail_offset = total_read - ret + start_pos + parse_end;
+ 				fprintf(stderr, "Failed at offset %d: %s %c\n", fail_offset,
+-- 
+2.23.0
--- a/json-c.spec
+++ b/json-c.spec
@ -6,7 +6,7 @@

 Name:           json-c
 Version:        0.15
-Release:        5
+Release:        6
 Summary:        JSON implementation in C

 License:        MIT
@ -16,6 +16,7 @@ Source0:        %{url}/archive/%{name}-%{version}-%{reldate}.tar.gz
 BuildRequires:  cmake gcc ninja-build

 Patch6000: backport-json-escape-str-avoid-harmless-unsigned-integer-overflow.patch
+Patch6001: backport-CVE-2021-32292-Fix-read-past-end-of-buffer.patch

 %description
 JSON-C implements a reference counting object model that allows you
@ -105,6 +106,11 @@ end
 %doc %{_pkgdocdir}

 %changelog
+* Tue Aug 29 2023 sunhai <sunhai10@huawei.com> - 0.15-6
+- CVE:CVE-2021-32292
+- SUG:NA
+- DESC:Fix read past end of buffer
+
 * Fri Mar 17 2023 chenhaixing <chenhaixing@huawei.com> - 0.15-5
 - CVE:NA
 - SUG:NA