diff --git a/backport-CVE-2021-32292-Fix-read-past-end-of-buffer.patch b/backport-CVE-2021-32292-Fix-read-past-end-of-buffer.patch new file mode 100644 index 0000000..c95ca44 --- /dev/null +++ b/backport-CVE-2021-32292-Fix-read-past-end-of-buffer.patch @@ -0,0 +1,30 @@ +From 4e9e44e5258dee7654f74948b0dd5da39c28beec Mon Sep 17 00:00:00 2001 +From: Marc <34656315+MarcT512@users.noreply.github.com> +Date: Fri, 7 Aug 2020 10:49:45 +0100 +Subject: [PATCH] Fix read past end of buffer + +Resolves https://github.com/json-c/json-c/issues/654 + +Conflict:NA +Reference:https://github.com/json-c/json-c/commit/4e9e44e5258dee7654f74948b0dd5da39c28beec + +--- + apps/json_parse.c | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +diff --git a/apps/json_parse.c b/apps/json_parse.c +index bba4622183..72b31a860a 100644 +--- a/apps/json_parse.c ++++ b/apps/json_parse.c +@@ -82,7 +82,8 @@ static int parseit(int fd, int (*callback)(struct json_object *)) + int parse_end = json_tokener_get_parse_end(tok); + if (obj == NULL && jerr != json_tokener_continue) + { +- char *aterr = &buf[start_pos + parse_end]; ++ char *aterr = (start_pos + parse_end < sizeof(buf)) ? ++ &buf[start_pos + parse_end] : ""; + fflush(stdout); + int fail_offset = total_read - ret + start_pos + parse_end; + fprintf(stderr, "Failed at offset %d: %s %c\n", fail_offset, +-- +2.23.0 diff --git a/json-c.spec b/json-c.spec index 698a83e..3eb10a1 100644 --- a/json-c.spec +++ b/json-c.spec @@ -6,7 +6,7 @@ Name: json-c Version: 0.15 -Release: 5 +Release: 6 Summary: JSON implementation in C License: MIT @@ -16,6 +16,7 @@ Source0: %{url}/archive/%{name}-%{version}-%{reldate}.tar.gz BuildRequires: cmake gcc ninja-build Patch6000: backport-json-escape-str-avoid-harmless-unsigned-integer-overflow.patch +Patch6001: backport-CVE-2021-32292-Fix-read-past-end-of-buffer.patch %description JSON-C implements a reference counting object model that allows you @@ -105,6 +106,11 @@ end %doc %{_pkgdocdir} %changelog +* Tue Aug 29 2023 sunhai - 0.15-6 +- CVE:CVE-2021-32292 +- SUG:NA +- DESC:Fix read past end of buffer + * Fri Mar 17 2023 chenhaixing - 0.15-5 - CVE:NA - SUG:NA