Compare commits
10 Commits
af51bd32d8
...
2a75f1e06f
| Author | SHA1 | Date | |
|---|---|---|---|
|
2a75f1e06f | ||
|
|
ab9e0db53c | ||
|
|
1da93b2d65 | ||
|
|
28a58f9c53 | ||
|
|
f38bedada5 | ||
|
|
79eb69e62e | ||
|
|
c9f63116d5 | ||
|
|
742cae6c6c | ||
|
|
660150f360 | ||
|
|
350399e543 |
@ -0,0 +1,52 @@
|
||||
From ff577b94511f9fc314435a1154f1124dccbe57ec Mon Sep 17 00:00:00 2001
|
||||
From: =?UTF-8?q?Tina=20M=C3=BCller?= <cpan2@tinita.de>
|
||||
Date: Mon, 8 Apr 2024 23:32:52 +0200
|
||||
Subject: [PATCH] Fix emitter states handling when write_indicator fails
|
||||
|
||||
There are cases where yaml_emitter_write_indicator fails.
|
||||
In that case POP is called on emitter->indents but not on emitter->states,
|
||||
which results in a leftover event in the stack, and later POP is called
|
||||
on an empty emitter->indents stack.
|
||||
|
||||
This commit does not fix the case of the failing yaml_emitter_write_indicator.
|
||||
This is still investigated.
|
||||
---
|
||||
src/emitter.c | 4 ++--
|
||||
1 file changed, 2 insertions(+), 2 deletions(-)
|
||||
|
||||
diff --git a/src/emitter.c b/src/emitter.c
|
||||
index 609b28a4..0aca6c34 100644
|
||||
--- a/src/emitter.c
|
||||
+++ b/src/emitter.c
|
||||
@@ -759,6 +759,7 @@ yaml_emitter_emit_flow_sequence_item(yaml_emitter_t *emitter,
|
||||
{
|
||||
emitter->flow_level --;
|
||||
emitter->indent = POP(emitter, emitter->indents);
|
||||
+ emitter->state = POP(emitter, emitter->states);
|
||||
if (emitter->canonical && !first) {
|
||||
if (!yaml_emitter_write_indicator(emitter, ",", 0, 0, 0))
|
||||
return 0;
|
||||
@@ -767,7 +768,6 @@ yaml_emitter_emit_flow_sequence_item(yaml_emitter_t *emitter,
|
||||
}
|
||||
if (!yaml_emitter_write_indicator(emitter, "]", 0, 0, 0))
|
||||
return 0;
|
||||
- emitter->state = POP(emitter, emitter->states);
|
||||
|
||||
return 1;
|
||||
}
|
||||
@@ -808,6 +808,7 @@ yaml_emitter_emit_flow_mapping_key(yaml_emitter_t *emitter,
|
||||
return 0;
|
||||
emitter->flow_level --;
|
||||
emitter->indent = POP(emitter, emitter->indents);
|
||||
+ emitter->state = POP(emitter, emitter->states);
|
||||
if (emitter->canonical && !first) {
|
||||
if (!yaml_emitter_write_indicator(emitter, ",", 0, 0, 0))
|
||||
return 0;
|
||||
@@ -816,7 +817,6 @@ yaml_emitter_emit_flow_mapping_key(yaml_emitter_t *emitter,
|
||||
}
|
||||
if (!yaml_emitter_write_indicator(emitter, "}", 0, 0, 0))
|
||||
return 0;
|
||||
- emitter->state = POP(emitter, emitter->states);
|
||||
|
||||
return 1;
|
||||
}
|
||||
26
fix-heap-buffer-overflow-in-yaml_emitter_emit_flow_m.patch
Normal file
26
fix-heap-buffer-overflow-in-yaml_emitter_emit_flow_m.patch
Normal file
@ -0,0 +1,26 @@
|
||||
From 7015a5e99fecc195e36f2334b046b19abfc718c1 Mon Sep 17 00:00:00 2001
|
||||
From: panxiaohe <panxh.life@foxmail.com>
|
||||
Date: Mon, 18 Apr 2022 15:26:11 +0800
|
||||
Subject: [PATCH] fix heap buffer overflow in
|
||||
yaml_emitter_emit_flow_mapping_key
|
||||
|
||||
---
|
||||
src/emitter.c | 2 ++
|
||||
1 file changed, 2 insertions(+)
|
||||
|
||||
diff --git a/src/emitter.c b/src/emitter.c
|
||||
index 609b28a..a9f39ec 100644
|
||||
--- a/src/emitter.c
|
||||
+++ b/src/emitter.c
|
||||
@@ -806,6 +806,8 @@ yaml_emitter_emit_flow_mapping_key(yaml_emitter_t *emitter,
|
||||
|
||||
if (event->type == YAML_MAPPING_END_EVENT)
|
||||
{
|
||||
+ if (STACK_EMPTY(emitter, emitter->indents))
|
||||
+ return 0;
|
||||
emitter->flow_level --;
|
||||
emitter->indent = POP(emitter, emitter->indents);
|
||||
if (emitter->canonical && !first) {
|
||||
--
|
||||
1.8.3.1
|
||||
|
||||
30
libyaml.spec
30
libyaml.spec
@ -1,15 +1,18 @@
|
||||
Name: libyaml
|
||||
Version: 0.2.2
|
||||
Release: 2
|
||||
Version: 0.2.5
|
||||
Release: 5
|
||||
Summary: A C library for parsing and emitting YAML
|
||||
License: MIT
|
||||
URL: http://pyyaml.org/
|
||||
Source0: http://pyyaml.org/download/libyaml/yaml-%{version}.tar.gz
|
||||
|
||||
Patch0: fix-heap-buffer-overflow-in-yaml_emitter_emit_flow_m.patch
|
||||
Patch1: backport-CVE-2024-3205-Fix-emitter-states-handling-when-write_indicator-fails.patch
|
||||
|
||||
BuildRequires: gcc
|
||||
|
||||
%description
|
||||
${summary}.
|
||||
%{summary}.
|
||||
|
||||
%package devel
|
||||
Summary: Development files for LibYAML applications
|
||||
@ -51,11 +54,10 @@ make check
|
||||
|
||||
%files
|
||||
%defattr(-,root,root)
|
||||
%license LICENSE
|
||||
%doc README
|
||||
%license License
|
||||
%doc ReadMe.md
|
||||
%{_libdir}/%{name}*.so.*
|
||||
|
||||
|
||||
%files devel
|
||||
%defattr(-,root,root)
|
||||
%{_libdir}/%{name}*.so
|
||||
@ -65,8 +67,22 @@ make check
|
||||
%files help
|
||||
%doc doc/html
|
||||
|
||||
|
||||
%changelog
|
||||
* Thu Apr 25 2024 fuanan <fuanan3@h-partners.com> - 0.2.5-5
|
||||
- fix CVE-2024-3205
|
||||
|
||||
* Fri Nov 18 2022 chenziyang <chenziyang4@huawei.com> - 0.2.5-4
|
||||
- Fix heap buffer overflow in yaml_emitter_emit_flow_sequence_item
|
||||
|
||||
* Mon Apr 18 2022 panxiaohe <panxh.life@foxmail.com> - 0.2.5-3
|
||||
- fix heap buffer overflow in yaml_emitter_emit_flow_mapping_key
|
||||
|
||||
* Wed Feb 23 2022 fuanan <fuanan3@h-partners.com> - 0.2.5-2
|
||||
- fix typo in spec
|
||||
|
||||
* Mon Aug 3 2020 cheng quan <chengquan3@huawei.com> - 0.2.5-1
|
||||
- Update software to v0.2.5
|
||||
|
||||
* Wed Mar 18 2020 Leo Fang <leofang_94@163.com> - 0.2.2-2
|
||||
- Fix overwrite the soname symlink bug in spec
|
||||
|
||||
|
||||
Binary file not shown.
BIN
yaml-0.2.5.tar.gz
Normal file
BIN
yaml-0.2.5.tar.gz
Normal file
Binary file not shown.
Loading…
x
Reference in New Issue
Block a user