blob: 28da5221152633ca69bfcda8edaa0b7f4afbad91 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
|
From da22ae6541584068f8169315274016920da11d8b Mon Sep 17 00:00:00 2001
From: Marc <34656315+MarcT512@users.noreply.github.com>
Date: Fri, 7 Aug 2020 10:49:45 +0100
Subject: [PATCH] Fix read past end of buffer
Fixes: CVE-2021-32292
Issue: https://github.com/json-c/json-c/issues/654
Upstream-Status: Backport [4e9e44e5258dee7654f74948b0dd5da39c28beec]
CVE: CVE-2021-32292
Signed-off-by: Adrian Freihofer <adrian.freihofer@siemens.com>
---
apps/json_parse.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/apps/json_parse.c b/apps/json_parse.c
index bba4622..72b31a8 100644
--- a/apps/json_parse.c
+++ b/apps/json_parse.c
@@ -82,7 +82,8 @@ static int parseit(int fd, int (*callback)(struct json_object *))
int parse_end = json_tokener_get_parse_end(tok);
if (obj == NULL && jerr != json_tokener_continue)
{
- char *aterr = &buf[start_pos + parse_end];
+ char *aterr = (start_pos + parse_end < sizeof(buf)) ?
+ &buf[start_pos + parse_end] : "";
fflush(stdout);
int fail_offset = total_read - ret + start_pos + parse_end;
fprintf(stderr, "Failed at offset %d: %s %c\n", fail_offset,
|
