diff options
Diffstat (limited to 'meta/recipes-devtools/json-c/json-c/CVE-2021-32292.patch')
-rw-r--r-- | meta/recipes-devtools/json-c/json-c/CVE-2021-32292.patch | 30 |
1 files changed, 30 insertions, 0 deletions
diff --git a/meta/recipes-devtools/json-c/json-c/CVE-2021-32292.patch b/meta/recipes-devtools/json-c/json-c/CVE-2021-32292.patch new file mode 100644 index 0000000000..28da522115 --- /dev/null +++ b/meta/recipes-devtools/json-c/json-c/CVE-2021-32292.patch @@ -0,0 +1,30 @@ +From da22ae6541584068f8169315274016920da11d8b Mon Sep 17 00:00:00 2001 +From: Marc <34656315+MarcT512@users.noreply.github.com> +Date: Fri, 7 Aug 2020 10:49:45 +0100 +Subject: [PATCH] Fix read past end of buffer + +Fixes: CVE-2021-32292 +Issue: https://github.com/json-c/json-c/issues/654 + +Upstream-Status: Backport [4e9e44e5258dee7654f74948b0dd5da39c28beec] +CVE: CVE-2021-32292 + +Signed-off-by: Adrian Freihofer <adrian.freihofer@siemens.com> +--- + apps/json_parse.c | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +diff --git a/apps/json_parse.c b/apps/json_parse.c +index bba4622..72b31a8 100644 +--- a/apps/json_parse.c ++++ b/apps/json_parse.c +@@ -82,7 +82,8 @@ static int parseit(int fd, int (*callback)(struct json_object *)) + int parse_end = json_tokener_get_parse_end(tok); + if (obj == NULL && jerr != json_tokener_continue) + { +- char *aterr = &buf[start_pos + parse_end]; ++ char *aterr = (start_pos + parse_end < sizeof(buf)) ? ++ &buf[start_pos + parse_end] : ""; + fflush(stdout); + int fail_offset = total_read - ret + start_pos + parse_end; + fprintf(stderr, "Failed at offset %d: %s %c\n", fail_offset, |