packages/yajl
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Compare commits

base: packages:3eba245d9ac4a4d1e0efefdc3a7c18af155ea846
Branches Tags
packages:main
..
compare: packages:1378934fb9c962885377a7b11ca05a6dc4dc00a9
Branches Tags
packages:main

No commits in common. "3eba245d9ac4a4d1e0efefdc3a7c18af155ea846" and "1378934fb9c962885377a7b11ca05a6dc4dc00a9" have entirely different histories.
3eba245d9a ... 1378934fb9

11 changed files with 35 additions and 275 deletions
Show Stats Expand all files Collapse all files

27
0006-fix-memory-leak-of-ctx-root.patch
View File

@ -1,27 +0,0 @@
From d6d0aeb5f6432763929d4096344ec2caf6d13d89 Mon Sep 17 00:00:00 2001
From: haozi007 <liuhao27@huawei.com>
Date: Sat, 28 May 2022 10:06:46 +0100
Subject: [PATCH] fix memory leak of ctx root
Signed-off-by: haozi007 <liuhao27@huawei.com>
---
src/yajl_tree.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/src/yajl_tree.c b/src/yajl_tree.c
index 4b3cf2b..dc55f74 100644
--- a/src/yajl_tree.c
+++ b/src/yajl_tree.c
@@ -449,6 +449,9 @@ yajl_val yajl_tree_parse (const char *input,
yajl_tree_free(v);
}
yajl_free (handle);
+ //If the requested memory is not released in time, it will cause memory leakage
+ if(ctx.root)
+ yajl_tree_free(ctx.root);
return NULL;
}
--
2.20.1

54
0007-add-cmake-option-for-test-and-binary.patch
View File

@ -1,54 +0,0 @@
From 255917e92717c491ffb66eb63a3333682d13df60 Mon Sep 17 00:00:00 2001
From: haozi007 <liuhao27@huawei.com>
Date: Wed, 8 Jun 2022 07:27:46 +0100
Subject: [PATCH] add cmake option for test and binary
Signed-off-by: haozi007 <liuhao27@huawei.com>
---
CMakeLists.txt | 27 ++++++++++++++++++---------
1 file changed, 18 insertions(+), 9 deletions(-)
diff --git a/CMakeLists.txt b/CMakeLists.txt
index 4c0a9be..9cc63c5 100644
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@@ -64,18 +64,27 @@ ENDIF (WIN32)
ADD_SUBDIRECTORY(src)
-ADD_SUBDIRECTORY(test)
-ADD_SUBDIRECTORY(reformatter)
-ADD_SUBDIRECTORY(verify)
+
+IF (NOT DISABLE_TEST)
+ ADD_SUBDIRECTORY(test)
+ENDIF ()
+
+IF (NOT DISABLE_BIN)
+ ADD_SUBDIRECTORY(reformatter)
+ ADD_SUBDIRECTORY(verify)
+ENDIF ()
+
ADD_SUBDIRECTORY(example)
ADD_SUBDIRECTORY(perf)
INCLUDE(YAJLDoc.cmake)
-# a test target
-ADD_CUSTOM_TARGET(test
- ./run_tests.sh ${CMAKE_CURRENT_BINARY_DIR}/test/parsing/yajl_test
- WORKING_DIRECTORY ${CMAKE_CURRENT_SOURCE_DIR}/test/parsing)
+IF (NOT DISABLE_TEST)
+ # a test target
+ ADD_CUSTOM_TARGET(test
+ ./run_tests.sh ${CMAKE_CURRENT_BINARY_DIR}/test/parsing/yajl_test
+ WORKING_DIRECTORY ${CMAKE_CURRENT_SOURCE_DIR}/test/parsing)
-ADD_CUSTOM_TARGET(test-api ${CMAKE_CURRENT_SOURCE_DIR}/test/api/run_tests.sh
- WORKING_DIRECTORY ${CMAKE_CURRENT_BINARY_DIR}/test/api)
+ ADD_CUSTOM_TARGET(test-api ${CMAKE_CURRENT_SOURCE_DIR}/test/api/run_tests.sh
+ WORKING_DIRECTORY ${CMAKE_CURRENT_BINARY_DIR}/test/api)
+ENDIF ()
--
2.20.1

58
backport-CVE-2022-24795.patch
View File

@ -1,58 +0,0 @@
From 23cea2d7677e396efed78bbf1bf153961fab6bad Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Petr=20P=C3=ADsa=C5=99?= <ppisar@redhat.com>
Date: Thu, 7 Apr 2022 17:29:54 +0200
Subject: [PATCH] Fix CVE-2022-24795
There was an integer overflow in yajl_buf_ensure_available() leading
to allocating less memory than requested. Then data were written past
the allocated heap buffer in yajl_buf_append(), the only caller of
yajl_buf_ensure_available(). Another result of the overflow was an
infinite loop without a return from yajl_buf_ensure_available().
yajl-ruby project, which bundles yajl, fixed it
<https://github.com/brianmario/yajl-ruby/pull/211> by checking for the
integer overflow, fortifying buffer allocations, and report the
failures to a caller. But then the caller yajl_buf_append() skips
a memory write if yajl_buf_ensure_available() failed leading to a data
corruption.
A yajl fork mainter recommended calling memory allocation callbacks with
the large memory request and let them to handle it. But that has the
problem that it's not possible pass the overely large size to the
callbacks.
This patch catches the integer overflow and terminates the process
with abort().
https://github.com/lloyd/yajl/issues/239
https://github.com/brianmario/yajl-ruby/security/advisories/GHSA-jj47-x69x-mxrm
---
src/yajl_buf.c | 12 +++++++++++-
1 file changed, 11 insertions(+), 1 deletion(-)
diff --git a/src/yajl_buf.c b/src/yajl_buf.c
index 1aeafde..55c11ad 100644
--- a/src/yajl_buf.c
+++ b/src/yajl_buf.c
@@ -45,7 +45,17 @@ void yajl_buf_ensure_available(yajl_buf buf, size_t want)
need = buf->len;
- while (want >= (need - buf->used)) need <<= 1;
+ if (((buf->used > want) ? buf->used : want) > (size_t)(buf->used + want)) {
+ /* We cannot allocate more memory than SIZE_MAX. */
+ abort();
+ }
+ while (want >= (need - buf->used)) {
+ if (need >= (size_t)((size_t)(-1)<<1)>>1) {
+ /* need would overflow. */
+ abort();
+ }
+ need <<= 1;
+ }
if (need != buf->len) {
buf->data = (unsigned char *) YA_REALLOC(buf->alloc, buf->data, need);
--
2.27.0

26
backport-fix-memory-leaks.patch Normal file
View File

@ -0,0 +1,26 @@
From 23a122eddaa28165a6c219000adcc31ff9a8a698 Mon Sep 17 00:00:00 2001
From: "zhang.jiujiu" <282627424@qq.com>
Date: Tue, 7 Dec 2021 22:37:02 +0800
Subject: [PATCH] fix memory leaks
---
src/yajl_tree.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/src/yajl_tree.c b/src/yajl_tree.c
index b9e6604..0e7bde9 100644
--- a/src/yajl_tree.c
+++ b/src/yajl_tree.c
@@ -456,6 +456,9 @@ yajl_val yajl_tree_parse (const char *input,
yajl_tree_free(v);
}
yajl_free (handle);
+ //If the requested memory is not released in time, it will cause memory leakage
+ if(ctx.root)
+ yajl_tree_free(ctx.root);
return NULL;
}
--
1.8.3.1

0
0004-yajl-2.1.0-dynlink-binaries.patch → yajl-2.1.0-dynlink-binaries.patch
View File

0
0005-yajl-2.1.0-fix-memory-leak.patch → yajl-2.1.0-fix-memory-leak.patch
View File

0
0002-yajl-2.1.0-pkgconfig-includedir.patch → yajl-2.1.0-pkgconfig-includedir.patch
View File

0
0001-yajl-2.1.0-pkgconfig-location.patch → yajl-2.1.0-pkgconfig-location.patch
View File

0
0003-yajl-2.1.0-test-location.patch → yajl-2.1.0-test-location.patch
View File

109
yajl-assert-error-when-memory-allocation-failed.patch
View File

@ -1,109 +0,0 @@
From 941bc5f96825e9178b8354cf16b033fb61221021 Mon Sep 17 00:00:00 2001
From: Ruoshu Gao <gaoruoshu@huawei.com>
Date: Thu, 8 Sep 2022 19:15:58 +0800
Subject: [PATCH] yajl: assert error when memory allocation failed
Signed-off-by: Ruoshu Gao <gaoruoshu@huawei.com>
---
src/yajl.c | 2 ++
src/yajl_buf.c | 3 +++
src/yajl_bytestack.h | 2 ++
src/yajl_lex.c | 1 +
test/parsing/yajl_test.c | 1 +
5 files changed, 9 insertions(+)
diff --git a/src/yajl.c b/src/yajl.c
index d477893..c0f3094 100644
--- a/src/yajl.c
+++ b/src/yajl.c
@@ -62,6 +62,7 @@ yajl_alloc(const yajl_callbacks * callbacks,
}
hand = (yajl_handle) YA_MALLOC(afs, sizeof(struct yajl_handle_t));
+ if (!hand) abort();
/* copy in pointers to allocation routines */
memcpy((void *) &(hand->alloc), (void *) afs, sizeof(yajl_alloc_funcs));
@@ -145,6 +146,7 @@ yajl_complete_parse(yajl_handle hand)
hand->lexer = yajl_lex_alloc(&(hand->alloc),
hand->flags & yajl_allow_comments,
!(hand->flags & yajl_dont_validate_strings));
+ if (!hand->lexer) abort();
}
return yajl_do_finish(hand);
diff --git a/src/yajl_buf.c b/src/yajl_buf.c
index 1aeafde..5556a17 100644
--- a/src/yajl_buf.c
+++ b/src/yajl_buf.c
@@ -40,6 +40,7 @@ void yajl_buf_ensure_available(yajl_buf buf, size_t want)
if (buf->data == NULL) {
buf->len = YAJL_BUF_INIT_SIZE;
buf->data = (unsigned char *) YA_MALLOC(buf->alloc, buf->len);
+ if (!buf->data) abort();
buf->data[0] = 0;
}
@@ -49,6 +50,7 @@ void yajl_buf_ensure_available(yajl_buf buf, size_t want)
if (need != buf->len) {
buf->data = (unsigned char *) YA_REALLOC(buf->alloc, buf->data, need);
+ if (!buf->data) abort();
buf->len = need;
}
}
@@ -56,6 +58,7 @@ void yajl_buf_ensure_available(yajl_buf buf, size_t want)
yajl_buf yajl_buf_alloc(yajl_alloc_funcs * alloc)
{
yajl_buf b = YA_MALLOC(alloc, sizeof(struct yajl_buf_t));
+ if (!b) abort();
memset((void *) b, 0, sizeof(struct yajl_buf_t));
b->alloc = alloc;
return b;
diff --git a/src/yajl_bytestack.h b/src/yajl_bytestack.h
index 9ea7d15..1072081 100644
--- a/src/yajl_bytestack.h
+++ b/src/yajl_bytestack.h
@@ -23,6 +23,7 @@
#define __YAJL_BYTESTACK_H__
#include "api/yajl_common.h"
+#include <stdlib.h>
#define YAJL_BS_INC 128
@@ -56,6 +57,7 @@ typedef struct yajl_bytestack_t
(obs).stack = (obs).yaf->realloc((obs).yaf->ctx,\
(void *) (obs).stack, (obs).size);\
} \
+ if (!(obs).stack) abort(); \
(obs).stack[((obs).used)++] = (byte); \
}
diff --git a/src/yajl_lex.c b/src/yajl_lex.c
index 0b6f7cc..a08e703 100644
--- a/src/yajl_lex.c
+++ b/src/yajl_lex.c
@@ -105,6 +105,7 @@ yajl_lex_alloc(yajl_alloc_funcs * alloc,
unsigned int allowComments, unsigned int validateUTF8)
{
yajl_lexer lxr = (yajl_lexer) YA_MALLOC(alloc, sizeof(struct yajl_lexer_t));
+ if (!lxr) abort();
memset((void *) lxr, 0, sizeof(struct yajl_lexer_t));
lxr->buf = yajl_buf_alloc(alloc);
lxr->allowComments = allowComments;
diff --git a/test/parsing/yajl_test.c b/test/parsing/yajl_test.c
index c50755b..8d67ed9 100644
--- a/test/parsing/yajl_test.c
+++ b/test/parsing/yajl_test.c
@@ -102,6 +102,7 @@ static int test_yajl_map_key(void *ctx, const unsigned char * stringVal,
size_t stringLen)
{
char * str = (char *) malloc(stringLen + 1);
+ if (!str) abort();
str[stringLen] = 0;
memcpy(str, stringVal, stringLen);
printf("key: '%s'\n", str);
--
2.33.0

36
yajl.spec
View File

@ -1,20 +1,17 @@
Name: yajl Name: yajl
Version: 2.1.0 Version: 2.1.0
Release: 20 Release: 15
Summary: Yet Another JSON Library Summary: Yet Another JSON Library
License: ISC License: ISC
URL: https://github.com/lloyd/yajl URL: http://lloyd.github.com/yajl/
Source0: https://github.com/lloyd/yajl/archive/refs/tags/%{version}.tar.gz Source0: https://github.com/lloyd/yajl/archive/%{version}.tar.gz
Patch1: 0001-yajl-2.1.0-pkgconfig-location.patch Patch1: yajl-2.1.0-pkgconfig-location.patch
Patch2: 0002-yajl-2.1.0-pkgconfig-includedir.patch Patch2: yajl-2.1.0-pkgconfig-includedir.patch
Patch3: 0003-yajl-2.1.0-test-location.patch Patch3: yajl-2.1.0-test-location.patch
Patch4: 0004-yajl-2.1.0-dynlink-binaries.patch Patch4: yajl-2.1.0-dynlink-binaries.patch
Patch5: 0005-yajl-2.1.0-fix-memory-leak.patch Patch5: yajl-2.1.0-fix-memory-leak.patch
Patch6: 0006-fix-memory-leak-of-ctx-root.patch Patch6: backport-fix-memory-leaks.patch
Patch7: 0007-add-cmake-option-for-test-and-binary.patch
Patch8: backport-CVE-2022-24795.patch
Patch9: yajl-assert-error-when-memory-allocation-failed.patch
BuildRequires: cmake gcc BuildRequires: cmake gcc
@ -71,21 +68,6 @@ cd ../api
%{_libdir}/libyajl_s.a %{_libdir}/libyajl_s.a
%changelog %changelog
* Wed Nov 16 2022 fuanan <fuanan3@h-partners.com> - 2.1.0-20
- Modify Source0
* Thu Sep 22 2022 panxiaohe <panxh.life@foxmail.com> - 2.1.0-19
- modify URL
* Fri Sep 9 2022 panxiaohe <panxh.life@foxmail.com> - 2.1.0-18
- assert error when memory allocation failed
* Fri Sep 9 2022 panxiaohe <panxh.life@foxmail.com> - 2.1.0-17
- fix CVE-2022-24795
* Wed Jun 8 2022 haozi007 <liuhao27@h-partners.com> - 2.1.0-16
- add index for patch and add cmake options
* Sat Feb 12 2022 fuanan <fuanan3@h-partners.com> - 2.1.0-15 * Sat Feb 12 2022 fuanan <fuanan3@h-partners.com> - 2.1.0-15
- fix memory leaks in yajl_tree_parse - fix memory leaks in yajl_tree_parse