diff --git a/backport-CVE-2020-12762.patch b/backport-CVE-2020-12762.patch deleted file mode 100644 index e4922cdfe40ac911c157e565fcef80992d325633..0000000000000000000000000000000000000000 --- a/backport-CVE-2020-12762.patch +++ /dev/null @@ -1,66 +0,0 @@ -From f51fcd59a8bbeb60eaf8ae0e398556be2fa3317a Mon Sep 17 00:00:00 2001 -From: Wang Haitao -Date: Tue, 14 Mar 2023 22:25:54 +0800 -Subject: [PATCH] Fix CVE-2020-12762 - -reference: https://github.com/json-c/json-c/pull/592/files - -I reproduce this CVE using the code from https://github.com/json-c/json-c/pull/592 - -And it fix it and no more segmentation fault ---- - printbuf.c | 20 +++++++++++++++++--- - 1 file changed, 17 insertions(+), 3 deletions(-) - -diff --git a/printbuf.c b/printbuf.c -index e9cde11..b02a363 100644 ---- a/printbuf.c -+++ b/printbuf.c -@@ -13,6 +13,7 @@ - - #include "config.h" - -+#include - #include - #include - #include -@@ -68,9 +69,16 @@ static int printbuf_extend(struct printbuf *p, int min_size) - if (p->size >= min_size) - return 0; - -- new_size = p->size * 2; -- if (new_size < min_size + 8) -- new_size = min_size + 8; -+ /* Prevent signed integer overflows with large buffers. */ -+ if (min_size > INT_MAX - 8) -+ return -1; -+ if (p->size > INT_MAX / 2) -+ new_size = min_size + 8; -+ else { -+ new_size = p->size * 2; -+ if (new_size < min_size + 8) -+ new_size = min_size + 8; -+ } - #ifdef PRINTBUF_DEBUG - MC_DEBUG("printbuf_memappend: realloc " - "bpos=%d min_size=%d old_size=%d new_size=%d\n", -@@ -85,6 +93,9 @@ static int printbuf_extend(struct printbuf *p, int min_size) - - int printbuf_memappend(struct printbuf *p, const char *buf, int size) - { -+ /* Prevent signed integer overflows with large buffers. */ -+ if (size > INT_MAX - p->bpos - 1) -+ return -1; - if (p->size <= p->bpos + size + 1) { - if (printbuf_extend(p, p->bpos + size + 1) < 0) - return -1; -@@ -136,6 +147,9 @@ int printbuf_memset(struct printbuf *pb, int offset, int charvalue, int len) - - if (offset == -1) - offset = pb->bpos; -+ /* Prevent signed integer overflows with large buffers. */ -+ if (len > INT_MAX - offset) -+ return -1; - size_needed = offset + len; - if (pb->size < size_needed) - { diff --git a/libfastjson-0.99.9.tar.gz b/libfastjson-0.99.9.tar.gz deleted file mode 100644 index 045b0c3e958927843699dd7875e5da8f2ff2b501..0000000000000000000000000000000000000000 Binary files a/libfastjson-0.99.9.tar.gz and /dev/null differ diff --git a/libfastjson-1.2304.0.tar.gz b/libfastjson-1.2304.0.tar.gz new file mode 100644 index 0000000000000000000000000000000000000000..f2e1fa3dac84934b422dbbf16ceb7832117c7ae8 Binary files /dev/null and b/libfastjson-1.2304.0.tar.gz differ diff --git a/libfastjson.spec b/libfastjson.spec index f05511a248dabc684e0671b04b7ee462c394e99b..403c10f51e7399d86ebfd1044f2996bf3b1ad65a 100644 --- a/libfastjson.spec +++ b/libfastjson.spec @@ -1,13 +1,11 @@ Name: libfastjson -Version: 0.99.9 -Release: 3 +Version: 1.2304.0 +Release: 1 Summary: JSON-C - A JSON implementation in C License: MIT URL: https://github.com/rsyslog/libfastjson Source0: http://download.rsyslog.com/%{name}/%{name}-%{version}.tar.gz -Patch1: backport-CVE-2020-12762.patch - BuildRequires: autoconf automake libtool %description @@ -58,6 +56,9 @@ make V=1 check %{_libdir}/pkgconfig/libfastjson.pc %changelog +* Mon Jan 29 2024 gengqihu - 1.2304.0-1 +- update to 1.2304.0 + * Tue Mar 28 2023 shixuantong - 0.99.9-3 - fix CVE-2020-12762