Message ID | 20240812103537.2561681-1-divya.chellam@windriver.com |
---|---|
State | New |
Headers | show |
Series | cjson : fix CVE-2024-31755 | expand |
we are on 1.7.18 already on master branch, so this patch is not needed on master. On Mon, Aug 12, 2024 at 3:36 AM dchellam via lists.openembedded.org <Divya.Chellam=windriver.com@lists.openembedded.org> wrote: > > From: Divya Chellam <divya.chellam@windriver.com> > > cJSON v1.7.17 was discovered to contain a segmentation violation, > which can trigger through the second parameter of function > cJSON_SetValuestring at cJSON.c. > > Reference: > https://security-tracker.debian.org/tracker/CVE-2024-31755 > > Upstream-patch: > https://github.com/DaveGamble/cJSON/commit/7e4d5dabe7a9b754c601f214e65b544e67ba9f59 > > Signed-off-by: Divya Chellam <divya.chellam@windriver.com> > --- > .../cjson/cjson/CVE-2024-31755.patch | 33 +++++++++++++++++++ > .../recipes-devtools/cjson/cjson_1.7.17.bb | 4 ++- > 2 files changed, 36 insertions(+), 1 deletion(-) > create mode 100644 meta-oe/recipes-devtools/cjson/cjson/CVE-2024-31755.patch > > diff --git a/meta-oe/recipes-devtools/cjson/cjson/CVE-2024-31755.patch b/meta-oe/recipes-devtools/cjson/cjson/CVE-2024-31755.patch > new file mode 100644 > index 0000000000..41d8520217 > --- /dev/null > +++ b/meta-oe/recipes-devtools/cjson/cjson/CVE-2024-31755.patch > @@ -0,0 +1,33 @@ > +From 7e4d5dabe7a9b754c601f214e65b544e67ba9f59 Mon Sep 17 00:00:00 2001 > +From: Up-wind <lj.upwind@gmail.com> > +Date: Mon, 25 Mar 2024 20:07:11 +0800 > +Subject: [PATCH] Add NULL check to cJSON_SetValuestring() If the valuestring > + passed to cJSON_SetValuestring is NULL, a null pointer dereference will > + happen. > + > +This commit adds the NULL check of valuestring before it is dereferenced. > + > +CVE: CVE-2024-31755 > + > +Upstream-Status: Backport [https://github.com/DaveGamble/cJSON/commit/7e4d5dabe7a9b754c601f214e65b544e67ba9f59] > + > +Signed-off-by: Divya Chellam <divya.chellam@windriver.com> > +--- > + cJSON.c | 2 +- > + 1 file changed, 1 insertion(+), 1 deletion(-) > + > +diff --git a/cJSON.c b/cJSON.c > +index 4e4979e..8903e4c 100644 > +--- a/cJSON.c > ++++ b/cJSON.c > +@@ -406,7 +406,7 @@ CJSON_PUBLIC(char*) cJSON_SetValuestring(cJSON *object, const char *valuestring) > + return NULL; > + } > + /* return NULL if the object is corrupted */ > +- if (object->valuestring == NULL) > ++ if (object->valuestring == NULL || valuestring == NULL) > + { > + return NULL; > + } > +-- > +2.40.0 > diff --git a/meta-oe/recipes-devtools/cjson/cjson_1.7.17.bb b/meta-oe/recipes-devtools/cjson/cjson_1.7.17.bb > index c9c38a9fe3..3c67a89cd6 100644 > --- a/meta-oe/recipes-devtools/cjson/cjson_1.7.17.bb > +++ b/meta-oe/recipes-devtools/cjson/cjson_1.7.17.bb > @@ -5,7 +5,9 @@ SECTION = "libs" > LICENSE = "MIT" > LIC_FILES_CHKSUM = "file://LICENSE;md5=218947f77e8cb8e2fa02918dc41c50d0" > > -SRC_URI = "git://github.com/DaveGamble/cJSON.git;branch=master;protocol=https" > +SRC_URI = "git://github.com/DaveGamble/cJSON.git;branch=master;protocol=https \ > + file://CVE-2024-31755.patch \ > + " > SRCREV = "87d8f0961a01bf09bef98ff89bae9fdec42181ee" > > S = "${WORKDIR}/git" > -- > 2.40.0 > > > -=-=-=-=-=-=-=-=-=-=-=- > Links: You receive all messages sent to this group. > View/Reply Online (#111769): https://lists.openembedded.org/g/openembedded-devel/message/111769 > Mute This Topic: https://lists.openembedded.org/mt/107853994/1997914 > Group Owner: openembedded-devel+owner@lists.openembedded.org > Unsubscribe: https://lists.openembedded.org/g/openembedded-devel/unsub [raj.khem@gmail.com] > -=-=-=-=-=-=-=-=-=-=-=- >
diff --git a/meta-oe/recipes-devtools/cjson/cjson/CVE-2024-31755.patch b/meta-oe/recipes-devtools/cjson/cjson/CVE-2024-31755.patch new file mode 100644 index 0000000000..41d8520217 --- /dev/null +++ b/meta-oe/recipes-devtools/cjson/cjson/CVE-2024-31755.patch @@ -0,0 +1,33 @@ +From 7e4d5dabe7a9b754c601f214e65b544e67ba9f59 Mon Sep 17 00:00:00 2001 +From: Up-wind <lj.upwind@gmail.com> +Date: Mon, 25 Mar 2024 20:07:11 +0800 +Subject: [PATCH] Add NULL check to cJSON_SetValuestring() If the valuestring + passed to cJSON_SetValuestring is NULL, a null pointer dereference will + happen. + +This commit adds the NULL check of valuestring before it is dereferenced. + +CVE: CVE-2024-31755 + +Upstream-Status: Backport [https://github.com/DaveGamble/cJSON/commit/7e4d5dabe7a9b754c601f214e65b544e67ba9f59] + +Signed-off-by: Divya Chellam <divya.chellam@windriver.com> +--- + cJSON.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/cJSON.c b/cJSON.c +index 4e4979e..8903e4c 100644 +--- a/cJSON.c ++++ b/cJSON.c +@@ -406,7 +406,7 @@ CJSON_PUBLIC(char*) cJSON_SetValuestring(cJSON *object, const char *valuestring) + return NULL; + } + /* return NULL if the object is corrupted */ +- if (object->valuestring == NULL) ++ if (object->valuestring == NULL || valuestring == NULL) + { + return NULL; + } +-- +2.40.0 diff --git a/meta-oe/recipes-devtools/cjson/cjson_1.7.17.bb b/meta-oe/recipes-devtools/cjson/cjson_1.7.17.bb index c9c38a9fe3..3c67a89cd6 100644 --- a/meta-oe/recipes-devtools/cjson/cjson_1.7.17.bb +++ b/meta-oe/recipes-devtools/cjson/cjson_1.7.17.bb @@ -5,7 +5,9 @@ SECTION = "libs" LICENSE = "MIT" LIC_FILES_CHKSUM = "file://LICENSE;md5=218947f77e8cb8e2fa02918dc41c50d0" -SRC_URI = "git://github.com/DaveGamble/cJSON.git;branch=master;protocol=https" +SRC_URI = "git://github.com/DaveGamble/cJSON.git;branch=master;protocol=https \ + file://CVE-2024-31755.patch \ + " SRCREV = "87d8f0961a01bf09bef98ff89bae9fdec42181ee" S = "${WORKDIR}/git"