diff mbox series

[kirkstone,1/1] cjson: fix CVE-2024-31755

Message ID 20240813072827.1916570-1-divya.chellam@windriver.com
State New
Headers show
Series [kirkstone,1/1] cjson: fix CVE-2024-31755 | expand

Commit Message

dchellam Aug. 13, 2024, 7:28 a.m. UTC 
From: Divya Chellam <divya.chellam@windriver.com>

cJSON v1.7.17 was discovered to contain a segmentation violation,
which can trigger through the second parameter of function
cJSON_SetValuestring at cJSON.c.

Reference:
https://security-tracker.debian.org/tracker/CVE-2024-31755

Upstream-patch:
https://github.com/DaveGamble/cJSON/commit/7e4d5dabe7a9b754c601f214e65b544e67ba9f59

Signed-off-by: Divya Chellam <divya.chellam@windriver.com>
---
 .../cjson/cjson/CVE-2024-31755.patch          | 33 +++++++++++++++++++
 .../recipes-devtools/cjson/cjson_1.7.17.bb    |  4 ++-
 2 files changed, 36 insertions(+), 1 deletion(-)
 create mode 100644 meta-oe/recipes-devtools/cjson/cjson/CVE-2024-31755.patch
diff mbox series

Patch

diff --git a/meta-oe/recipes-devtools/cjson/cjson/CVE-2024-31755.patch b/meta-oe/recipes-devtools/cjson/cjson/CVE-2024-31755.patch
new file mode 100644
index 000000000..41d852021
--- /dev/null
+++ b/meta-oe/recipes-devtools/cjson/cjson/CVE-2024-31755.patch
@@ -0,0 +1,33 @@ 
+From 7e4d5dabe7a9b754c601f214e65b544e67ba9f59 Mon Sep 17 00:00:00 2001
+From: Up-wind <lj.upwind@gmail.com>
+Date: Mon, 25 Mar 2024 20:07:11 +0800
+Subject: [PATCH] Add NULL check to cJSON_SetValuestring() If the valuestring
+ passed to cJSON_SetValuestring is NULL, a null pointer dereference will
+ happen.
+
+This commit adds the NULL check of valuestring before it is dereferenced.
+
+CVE: CVE-2024-31755
+
+Upstream-Status: Backport [https://github.com/DaveGamble/cJSON/commit/7e4d5dabe7a9b754c601f214e65b544e67ba9f59]
+
+Signed-off-by: Divya Chellam <divya.chellam@windriver.com>
+---
+ cJSON.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/cJSON.c b/cJSON.c
+index 4e4979e..8903e4c 100644
+--- a/cJSON.c
++++ b/cJSON.c
+@@ -406,7 +406,7 @@ CJSON_PUBLIC(char*) cJSON_SetValuestring(cJSON *object, const char *valuestring)
+         return NULL;
+     }
+     /* return NULL if the object is corrupted */
+-    if (object->valuestring == NULL)
++    if (object->valuestring == NULL || valuestring == NULL)
+     {
+         return NULL;
+     }
+--
+2.40.0
diff --git a/meta-oe/recipes-devtools/cjson/cjson_1.7.17.bb b/meta-oe/recipes-devtools/cjson/cjson_1.7.17.bb
index c9c38a9fe..3c67a89cd 100644
--- a/meta-oe/recipes-devtools/cjson/cjson_1.7.17.bb
+++ b/meta-oe/recipes-devtools/cjson/cjson_1.7.17.bb
@@ -5,7 +5,9 @@  SECTION = "libs"
 LICENSE = "MIT"
 LIC_FILES_CHKSUM = "file://LICENSE;md5=218947f77e8cb8e2fa02918dc41c50d0"
 
-SRC_URI = "git://github.com/DaveGamble/cJSON.git;branch=master;protocol=https"
+SRC_URI = "git://github.com/DaveGamble/cJSON.git;branch=master;protocol=https \
+	   file://CVE-2024-31755.patch \
+	  "
 SRCREV = "87d8f0961a01bf09bef98ff89bae9fdec42181ee"
 
 S = "${WORKDIR}/git"