[kirkstone,04/14] json-c: fix CVE-2021-32292

Message ID	a7b93651028b55d71b8db53ea831eee7fd539f33.1694004064.git.steve@sakoman.com
State	Accepted, archived
Commit	a7b93651028b55d71b8db53ea831eee7fd539f33
Headers	show Return-Path: <steve@sakoman.com> ip: 209.85.214.172, mailfrom: steve@sakoman.com) From: Steve Sakoman <steve@sakoman.com> To: openembedded-core@lists.openembedded.org Subject: [OE-core][kirkstone 04/14] json-c: fix CVE-2021-32292 Date: Wed, 6 Sep 2023 02:48:11 -1000 Message-Id: <a7b93651028b55d71b8db53ea831eee7fd539f33.1694004064.git.steve@sakoman.com> In-Reply-To: <cover.1694004064.git.steve@sakoman.com> References: <cover.1694004064.git.steve@sakoman.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit
Series	[kirkstone,01/14] tiff: fix CVE-2023-2908,CVE-2023-3316,CVE-2023-3618 \| expand [kirkstone,01/14] tiff: fix CVE-2023-2908,CVE-2023-3316,CVE-2023-3618 [kirkstone,02/14] inetutils: Backport fix for CVE-2023-40303 [kirkstone,03/14] libtiff: fix CVE-2023-26966 Buffer Overflow [kirkstone,04/14] json-c: fix CVE-2021-32292 [kirkstone,05/14] ncurses: fix CVE-2023-29491 [kirkstone,06/14] busybox: fix CVE-2022-48174 [kirkstone,07/14] webkitgtk: fix CVE-2023-23529 [kirkstone,08/14] libssh2: fix CVE-2020-22218 [kirkstone,09/14] file: fix CVE-2022-48554 [kirkstone,10/14] nasm: fix CVE-2020-21528 [kirkstone,11/14] python3: upgrade to 3.10.13 [kirkstone,12/14] efivar: backport 5 patches to fix build with gold [kirkstone,13/14] libdnf: resolve cstdint inclusion for newer gcc versions [kirkstone,14/14] sysklogd: fix integration with systemd-journald

Message ID

a7b93651028b55d71b8db53ea831eee7fd539f33.1694004064.git.steve@sakoman.com

State

Accepted, archived

Commit

a7b93651028b55d71b8db53ea831eee7fd539f33

Headers

From: Steve Sakoman <steve@sakoman.com>
To: openembedded-core@lists.openembedded.org
Subject: [OE-core][kirkstone 04/14] json-c: fix CVE-2021-32292
Date: Wed,  6 Sep 2023 02:48:11 -1000
Message-Id: 
 <a7b93651028b55d71b8db53ea831eee7fd539f33.1694004064.git.steve@sakoman.com>
In-Reply-To: <cover.1694004064.git.steve@sakoman.com>
References: <cover.1694004064.git.steve@sakoman.com>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit

Series

[kirkstone,01/14] tiff: fix CVE-2023-2908,CVE-2023-3316,CVE-2023-3618 | expand

Commit Message

Steve Sakoman Sept. 6, 2023, 12:48 p.m. UTC

From: Adrian Freihofer <adrian.freihofer@gmail.com>

This is a read past end of buffer issue in the json_parse test app,
which can happened with malformed json data. It's not an issue with the
library itself. For what ever reason this CVE has a base score of 9.8.

Reference:
https://nvd.nist.gov/vuln/detail/CVE-2021-32292

Upstream issue:
https://github.com/json-c/json-c/issues/654

The CVE is fixed with version 0.16 (which is already in all active
branches of poky).

Signed-off-by: Adrian Freihofer <adrian.freihofer@siemens.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 .../json-c/json-c/CVE-2021-32292.patch        | 30 +++++++++++++++++++
 meta/recipes-devtools/json-c/json-c_0.15.bb   |  1 +
 2 files changed, 31 insertions(+)
 create mode 100644 meta/recipes-devtools/json-c/json-c/CVE-2021-32292.patch

diff --git a/meta/recipes-devtools/json-c/json-c/CVE-2021-32292.patch b/meta/recipes-devtools/json-c/json-c/CVE-2021-32292.patch
new file mode 100644
index 0000000000..28da522115
--- /dev/null
+++ b/meta/recipes-devtools/json-c/json-c/CVE-2021-32292.patch
@@ -0,0 +1,30 @@ 
+From da22ae6541584068f8169315274016920da11d8b Mon Sep 17 00:00:00 2001
+From: Marc <34656315+MarcT512@users.noreply.github.com>
+Date: Fri, 7 Aug 2020 10:49:45 +0100
+Subject: [PATCH] Fix read past end of buffer
+
+Fixes: CVE-2021-32292
+Issue: https://github.com/json-c/json-c/issues/654
+
+Upstream-Status: Backport [4e9e44e5258dee7654f74948b0dd5da39c28beec]
+CVE: CVE-2021-32292
+
+Signed-off-by: Adrian Freihofer <adrian.freihofer@siemens.com>
+---
+ apps/json_parse.c | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+diff --git a/apps/json_parse.c b/apps/json_parse.c
+index bba4622..72b31a8 100644
+--- a/apps/json_parse.c
++++ b/apps/json_parse.c
+@@ -82,7 +82,8 @@ static int parseit(int fd, int (*callback)(struct json_object *))
+ 			int parse_end = json_tokener_get_parse_end(tok);
+ 			if (obj == NULL && jerr != json_tokener_continue)
+ 			{
+-				char *aterr = &buf[start_pos + parse_end];
++				char *aterr = (start_pos + parse_end < sizeof(buf)) ?
++					&buf[start_pos + parse_end] : "";
+ 				fflush(stdout);
+ 				int fail_offset = total_read - ret + start_pos + parse_end;
+ 				fprintf(stderr, "Failed at offset %d: %s %c\n", fail_offset,
diff --git a/meta/recipes-devtools/json-c/json-c_0.15.bb b/meta/recipes-devtools/json-c/json-c_0.15.bb
index 7cbed55b3b..4da30bc50c 100644
--- a/meta/recipes-devtools/json-c/json-c_0.15.bb
+++ b/meta/recipes-devtools/json-c/json-c_0.15.bb
@@ -7,6 +7,7 @@  LIC_FILES_CHKSUM = "file://COPYING;md5=de54b60fbbc35123ba193fea8ee216f2"
 SRC_URI = " \
     https://s3.amazonaws.com/json-c_releases/releases/${BP}.tar.gz \
     file://run-ptest \
+    file://CVE-2021-32292.patch \
 "
 
 SRC_URI[sha256sum] = "b8d80a1ddb718b3ba7492916237bbf86609e9709fb007e7f7d4322f02341a4c6"

[kirkstone,04/14] json-c: fix CVE-2021-32292

Commit Message

Patch