json-c: fix CVE-2021-32292

This is a read past end of buffer issue in the json_parse test app, which can happened with malformed json data. It's not an issue with the library itself. For what ever reason this CVE has a base score of 9.8. Reference: https://nvd.nist.gov/vuln/detail/CVE-2021-32292 Upstream issue: https://github.com/json-c/json-c/issues/654 The CVE is fixed with version 0.16 (which is already in all active branches of poky). (From OE-Core rev: a7b93651028b55d71b8db53ea831eee7fd539f33) Signed-off-by: Adrian Freihofer <adrian.freihofer@siemens.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
author: Adrian Freihofer <adrian.freihofer@gmail.com> 2023-08-29 19:00:46 +0200
committer: Steve Sakoman <steve@sakoman.com> 2023-09-08 16:09:41 -1000
commit: d01be5cf8425c2255eeebaa2277c125441785022 (patch)
tree: 5769ec1ceefdd55e12c3aa6d71acdd1758cb2fc6 /meta/recipes-devtools
parent: be24e2265142fcfe8151811e165c151e948c1bff (diff)
download: poky-d01be5cf8425c2255eeebaa2277c125441785022.tar.gz
2 files changed, 31 insertions, 0 deletions
diff --git a/meta/recipes-devtools/json-c/json-c/CVE-2021-32292.patch b/meta/recipes-devtools/json-c/json-c/CVE-2021-32292.patch
new file mode 100644
index 0000000000..28da522115
--- /dev/null
+++ b/meta/recipes-devtools/json-c/json-c/CVE-2021-32292.patch
@@ -0,0 +1,30 @@
+From da22ae6541584068f8169315274016920da11d8b Mon Sep 17 00:00:00 2001
+From: Marc <34656315+MarcT512@users.noreply.github.com>
+Date: Fri, 7 Aug 2020 10:49:45 +0100
+Subject: [PATCH] Fix read past end of buffer
+Fixes: CVE-2021-32292
+Issue: https://github.com/json-c/json-c/issues/654
+Upstream-Status: Backport [4e9e44e5258dee7654f74948b0dd5da39c28beec]
+CVE: CVE-2021-32292
+Signed-off-by: Adrian Freihofer <adrian.freihofer@siemens.com>
+---
+ apps/json_parse.c | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+diff --git a/apps/json_parse.c b/apps/json_parse.c
+index bba4622..72b31a8 100644
+--- a/apps/json_parse.c
+++ b/apps/json_parse.c
+@@ -82,7 +82,8 @@ static int parseit(int fd, int (*callback)(struct json_object *))
+                        int parse_end = json_tokener_get_parse_end(tok);
+                        if (obj == NULL && jerr != json_tokener_continue)
+                        {
+-                               char *aterr = &buf[start_pos + parse_end];
+                               char *aterr = (start_pos + parse_end < sizeof(buf)) ?
+                                       &buf[start_pos + parse_end] : "";
+                                fflush(stdout);
+                                int fail_offset = total_read - ret + start_pos + parse_end;
+                                fprintf(stderr, "Failed at offset %d: %s %c\n", fail_offset,
diff --git a/meta/recipes-devtools/json-c/json-c_0.15.bb b/meta/recipes-devtools/json-c/json-c_0.15.bb
index 7cbed55b3b..4da30bc50c 100644
--- a/meta/recipes-devtools/json-c/json-c_0.15.bb
+++ b/meta/recipes-devtools/json-c/json-c_0.15.bb
@@ -7,6 +7,7 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=de54b60fbbc35123ba193fea8ee216f2"
 SRC_URI = " \
    https://s3.amazonaws.com/json-c_releases/releases/${BP}.tar.gz \
    file://run-ptest \
+    file://CVE-2021-32292.patch \
 "
 SRC_URI[sha256sum] = "b8d80a1ddb718b3ba7492916237bbf86609e9709fb007e7f7d4322f02341a4c6"
author	Adrian Freihofer <adrian.freihofer@gmail.com>	2023-08-29 19:00:46 +0200
committer	Steve Sakoman <steve@sakoman.com>	2023-09-08 16:09:41 -1000
commit	d01be5cf8425c2255eeebaa2277c125441785022 (patch)
tree	5769ec1ceefdd55e12c3aa6d71acdd1758cb2fc6 /meta/recipes-devtools
parent	be24e2265142fcfe8151811e165c151e948c1bff (diff)
download	poky-d01be5cf8425c2255eeebaa2277c125441785022.tar.gz

diff --git a/meta/recipes-devtools/json-c/json-c/CVE-2021-32292.patch b/meta/recipes-devtools/json-c/json-c/CVE-2021-32292.patch new file mode 100644 index 0000000000..28da522115 --- /dev/null +++ b/meta/recipes-devtools/json-c/json-c/CVE-2021-32292.patch
@@ -0,0 +1,30 @@
		1	From da22ae6541584068f8169315274016920da11d8b Mon Sep 17 00:00:00 2001
		2	From: Marc <34656315+MarcT512@users.noreply.github.com>
		3	Date: Fri, 7 Aug 2020 10:49:45 +0100
		4	Subject: [PATCH] Fix read past end of buffer
		5
		6	Fixes: CVE-2021-32292
		7	Issue: https://github.com/json-c/json-c/issues/654
		8
		9	Upstream-Status: Backport [4e9e44e5258dee7654f74948b0dd5da39c28beec]
		10	CVE: CVE-2021-32292
		11
		12	Signed-off-by: Adrian Freihofer <adrian.freihofer@siemens.com>
		13	---
		14	apps/json_parse.c \| 3 ++-
		15	1 file changed, 2 insertions(+), 1 deletion(-)
		16
		17	diff --git a/apps/json_parse.c b/apps/json_parse.c
		18	index bba4622..72b31a8 100644
		19	--- a/apps/json_parse.c
		20	+++ b/apps/json_parse.c
		21	@@ -82,7 +82,8 @@ static int parseit(int fd, int (callback)(struct json_object ))
		22	int parse_end = json_tokener_get_parse_end(tok);
		23	if (obj == NULL && jerr != json_tokener_continue)
		24	{
		25	- char *aterr = &buf[start_pos + parse_end];
		26	+ char *aterr = (start_pos + parse_end < sizeof(buf)) ?
		27	+ &buf[start_pos + parse_end] : "";
		28	fflush(stdout);
		29	int fail_offset = total_read - ret + start_pos + parse_end;
		30	fprintf(stderr, "Failed at offset %d: %s %c\n", fail_offset,


diff --git a/meta/recipes-devtools/json-c/json-c_0.15.bb b/meta/recipes-devtools/json-c/json-c_0.15.bb index 7cbed55b3b..4da30bc50c 100644 --- a/meta/recipes-devtools/json-c/json-c_0.15.bb +++ b/meta/recipes-devtools/json-c/json-c_0.15.bb
@@ -7,6 +7,7 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=de54b60fbbc35123ba193fea8ee216f2"
7	SRC_URI = " \	7	SRC_URI = " \
8	https://s3.amazonaws.com/json-c_releases/releases/${BP}.tar.gz \	8	https://s3.amazonaws.com/json-c_releases/releases/${BP}.tar.gz \
9	file://run-ptest \	9	file://run-ptest \
		10	file://CVE-2021-32292.patch \
10	"	11	"
11		12
12	SRC_URI[sha256sum] = "b8d80a1ddb718b3ba7492916237bbf86609e9709fb007e7f7d4322f02341a4c6"	13	SRC_URI[sha256sum] = "b8d80a1ddb718b3ba7492916237bbf86609e9709fb007e7f7d4322f02341a4c6"