first commit

2024-08-11 02:17:03 +03:00
commit ee34792885
1404 changed files with 13564 additions and 0 deletions
--- a/src/yajl/.gitignore
+++ b/src/yajl/.gitignore
@ -0,0 +1,3 @@
+.cache/
+dist/
+root/
--- a/src/yajl/CVE-2017-16516.patch
+++ b/src/yajl/CVE-2017-16516.patch
@ -0,0 +1,43 @@
+From 0b5e73c4321de0ba1d495fdc0967054b2a77931c Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= <berrange@redhat.com>
+Date: Mon, 10 Jul 2023 13:36:10 +0100
+Subject: [PATCH 5/8] Fix for CVE-2017-16516
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+Description: Fix for CVE-2017-16516
+ Potential buffer overread: A JSON file can cause denial of service.
+Origin: https://github.com/brianmario/yajl-ruby/commit/a8ca8f476655adaa187eedc60bdc770fff3c51ce
+Bug-Debian: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1040036
+Bug: https://github.com/lloyd/yajl/issues/248
+
+Patch taken from Debian package source
+
+NB, Fedora code can't trigger the reported aborts since it passes the
+-DNDEBUG flag, but pulling the fix for robustness in case a future
+change enables the assert()s.
+
+Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
+---
+ src/yajl_encode.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/src/yajl_encode.c b/src/yajl_encode.c
+index fd08258..0d97cc5 100644
+--- a/src/yajl_encode.c
+++ b/src/yajl_encode.c
+@@ -139,8 +139,8 @@ void yajl_string_decode(yajl_buf buf, const unsigned char * str,
+                     end+=3;
+                     /* check if this is a surrogate */
+                     if ((codepoint & 0xFC00) == 0xD800) {
+-                        end++;
+-                        if (str[end] == '\\' && str[end + 1] == 'u') {
+                        if (end + 2 < len && str[end + 1] == '\\' && str[end + 2] == 'u') {
+                            end++;
+                             unsigned int surrogate = 0;
+                             hexToDigit(&surrogate, str + end + 2);
+                             codepoint =
+-- 
+2.41.0
+
--- a/src/yajl/CVE-2022-24795.patch
+++ b/src/yajl/CVE-2022-24795.patch
@ -0,0 +1,60 @@
+From 17de4d15687aa30c49660dc4b792b1fb4d38b569 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Petr=20P=C3=ADsa=C5=99?= <ppisar@redhat.com>
+Date: Thu, 7 Apr 2022 17:29:54 +0200
+Subject: [PATCH 6/8] Fix CVE-2022-24795
+
+There was an integer overflow in yajl_buf_ensure_available() leading
+to allocating less memory than requested. Then data were written past
+the allocated heap buffer in yajl_buf_append(), the only caller of
+yajl_buf_ensure_available(). Another result of the overflow was an
+infinite loop without a return from yajl_buf_ensure_available().
+
+yajl-ruby project, which bundles yajl, fixed it
+<https://github.com/brianmario/yajl-ruby/pull/211> by checking for the
+integer overflow, fortifying buffer allocations, and report the
+failures to a caller. But then the caller yajl_buf_append() skips
+a memory write if yajl_buf_ensure_available() failed leading to a data
+corruption.
+
+A yajl fork mainter recommended calling memory allocation callbacks with
+the large memory request and let them to handle it. But that has the
+problem that it's not possible pass the overely large size to the
+callbacks.
+
+This patch catches the integer overflow and terminates the process
+with abort().
+
+https://github.com/lloyd/yajl/issues/239
+https://github.com/brianmario/yajl-ruby/security/advisories/GHSA-jj47-x69x-mxrm
+(cherry picked from commit 23cea2d7677e396efed78bbf1bf153961fab6bad
+ in https://github.com/ppisar/yajl)
+---
+ src/yajl_buf.c | 12 +++++++++++-
+ 1 file changed, 11 insertions(+), 1 deletion(-)
+
+diff --git a/src/yajl_buf.c b/src/yajl_buf.c
+index 1aeafde..55c11ad 100644
+--- a/src/yajl_buf.c
+++ b/src/yajl_buf.c
+@@ -45,7 +45,17 @@ void yajl_buf_ensure_available(yajl_buf buf, size_t want)
+ 
+     need = buf->len;
+ 
+-    while (want >= (need - buf->used)) need <<= 1;
+    if (((buf->used > want) ? buf->used : want) > (size_t)(buf->used + want)) {
+        /* We cannot allocate more memory than SIZE_MAX. */
+        abort();
+    }
+    while (want >= (need - buf->used)) {
+        if (need >= (size_t)((size_t)(-1)<<1)>>1) {
+            /* need would overflow. */
+            abort();
+        }
+        need <<= 1;
+    }
+ 
+     if (need != buf->len) {
+         buf->data = (unsigned char *) YA_REALLOC(buf->alloc, buf->data, need);
+-- 
+2.41.0
+
--- a/src/yajl/changes.md
+++ b/src/yajl/changes.md
@ -0,0 +1,2 @@
+# 2.1.0
+First version
--- a/src/yajl/memory_leak.patch
+++ b/src/yajl/memory_leak.patch
@ -0,0 +1,71 @@
+From c4304a2c04a1b392eb1464a9da892a9e0dff7683 Mon Sep 17 00:00:00 2001
+From: wujing <wujing50@huawei.com>
+Date: Thu, 14 Feb 2019 03:12:30 +0800
+Subject: [PATCH 7/8] yajl: fix memory leak problem
+
+reason: fix memory leak problem
+(cherry picked from commit 3d65cb0c6db4d433e5e42ee7d91d8a04e21337cf
+ in https://github.com/openEuler-BaseService)
+
+Fixes: https://github.com/lloyd/yajl/issues/250  (CVE-2023-33460)
+---
+ src/yajl_tree.c | 6 +++++-
+ 1 file changed, 5 insertions(+), 1 deletion(-)
+
+diff --git a/src/yajl_tree.c b/src/yajl_tree.c
+index 3d357a3..4b3cf2b 100644
+--- a/src/yajl_tree.c
+++ b/src/yajl_tree.c
+@@ -143,7 +143,7 @@ static yajl_val context_pop(context_t *ctx)
+     ctx->stack = stack->next;
+ 
+     v = stack->value;
+-
+    free (stack->key);
+     free (stack);
+ 
+     return (v);
+@@ -444,6 +444,10 @@ yajl_val yajl_tree_parse (const char *input,
+              snprintf(error_buffer, error_buffer_size, "%s", internal_err_str);
+              YA_FREE(&(handle->alloc), internal_err_str);
+         }
+        while(ctx.stack != NULL) {
+             yajl_val v = context_pop(&ctx);
+             yajl_tree_free(v);
+        }
+         yajl_free (handle);
+         return NULL;
+     }
+-- 
+2.41.0
+
+From 9cb871049261eeda844b8943d15580763a0ac3d3 Mon Sep 17 00:00:00 2001
+From: "zhang.jiujiu" <282627424@qq.com>
+Date: Tue, 7 Dec 2021 22:37:02 +0800
+Subject: [PATCH 8/8] fix memory leaks
+
+(cherry picked from commit 23a122eddaa28165a6c219000adcc31ff9a8a698
+ in https://github.com/openEuler-BaseService)
+
+Fixes: https://github.com/lloyd/yajl/issues/250  (CVE-2023-33460)
+---
+ src/yajl_tree.c | 3 +++
+ 1 file changed, 3 insertions(+)
+
+diff --git a/src/yajl_tree.c b/src/yajl_tree.c
+index 4b3cf2b..56c7012 100644
+--- a/src/yajl_tree.c
+++ b/src/yajl_tree.c
+@@ -449,6 +449,9 @@ yajl_val yajl_tree_parse (const char *input,
+              yajl_tree_free(v);
+         }
+         yajl_free (handle);
+	//If the requested memory is not released in time, it will cause memory leakage
+	if(ctx.root)
+	     yajl_tree_free(ctx.root);
+         return NULL;
+     }
+ 
+-- 
+2.41.0
+
--- a/src/yajl/pkg.sh
+++ b/src/yajl/pkg.sh
@ -0,0 +1,37 @@
+NAME="yajl"
+DESC="Yet another JSON library"
+VERSION="2.1.0"
+FILES=(
+  "https://github.com/lloyd/yajl/archive/refs/tags/$VERSION.tar.gz"
+  "CVE-2017-16516.patch"
+  "CVE-2022-24795.patch"
+  "memory_leak.patch"
+)
+HASHES=(
+  "9e786d080803df80ec03a9c2f447501e6e8e433a6baf636824bc1d50ecf4f5f80d7dfb1d47958aeb0a30fe459bd0ef033d41bc6a79e1dc6e6b5eade930b19b02"
+  "6955d317643e0a0e0893e62acd8485ce9b5d22837faa4eadf9abe09e72fc4cc1a343edd1faaff75e7172063bdb0e9442cb5e3f491ec2cc4d770fcbcb011d6dae"
+  "75cac72797a694a044e83e03ab1a25d3cce376355d48214f6cdc8f4304776c1fd3b411d043e0e48022b219b00399f2bc730fe58b9e60737ef3ff66be54229722"
+  "a23e30a0c42097f41f1a0bc769a9c68409a615a4599ae9f090320d4413e24c4f1b524aaabcefd9e503bbb7389aaef86fe32cbfdc93969e883225dcdf487b7214"
+)
+DEPENDS=("glibc")
+
+PACKAGE() {
+  tar xf $VERSION.tar.gz
+  cd $NAME-$VERSION
+
+  patch -Np1 -i ../CVE-2017-16516.patch
+  patch -Np1 -i ../CVE-2022-24795.patch
+  patch -Np1 -i ../memory_leak.patch
+
+  mkdir build
+  cd build
+
+  export CFLAGS+=" -ffat-lto-objects"
+  cmake -D CMAKE_BUILD_TYPE=None \
+    -D CMAKE_INSTALL_PREFIX=/usr \
+    -S yajl-$VERSION             \
+    -W no-dev ..
+  cmake --build . && DESTDIR="$ROOTDIR" cmake --install .
+
+  cd ../.. && rm -r $NAME-$VERSION
+}