| From 0b5e73c4321de0ba1d495fdc0967054b2a77931c Mon Sep 17 00:00:00 2001 |
| From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= <berrange@redhat.com> |
| Date: Mon, 10 Jul 2023 13:36:10 +0100 |
| Subject: [PATCH] Fix for CVE-2017-16516 |
| MIME-Version: 1.0 |
| Content-Type: text/plain; charset=UTF-8 |
| Content-Transfer-Encoding: 8bit |
| |
| Description: Fix for CVE-2017-16516 |
| Potential buffer overread: A JSON file can cause denial of service. |
| Origin: https://github.com/brianmario/yajl-ruby/commit/a8ca8f476655adaa187eedc60bdc770fff3c51ce |
| |
| CVE: CVE-2017-16516 |
| Upstream-Status: Submitted [https://github.com/lloyd/yajl/issues/248] |
| Signed-off-by: Ross Burton <ross.burton@arm.com> |
| --- |
| src/yajl_encode.c | 4 ++-- |
| 1 file changed, 2 insertions(+), 2 deletions(-) |
| |
| diff --git a/src/yajl_encode.c b/src/yajl_encode.c |
| index fd08258..0d97cc5 100644 |
| --- a/src/yajl_encode.c |
| +++ b/src/yajl_encode.c |
| @@ -139,8 +139,8 @@ void yajl_string_decode(yajl_buf buf, const unsigned char * str, |
| end+=3; |
| /* check if this is a surrogate */ |
| if ((codepoint & 0xFC00) == 0xD800) { |
| - end++; |
| - if (str[end] == '\\' && str[end + 1] == 'u') { |
| + if (end + 2 < len && str[end + 1] == '\\' && str[end + 2] == 'u') { |
| + end++; |
| unsigned int surrogate = 0; |
| hexToDigit(&surrogate, str + end + 2); |
| codepoint = |
| -- |
| 2.34.1 |
| |