openwrt/package/libs/libubox/patches/0002-jshn-fix-off-by-one-in-jshn_parse_file.patch

From f27853d71a2cb99ec5de3881716a14611ada307c Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Petr=20=C5=A0tetiar?= <ynezz@true.cz>
Date: Sat, 23 Nov 2019 22:48:25 +0100
Subject: jshn: fix off by one in jshn_parse_file
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Fixes following error:

 Invalid read of size 1
   at 0x4C32D04: strlen
   by 0x5043367: json_tokener_parse_ex
   by 0x5045316: json_tokener_parse_verbose
   by 0x504537D: json_tokener_parse
   by 0x401AB1: jshn_parse (jshn.c:179)
   by 0x40190D: jshn_parse_file (jshn.c:370)
   by 0x40190D: main (jshn.c:434)
 Address 0x5848c4c is 0 bytes after a block of size 1,036 alloc'd
   at 0x4C2FB0F: malloc
   by 0x4018E2: jshn_parse_file (jshn.c:357)
   by 0x4018E2: main (jshn.c:434)

Signed-off-by: Petr Štetiar <ynezz@true.cz>
---
 jshn.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

--- a/jshn.c
+++ b/jshn.c
@@ -384,7 +384,7 @@ int main(int argc, char **argv)
 				close(fd);
 				return 3;
 			}
-			if (!(fbuf = malloc(sb.st_size))) {
+			if (!(fbuf = calloc(1, sb.st_size+1))) {
 				fprintf(stderr, "Error allocating memory for %s\n", optarg);
 				close(fd);
 				return 3;
libubox: backport security patches This backports some security relevant patches from libubox master. These patches should not change the existing API and ABI so that old applications still work like before without any recompilation. Application can now also use more secure APIs. The new more secure interfaces are also available, but not used. OpenWrt master and 19.07 already have these patches by using a more recent libubox version. Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de> 2020-01-21 22:58:30 +00:00			`From f27853d71a2cb99ec5de3881716a14611ada307c Mon Sep 17 00:00:00 2001`
			`From: =?UTF-8?q?Petr=20=C5=A0tetiar?= <ynezz@true.cz>`
			`Date: Sat, 23 Nov 2019 22:48:25 +0100`
			`Subject: jshn: fix off by one in jshn_parse_file`
			`MIME-Version: 1.0`
			`Content-Type: text/plain; charset=UTF-8`
			`Content-Transfer-Encoding: 8bit`

			`Fixes following error:`

			`Invalid read of size 1`
			`at 0x4C32D04: strlen`
			`by 0x5043367: json_tokener_parse_ex`
			`by 0x5045316: json_tokener_parse_verbose`
			`by 0x504537D: json_tokener_parse`
			`by 0x401AB1: jshn_parse (jshn.c:179)`
			`by 0x40190D: jshn_parse_file (jshn.c:370)`
			`by 0x40190D: main (jshn.c:434)`
			`Address 0x5848c4c is 0 bytes after a block of size 1,036 alloc'd`
			`at 0x4C2FB0F: malloc`
			`by 0x4018E2: jshn_parse_file (jshn.c:357)`
			`by 0x4018E2: main (jshn.c:434)`

			`Signed-off-by: Petr Štetiar <ynezz@true.cz>`
			`---`
			`jshn.c \| 2 +-`
			`1 file changed, 1 insertion(+), 1 deletion(-)`

			`--- a/jshn.c`
			`+++ b/jshn.c`
			`@@ -384,7 +384,7 @@ int main(int argc, char **argv)`
			`close(fd);`
			`return 3;`
			`}`
			`- if (!(fbuf = malloc(sb.st_size))) {`
			`+ if (!(fbuf = calloc(1, sb.st_size+1))) {`
			`fprintf(stderr, "Error allocating memory for %s\n", optarg);`
			`close(fd);`
			`return 3;`