mirror of
https://github.com/openwrt/openwrt.git
synced 2025-01-23 12:58:23 +00:00
4cd9ae41c5
This backports upstream fixes for the out of bounds write vulnerability in json-c.
It was reported and patches in this upstream PR: https://github.com/json-c/json-c/pull/592
Addresses CVE-2020-12762
Signed-off-by: Robert Marko <robert.marko@sartura.hr>
Signed-off-by: Luka Perkov <luka.perkov@sartura.hr>
[bump PKG_RELEASE, rebase patches on top of json-c 0.12]
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
(backported from commit bc0288b768
)
33 lines
884 B
Diff
33 lines
884 B
Diff
From 77d935b7ae7871a1940cd827e850e6063044ec45 Mon Sep 17 00:00:00 2001
|
|
From: Tobias Stoeckmann <tobias@stoeckmann.org>
|
|
Date: Mon, 4 May 2020 19:46:45 +0200
|
|
Subject: [PATCH 2/2] Prevent division by zero in linkhash.
|
|
|
|
If a linkhash with a size of zero is created, then modulo operations
|
|
are prone to division by zero operations.
|
|
|
|
Purely protective measure against bad usage.
|
|
---
|
|
linkhash.c | 3 +++
|
|
1 file changed, 3 insertions(+)
|
|
|
|
--- a/linkhash.c
|
|
+++ b/linkhash.c
|
|
@@ -10,6 +10,7 @@
|
|
*
|
|
*/
|
|
|
|
+#include <assert.h>
|
|
#include <stdio.h>
|
|
#include <string.h>
|
|
#include <stdlib.h>
|
|
@@ -431,6 +432,8 @@ struct lh_table* lh_table_new(int size,
|
|
int i;
|
|
struct lh_table *t;
|
|
|
|
+ /* Allocate space for elements to avoid divisions by zero. */
|
|
+ assert(size > 0);
|
|
t = (struct lh_table*)calloc(1, sizeof(struct lh_table));
|
|
if(!t) lh_abort("lh_table_new: calloc failed\n");
|
|
t->count = 0;
|