mirror of
https://github.com/openwrt/openwrt.git
synced 2025-01-19 19:27:27 +00:00
bc0288b768
This backports upstream fixes for the out of bounds write vulnerability in json-c. It was reported and patches in this upstream PR: https://github.com/json-c/json-c/pull/592 Addresses CVE-2020-12762 Signed-off-by: Robert Marko <robert.marko@sartura.hr> Signed-off-by: Luka Perkov <luka.perkov@sartura.hr> [bump PKG_RELEASE] Signed-off-by: Jo-Philipp Wich <jo@mein.io>
33 lines
856 B
Diff
33 lines
856 B
Diff
From 77d935b7ae7871a1940cd827e850e6063044ec45 Mon Sep 17 00:00:00 2001
|
|
From: Tobias Stoeckmann <tobias@stoeckmann.org>
|
|
Date: Mon, 4 May 2020 19:46:45 +0200
|
|
Subject: [PATCH 2/2] Prevent division by zero in linkhash.
|
|
|
|
If a linkhash with a size of zero is created, then modulo operations
|
|
are prone to division by zero operations.
|
|
|
|
Purely protective measure against bad usage.
|
|
---
|
|
linkhash.c | 3 +++
|
|
1 file changed, 3 insertions(+)
|
|
|
|
--- a/linkhash.c
|
|
+++ b/linkhash.c
|
|
@@ -12,6 +12,7 @@
|
|
|
|
#include "config.h"
|
|
|
|
+#include <assert.h>
|
|
#include <stdio.h>
|
|
#include <string.h>
|
|
#include <stdlib.h>
|
|
@@ -498,6 +499,8 @@ struct lh_table* lh_table_new(int size,
|
|
int i;
|
|
struct lh_table *t;
|
|
|
|
+ /* Allocate space for elements to avoid divisions by zero. */
|
|
+ assert(size > 0);
|
|
t = (struct lh_table*)calloc(1, sizeof(struct lh_table));
|
|
if (!t)
|
|
return NULL;
|