openwrt/package/libs/libjson-c/patches/001-Prevent-division-by-zero-in-linkhash.patch
Robert Marko 15d73a26b6 libjson-c: backport security fixes
This backports upstream fixes for the out of bounds write vulnerability in json-c.
It was reported and patches in this upstream PR: https://github.com/json-c/json-c/pull/592

Addresses CVE-2020-12762

Signed-off-by: Robert Marko <robert.marko@sartura.hr>
Signed-off-by: Luka Perkov <luka.perkov@sartura.hr>
[bump PKG_RELEASE, rebase patches on top of json-c 0.12]
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
(backported from commit bc0288b768)
2020-05-16 21:18:50 +02:00

33 lines
884 B
Diff

From 77d935b7ae7871a1940cd827e850e6063044ec45 Mon Sep 17 00:00:00 2001
From: Tobias Stoeckmann <tobias@stoeckmann.org>
Date: Mon, 4 May 2020 19:46:45 +0200
Subject: [PATCH 2/2] Prevent division by zero in linkhash.
If a linkhash with a size of zero is created, then modulo operations
are prone to division by zero operations.
Purely protective measure against bad usage.
---
linkhash.c | 3 +++
1 file changed, 3 insertions(+)
--- a/linkhash.c
+++ b/linkhash.c
@@ -10,6 +10,7 @@
*
*/
+#include <assert.h>
#include <stdio.h>
#include <string.h>
#include <stdlib.h>
@@ -431,6 +432,8 @@ struct lh_table* lh_table_new(int size,
int i;
struct lh_table *t;
+ /* Allocate space for elements to avoid divisions by zero. */
+ assert(size > 0);
t = (struct lh_table*)calloc(1, sizeof(struct lh_table));
if(!t) lh_abort("lh_table_new: calloc failed\n");
t->count = 0;