File: 0002-add-null-check-to-cjson-setvaluestring.patch

package info (click to toggle)
cjson 1.7.15-1%2Bdeb12u3
  • links: PTS, VCS
  • area: main
  • in suites: bookworm
  • size: 2,340 kB
  • sloc: ansic: 16,638; ruby: 3,083; makefile: 334; python: 220; sh: 18
file content (23 lines) | stat: -rw-r--r-- 892 bytes parent folder | download | duplicates (2) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
 
Origin: backport, https://github.com/DaveGamble/cJSON/commit/7e4d5dabe7a9b754c601f214e65b544e67ba9f59
From: Up-wind <lj.upwind@gmail.com>
Bug: https://github.com/DaveGamble/cJSON/issues/839
Bug-Debian: https://bugs.debian.org/1071742
Acked-by: Maytham Alsudany <maytha8thedev@gmail.com>
Subject: [PATCH] Add NULL check to cJSON_SetValuestring()
 If the valuestring passed to cJSON_SetValuestring is NULL, a null pointer
 dereference will happen. This patch adds the NULL check of valuestring before
 it is dereferenced.
 .
 Fix for CVE-2024-31755.

--- a/cJSON.c
+++ b/cJSON.c
@@ -406,7 +406,7 @@ CJSON_PUBLIC(char*) cJSON_SetValuestring(cJSON *object, const char *valuestring)
         return NULL;
     }
     /* return NULL if the object is corrupted */
-    if (object->valuestring == NULL)
+    if (object->valuestring == NULL || valuestring == NULL)
     {
         return NULL;
     }