[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#980268: marked as done (buster-pu: cjson/1.7.10-1.1+deb10u1)

Your message dated Sat, 06 Feb 2021 10:39:26 +0000
with message-id <6425525e38201ecf9a2d3e0f1e63c0d3b08e0fc0.camel@adam-barratt.org.uk>
and subject line Closing p-u bugs for updates in 10.8
has caused the Debian Bug report #980268,
regarding buster-pu: cjson/1.7.10-1.1+deb10u1
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
980268: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=980268
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems
--- Begin Message --- 
Package: release.debian.org
Severity: normal
Tags: buster
User: release.debian.org@packages.debian.org
Usertags: pu


Dear Release Team,

I intend to fix https://bugs.debian.org/973442 in Buster. Under some
circumstances, the user input will cause an infinite loop in libcjson
library. This is a regression introduced by the patch of CVE-2019-11835
and was fixed in cjson/1.7.12. Currently Buster has 1.7.10-1.1. Sid and
Testing has 1.7.14 so Testing/Sid are not affected by this bug.

This upload cherry-picks a commit provided by upstream as well as
corresponding testsuite. The full debdiff is in the attachment.

Thanks and please let me know if you have any questions.

Regards,
Boyuan Yang

diff -Nru cjson-1.7.10/debian/changelog cjson-1.7.10/debian/changelog
--- cjson-1.7.10/debian/changelog	2019-05-14 04:52:20.000000000 -0400
+++ cjson-1.7.10/debian/changelog	2021-01-16 17:33:31.000000000 -0500
@@ -1,3 +1,11 @@
+cjson (1.7.10-1.1+deb10u1) buster; urgency=medium
+
+  * Cherry pick upstream commit 08d2bc766a82cd75764d036f9efef444590d1cf9,
+    which fixes an infinite loop regression introduced in the previous
+    patch. (Closes: #973442)
+
+ -- Boyuan Yang <byang@debian.org>  Sat, 16 Jan 2021 17:33:31 -0500
+
 cjson (1.7.10-1.1) unstable; urgency=medium
 
   * Non-maintainer upload.
diff -Nru cjson-1.7.10/debian/patches/08d2bc766a82cd75764d036f9efef444590d1cf9.patch cjson-1.7.10/debian/patches/08d2bc766a82cd75764d036f9efef444590d1cf9.patch
--- cjson-1.7.10/debian/patches/08d2bc766a82cd75764d036f9efef444590d1cf9.patch	1969-12-31 19:00:00.000000000 -0500
+++ cjson-1.7.10/debian/patches/08d2bc766a82cd75764d036f9efef444590d1cf9.patch	2021-01-16 17:33:24.000000000 -0500
@@ -0,0 +1,50 @@
+From 08d2bc766a82cd75764d036f9efef444590d1cf9 Mon Sep 17 00:00:00 2001
+From: Max Bruckner <max@maxbruckner.de>
+Date: Thu, 16 May 2019 20:01:02 +0200
+Subject: [PATCH] Fix infinite loop in cJSON_Minify
+
+Bug-Debian: https://bugs.debian.org/973442
+Applied-Upstream: https://github.com/DaveGamble/cJSON/commit/08d2bc766a82cd75764d036f9efef444590d1cf9
+---
+ cJSON.c              | 2 ++
+ tests/minify_tests.c | 7 +++++++
+ 2 files changed, 9 insertions(+)
+
+diff --git a/cJSON.c b/cJSON.c
+index 3a5dc547..f9c2ffa5 100644
+--- a/cJSON.c
++++ b/cJSON.c
+@@ -2717,6 +2717,8 @@ CJSON_PUBLIC(void) cJSON_Minify(char *json)
+                 else if (json[1] == '*')
+                 {
+                     skip_multiline_comment(&json);
++                } else {
++                    json++;
+                 }
+                 break;
+ 
+diff --git a/tests/minify_tests.c b/tests/minify_tests.c
+index e39a9446..000821db 100644
+--- a/tests/minify_tests.c
++++ b/tests/minify_tests.c
+@@ -152,6 +152,12 @@ static void cjson_minify_should_minify_json(void) {
+     free(buffer);
+ }
+ 
++static void cjson_minify_should_not_loop_infinitely(void) {
++    char string[] = { '8', ' ', '/', ' ', '5', '\n', '\0' };
++    /* this should not be an infinite loop */
++    cJSON_Minify(string);
++}
++
+ int CJSON_CDECL main(void)
+ {
+     UNITY_BEGIN();
+@@ -162,6 +168,7 @@ int CJSON_CDECL main(void)
+     RUN_TEST(cjson_minify_should_remove_multiline_comments);
+     RUN_TEST(cjson_minify_should_remove_spaces);
+     RUN_TEST(cjson_minify_should_not_modify_strings);
++    RUN_TEST(cjson_minify_should_not_loop_infinitely);
+ 
+     return UNITY_END();
+ }
diff -Nru cjson-1.7.10/debian/patches/series cjson-1.7.10/debian/patches/series
--- cjson-1.7.10/debian/patches/series	2019-05-14 04:52:20.000000000 -0400
+++ cjson-1.7.10/debian/patches/series	2021-01-16 17:32:41.000000000 -0500
@@ -1 +1,2 @@
 0001-PATCH-Rewrite-cJSON_Minify-fixing-buffer-overflows-f.patch
+08d2bc766a82cd75764d036f9efef444590d1cf9.patch

Attachment: signature.asc
Description: This is a digitally signed message part


--- End Message ---
--- Begin Message --- 
Package: release.debian.org
Version: 10.8

Hi,

Each of the updates referenced by these bugs was included in today's
10.8 point release.

Regards,

Adam

--- End Message ---
Reply to: