[bug#76819,v7,35/35] gnu: yajl: Patch CVE-2023-33460.

Message ID 20250307183914.8825-35-ngraves@ngraves.fr
State New
Headers
Series Add lint-hidden-cpe-vendors property |

Commit Message

Nicolas Graves March 7, 2025, 6:39 p.m. UTC
  * gnu/packages/patches/yajl-CVE-2023-33460.patch: Add file.
* gnu/local.mk: Record patch.
* gnu/packages/web.scm (yajl)[source]: Record patch.
---
 gnu/local.mk                                  |  1 +
 .../patches/yajl-CVE-2023-33460.patch         | 38 +++++++++++++++++++
 gnu/packages/web.scm                          |  4 +-
 3 files changed, 42 insertions(+), 1 deletion(-)
 create mode 100644 gnu/packages/patches/yajl-CVE-2023-33460.patch
  

Patch

diff --git a/gnu/local.mk b/gnu/local.mk
index dc7836d9a5..c00cee8b15 100644
--- a/gnu/local.mk
+++ b/gnu/local.mk
@@ -2439,6 +2439,7 @@  dist_patch_DATA =						\
   %D%/packages/patches/xterm-370-explicit-xcursor.patch		\
   %D%/packages/patches/xygrib-fix-finding-data.patch		\
   %D%/packages/patches/xygrib-newer-proj.patch			\
+  %D%/packages/patches/yajl-CVE-2023-33460.patch		\
   %D%/packages/patches/yggdrasil-extra-config.patch	\
   %D%/packages/patches/zig-0.9-build-respect-PKG_CONFIG-env-var.patch	\
   %D%/packages/patches/zig-0.9-fix-runpath.patch		\
diff --git a/gnu/packages/patches/yajl-CVE-2023-33460.patch b/gnu/packages/patches/yajl-CVE-2023-33460.patch
new file mode 100644
index 0000000000..9ba6e72774
--- /dev/null
+++ b/gnu/packages/patches/yajl-CVE-2023-33460.patch
@@ -0,0 +1,38 @@ 
+Memory leak in yajl 2.1.0 with use of yajl_tree_parse function
+See https://github.com/lloyd/yajl/issues/250#issuecomment-1628695214
+
+Origin: https://github.com/openEuler-BaseService/yajl/commit/23a122eddaa28165a6c219000adcc31ff9a8a698
+Bug-Debian: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1039984
+Bug: https://github.com/lloyd/yajl/issues/250
+---
+ src/yajl_tree.c | 9 ++++++++-
+ 1 file changed, 8 insertions(+), 1 deletion(-)
+
+diff --git a/src/yajl_tree.c b/src/yajl_tree.c
+index 3d357a32..56c7012f 100644
+--- a/src/yajl_tree.c
++++ b/src/yajl_tree.c
+@@ -143,7 +143,7 @@ static yajl_val context_pop(context_t *ctx)
+     ctx->stack = stack->next;
+ 
+     v = stack->value;
+-
++    free (stack->key);
+     free (stack);
+ 
+     return (v);
+@@ -444,7 +444,14 @@ yajl_val yajl_tree_parse (const char *input,
+              snprintf(error_buffer, error_buffer_size, "%s", internal_err_str);
+              YA_FREE(&(handle->alloc), internal_err_str);
+         }
++        while(ctx.stack != NULL) {
++             yajl_val v = context_pop(&ctx);
++             yajl_tree_free(v);
++        }
+         yajl_free (handle);
++	//If the requested memory is not released in time, it will cause memory leakage
++	if(ctx.root)
++	     yajl_tree_free(ctx.root);
+         return NULL;
+     }
+ 
diff --git a/gnu/packages/web.scm b/gnu/packages/web.scm
index 25436c32ab..26bc3b2939 100644
--- a/gnu/packages/web.scm
+++ b/gnu/packages/web.scm
@@ -1746,7 +1746,9 @@  (define-public yajl
               (file-name (git-file-name name version))
               (sha256
                (base32
-                "00yj06drb6izcxfxfqlhimlrb089kka0w0x8k27pyzyiq7qzcvml"))))
+                "00yj06drb6izcxfxfqlhimlrb089kka0w0x8k27pyzyiq7qzcvml"))
+              (patches
+               (search-patches "yajl-CVE-2023-33460.patch"))))
     (build-system cmake-build-system)
     (arguments
      '(#:phases