Package: release.debian.org Severity: normal Tags: buster User: release.debian....@packages.debian.org Usertags: pu
Dear Release Team, I intend to fix https://bugs.debian.org/973442 in Buster. Under some circumstances, the user input will cause an infinite loop in libcjson library. This is a regression introduced by the patch of CVE-2019-11835 and was fixed in cjson/1.7.12. Currently Buster has 1.7.10-1.1. Sid and Testing has 1.7.14 so Testing/Sid are not affected by this bug. This upload cherry-picks a commit provided by upstream as well as corresponding testsuite. The full debdiff is in the attachment. Thanks and please let me know if you have any questions. Regards, Boyuan Yang
diff -Nru cjson-1.7.10/debian/changelog cjson-1.7.10/debian/changelog --- cjson-1.7.10/debian/changelog 2019-05-14 04:52:20.000000000 -0400 +++ cjson-1.7.10/debian/changelog 2021-01-16 17:33:31.000000000 -0500 @@ -1,3 +1,11 @@ +cjson (1.7.10-1.1+deb10u1) buster; urgency=medium + + * Cherry pick upstream commit 08d2bc766a82cd75764d036f9efef444590d1cf9, + which fixes an infinite loop regression introduced in the previous + patch. (Closes: #973442) + + -- Boyuan Yang <by...@debian.org> Sat, 16 Jan 2021 17:33:31 -0500 + cjson (1.7.10-1.1) unstable; urgency=medium * Non-maintainer upload. diff -Nru cjson-1.7.10/debian/patches/08d2bc766a82cd75764d036f9efef444590d1cf9.patch cjson-1.7.10/debian/patches/08d2bc766a82cd75764d036f9efef444590d1cf9.patch --- cjson-1.7.10/debian/patches/08d2bc766a82cd75764d036f9efef444590d1cf9.patch 1969-12-31 19:00:00.000000000 -0500 +++ cjson-1.7.10/debian/patches/08d2bc766a82cd75764d036f9efef444590d1cf9.patch 2021-01-16 17:33:24.000000000 -0500 @@ -0,0 +1,50 @@ +From 08d2bc766a82cd75764d036f9efef444590d1cf9 Mon Sep 17 00:00:00 2001 +From: Max Bruckner <m...@maxbruckner.de> +Date: Thu, 16 May 2019 20:01:02 +0200 +Subject: [PATCH] Fix infinite loop in cJSON_Minify + +Bug-Debian: https://bugs.debian.org/973442 +Applied-Upstream: https://github.com/DaveGamble/cJSON/commit/08d2bc766a82cd75764d036f9efef444590d1cf9 +--- + cJSON.c | 2 ++ + tests/minify_tests.c | 7 +++++++ + 2 files changed, 9 insertions(+) + +diff --git a/cJSON.c b/cJSON.c +index 3a5dc547..f9c2ffa5 100644 +--- a/cJSON.c ++++ b/cJSON.c +@@ -2717,6 +2717,8 @@ CJSON_PUBLIC(void) cJSON_Minify(char *json) + else if (json[1] == '*') + { + skip_multiline_comment(&json); ++ } else { ++ json++; + } + break; + +diff --git a/tests/minify_tests.c b/tests/minify_tests.c +index e39a9446..000821db 100644 +--- a/tests/minify_tests.c ++++ b/tests/minify_tests.c +@@ -152,6 +152,12 @@ static void cjson_minify_should_minify_json(void) { + free(buffer); + } + ++static void cjson_minify_should_not_loop_infinitely(void) { ++ char string[] = { '8', ' ', '/', ' ', '5', '\n', '\0' }; ++ /* this should not be an infinite loop */ ++ cJSON_Minify(string); ++} ++ + int CJSON_CDECL main(void) + { + UNITY_BEGIN(); +@@ -162,6 +168,7 @@ int CJSON_CDECL main(void) + RUN_TEST(cjson_minify_should_remove_multiline_comments); + RUN_TEST(cjson_minify_should_remove_spaces); + RUN_TEST(cjson_minify_should_not_modify_strings); ++ RUN_TEST(cjson_minify_should_not_loop_infinitely); + + return UNITY_END(); + } diff -Nru cjson-1.7.10/debian/patches/series cjson-1.7.10/debian/patches/series --- cjson-1.7.10/debian/patches/series 2019-05-14 04:52:20.000000000 -0400 +++ cjson-1.7.10/debian/patches/series 2021-01-16 17:32:41.000000000 -0500 @@ -1 +1,2 @@ 0001-PATCH-Rewrite-cJSON_Minify-fixing-buffer-overflows-f.patch +08d2bc766a82cd75764d036f9efef444590d1cf9.patch
signature.asc
Description: This is a digitally signed message part
