From b3325c20828745bd26067a7d79f4e78119bbf457 Mon Sep 17 00:00:00 2001 From: root Date: Tue, 12 Nov 2024 17:08:40 +0800 Subject: [PATCH] [CVE] fix cve-2024-31755 to #bug11364 fix cve-2024-31755 Project: TC2024080204 Signed-off-by:yangxinyu --- cjson-1.7.15-fix-cve-2024-31755.patch | 27 +++++++++++++++++++++++++++ cjson.spec | 6 +++++- 2 files changed, 32 insertions(+), 1 deletion(-) create mode 100644 cjson-1.7.15-fix-cve-2024-31755.patch diff --git a/cjson-1.7.15-fix-cve-2024-31755.patch b/cjson-1.7.15-fix-cve-2024-31755.patch new file mode 100644 index 0000000..f8728b3 --- /dev/null +++ b/cjson-1.7.15-fix-cve-2024-31755.patch @@ -0,0 +1,27 @@ +From aa9be7adf91f267aa3575d5bfe5c281f9e748fcc Mon Sep 17 00:00:00 2001 +From: From: Up-wind +Date: Tue, 12 Nov 2024 16:59:13 +0800 +Subject: [PATCH] fix-cve-2024-31755 + +--- + cJSON.c | 4 ++++ + 1 file changed, 4 insertions(+) + +diff --git a/cJSON.c b/cJSON.c +index 3063f74..2414851 100644 +--- a/cJSON.c ++++ b/cJSON.c +@@ -405,6 +405,10 @@ CJSON_PUBLIC(char*) cJSON_SetValuestring(cJSON *object, const char *valuestring) + { + return NULL; + } ++ if (object->valuestring == NULL || valuestring == NULL) ++ { ++ return NULL; ++ } + if (strlen(valuestring) <= strlen(object->valuestring)) + { + strcpy(object->valuestring, valuestring); +-- +2.27.0 + diff --git a/cjson.spec b/cjson.spec index 1b52000..1f84e30 100644 --- a/cjson.spec +++ b/cjson.spec @@ -1,4 +1,4 @@ -%define anolis_release 1 +%define anolis_release 1.1 Name: cjson Version: 1.7.15 @@ -9,6 +9,7 @@ License: MIT and ASL 2.0 URL: https://github.com/DaveGamble/cJSON Source0: %{url}/archive/v%{version}/%{name}-%{version}.tar.gz +Patch0001: cjson-1.7.15-fix-cve-2024-31755.patch BuildRequires: gcc BuildRequires: cmake @@ -66,5 +67,8 @@ rm -f %{buildroot}%{_libdir}/*.{la,a} %doc README.md CHANGELOG.md CONTRIBUTORS.md %changelog +* Tue Nov 12 2024 yangxinyu - 1.7.15-1.1 +- add cjson-1.7.15-fix-cve-2024-31755.patch + * Mon Aug 07 2023 mgb01105731 - 1.7.15-1 - Init upstream from version 1.7.15 -- Gitee