From f3a34be86a08cb95ea046fd5a52aae19fe2376bc Mon Sep 17 00:00:00 2001 From: sun_haii_10 Date: Sat, 15 Mar 2025 17:05:45 +0800 Subject: [PATCH] backport patches (cherry picked from commit 55884d2a03bcbf977c752a1a383c8064805ee55c) --- ...NULL-gracefully-in-json_tokener_free.patch | 32 +++++++++++++++ ...allow-json_tokener_new_ex-with-a-dep.patch | 40 +++++++++++++++++++ json-c.spec | 12 +++++- 3 files changed, 83 insertions(+), 1 deletion(-) create mode 100644 backport-Handle-NULL-gracefully-in-json_tokener_free.patch create mode 100644 backport-Issue-881-don-t-allow-json_tokener_new_ex-with-a-dep.patch diff --git a/backport-Handle-NULL-gracefully-in-json_tokener_free.patch b/backport-Handle-NULL-gracefully-in-json_tokener_free.patch new file mode 100644 index 0000000..f45a94d --- /dev/null +++ b/backport-Handle-NULL-gracefully-in-json_tokener_free.patch @@ -0,0 +1,32 @@ +From 828c12b22661de53d6497bd1410c68cb153b4f35 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?J=C3=A1n=20Tomko?= +Date: Wed, 6 Nov 2024 15:19:04 +0100 +Subject: [PATCH] Handle NULL gracefully in json_tokener_free +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +Similarly to glibc's free, make json_tokener_free(NULL) +a no-op, to simplify cleanup paths. + +Signed-off-by: Ján Tomko +--- + json_tokener.c | 2 ++ + 1 file changed, 2 insertions(+) + +diff --git a/json_tokener.c b/json_tokener.c +index c831f8a..4453c89 100644 +--- a/json_tokener.c ++++ b/json_tokener.c +@@ -182,6 +182,8 @@ struct json_tokener *json_tokener_new(void) + + void json_tokener_free(struct json_tokener *tok) + { ++ if (!tok) ++ return; + json_tokener_reset(tok); + if (tok->pb) + printbuf_free(tok->pb); +-- +2.35.1.windows.2 + diff --git a/backport-Issue-881-don-t-allow-json_tokener_new_ex-with-a-dep.patch b/backport-Issue-881-don-t-allow-json_tokener_new_ex-with-a-dep.patch new file mode 100644 index 0000000..09ab7fe --- /dev/null +++ b/backport-Issue-881-don-t-allow-json_tokener_new_ex-with-a-dep.patch @@ -0,0 +1,40 @@ +From ff8ed0f094ddb48edad8169b711097f69fe8efea Mon Sep 17 00:00:00 2001 +From: Eric Hawicz +Date: Sun, 17 Nov 2024 22:11:24 -0500 +Subject: [PATCH] Issue #881: don't allow json_tokener_new_ex() with a depth < + 1 + +--- + json_tokener.c | 3 +++ + json_tokener.h | 1 + + 2 files changed, 4 insertions(+) + +diff --git a/json_tokener.c b/json_tokener.c +index 773229e..1954bcd 100644 +--- a/json_tokener.c ++++ b/json_tokener.c +@@ -154,6 +154,9 @@ struct json_tokener *json_tokener_new_ex(int depth) + { + struct json_tokener *tok; + ++ if (depth < 1) ++ return NULL; ++ + tok = (struct json_tokener *)calloc(1, sizeof(struct json_tokener)); + if (!tok) + return NULL; +diff --git a/json_tokener.h b/json_tokener.h +index 54925e5..f53a761 100644 +--- a/json_tokener.h ++++ b/json_tokener.h +@@ -206,6 +206,7 @@ JSON_EXPORT struct json_tokener *json_tokener_new(void); + + /** + * Allocate a new json_tokener with a custom max nesting depth. ++ * The depth must be at least 1. + * @see JSON_TOKENER_DEFAULT_DEPTH + */ + JSON_EXPORT struct json_tokener *json_tokener_new_ex(int depth); +-- +2.35.1.windows.2 + diff --git a/json-c.spec b/json-c.spec index 9a46a1b..2cdd1fd 100644 --- a/json-c.spec +++ b/json-c.spec @@ -6,7 +6,7 @@ Name: json-c Version: 0.17 -Release: 6 +Release: 7 Summary: JSON implementation in C License: MIT @@ -24,6 +24,9 @@ Patch6006: backport-Fix-the-expected-output-for-test_parse.patch Patch6007: backport-Fix-issue-875-cast-to-unsigned-char-so-bytes-above-0.patch Patch6008: backport-Fix-the-apps-json_parse-s-strict-option-so-it-actual.patch +Patch6009: backport-Handle-NULL-gracefully-in-json_tokener_free.patch +Patch6010: backport-Issue-881-don-t-allow-json_tokener_new_ex-with-a-dep.patch + %description JSON-C implements a reference counting object model that allows you to easily construct JSON objects in C, output them as JSON formatted @@ -110,6 +113,13 @@ end %doc %{_pkgdocdir} %changelog +* Sat Mar 15 2025 sunhai - 0.17-7 +- Type:bugfix +- ID:NA +- SUG:NA +- DESC: Handle NULL gracefully in json_tokener_free + Issue 881 don t allow json_tokener_new_ex with a dep + * Fri Dec 06 2024 sunhai - 0.17-6 - Type:bugfix - ID:NA