packages/libyaml
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

fix CVE-2024-3205

Browse Source 
(cherry picked from commit db32871ad7c01190c77d38879e32dc712afd25b1)
This commit is contained in:
fly_fzc 2024-04-25 10:21:08 +08:00 committed by openeuler-sync-bot
parent 1a480cfae9
commit d06f97f0a4
3 changed files with 58 additions and 35 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

52
backport-CVE-2024-3205-Fix-emitter-states-handling-when-write_indicator-fails.patch Normal file
View File

@ -0,0 +1,52 @@
From ff577b94511f9fc314435a1154f1124dccbe57ec Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Tina=20M=C3=BCller?= <cpan2@tinita.de>
Date: Mon, 8 Apr 2024 23:32:52 +0200
Subject: [PATCH] Fix emitter states handling when write_indicator fails
There are cases where yaml_emitter_write_indicator fails.
In that case POP is called on emitter->indents but not on emitter->states,
which results in a leftover event in the stack, and later POP is called
on an empty emitter->indents stack.
This commit does not fix the case of the failing yaml_emitter_write_indicator.
This is still investigated.
---
src/emitter.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/src/emitter.c b/src/emitter.c
index 609b28a4..0aca6c34 100644
--- a/src/emitter.c
+++ b/src/emitter.c
@@ -759,6 +759,7 @@ yaml_emitter_emit_flow_sequence_item(yaml_emitter_t *emitter,
{
emitter->flow_level --;
emitter->indent = POP(emitter, emitter->indents);
+ emitter->state = POP(emitter, emitter->states);
if (emitter->canonical && !first) {
if (!yaml_emitter_write_indicator(emitter, ",", 0, 0, 0))
return 0;
@@ -767,7 +768,6 @@ yaml_emitter_emit_flow_sequence_item(yaml_emitter_t *emitter,
}
if (!yaml_emitter_write_indicator(emitter, "]", 0, 0, 0))
return 0;
- emitter->state = POP(emitter, emitter->states);
return 1;
}
@@ -808,6 +808,7 @@ yaml_emitter_emit_flow_mapping_key(yaml_emitter_t *emitter,
return 0;
emitter->flow_level --;
emitter->indent = POP(emitter, emitter->indents);
+ emitter->state = POP(emitter, emitter->states);
if (emitter->canonical && !first) {
if (!yaml_emitter_write_indicator(emitter, ",", 0, 0, 0))
return 0;
@@ -816,7 +817,6 @@ yaml_emitter_emit_flow_mapping_key(yaml_emitter_t *emitter,
}
if (!yaml_emitter_write_indicator(emitter, "}", 0, 0, 0))
return 0;
- emitter->state = POP(emitter, emitter->states);
return 1;
}

32
fix-heap-buffer-overflow-error-in-yaml-emitter-emit.patch
View File

@ -1,32 +0,0 @@
From cbd860b8e62ec0dc85d4d76a9a8900a3db9c740c Mon Sep 17 00:00:00 2001
From: chenziyang <chenziyang4@huawei.com>
Date: Tue, 8 Nov 2022 11:15:36 +0800
Subject: [PATCH] Fix heap buffer overflow error in
yaml_emitter_emit_flow_sequence_item function
---
src/emitter.c | 8 +++++++-
1 file changed, 7 insertions(+), 1 deletion(-)
diff --git a/src/emitter.c b/src/emitter.c
index 609b28a..336bfd1 100644
--- a/src/emitter.c
+++ b/src/emitter.c
@@ -758,7 +758,13 @@ yaml_emitter_emit_flow_sequence_item(yaml_emitter_t *emitter,
if (event->type == YAML_SEQUENCE_END_EVENT)
{
emitter->flow_level --;
- emitter->indent = POP(emitter, emitter->indents);
+ if (!STACK_EMPTY(emitter, emitter->indents)) {
+ emitter->indent = POP(emitter, emitter->indents);
+ }
+ else {
+ emitter->indent = 0; // set to default
+ }
+
if (emitter->canonical && !first) {
if (!yaml_emitter_write_indicator(emitter, ",", 0, 0, 0))
return 0;
--
2.21.0.windows.1

9
libyaml.spec
View File

@ -1,14 +1,14 @@
Name: libyaml Name: libyaml
Version: 0.2.5 Version: 0.2.5
Release: 5 Release: 6
Summary: A C library for parsing and emitting YAML Summary: A C library for parsing and emitting YAML
License: MIT License: MIT
URL: https://github.com/yaml/libyaml URL: https://github.com/yaml/libyaml
Source0: https://github.com/yaml/libyaml/releases/download/%{version}/yaml-%{version}.tar.gz Source0: https://github.com/yaml/libyaml/releases/download/%{version}/yaml-%{version}.tar.gz
Patch0: fix-heap-buffer-overflow-in-yaml_emitter_emit_flow_m.patch Patch0: fix-heap-buffer-overflow-in-yaml_emitter_emit_flow_m.patch
Patch1: fix-heap-buffer-overflow-error-in-yaml-emitter-emit.patch Patch1: backport-Improve-CMake-build-system.patch
Patch2: backport-Improve-CMake-build-system.patch Patch2: backport-CVE-2024-3205-Fix-emitter-states-handling-when-write_indicator-fails.patch
BuildRequires: gcc BuildRequires: gcc
@ -74,6 +74,9 @@ make check
%changelog %changelog
* Thu Apr 25 2024 fuanan <fuanan3@h-partners.com> - 0.2.5-6
- fix CVE-2024-3205
* Sat May 27 2023 fuanan <fuanan3@h-partners.com> - 0.2.5-5 * Sat May 27 2023 fuanan <fuanan3@h-partners.com> - 0.2.5-5
- Support cmake build system - Support cmake build system
- Modify URL and Source0 - Modify URL and Source0