The patch for CVE-2023-33460 turned out to be incomplete. Fix that.

See lloyd#250 (comment)
jstamp · Jul 10, 2023 · 7f3fd17 · 7f3fd17
1 parent 41697cf
commit 7f3fd17
Show file tree

Hide file tree

Showing 2 changed files with 24 additions and 3 deletions.
diff --git a/debian/changelog b/debian/changelog
@@ -1,3 +1,9 @@
+yajl (2.1.0-5) unstable; urgency=medium
+
+  * The patch for CVE-2023-33460 turned out to be incomplete.  Fix that.
+
+ -- John Stamp <[email protected]>  Mon, 10 Jul 2023 15:08:58 -0700
+
 yajl (2.1.0-4) unstable; urgency=medium
 
   [Debian Janitor]

diff --git a/debian/patches/CVE-2023-33460.patch b/debian/patches/CVE-2023-33460.patch
@@ -1,17 +1,32 @@
 Description: Fix for CVE-2023-33460a
  Memory leak in yajl 2.1.0 with use of yajl_tree_parse function
+ See https://github.com/lloyd/yajl/issues/250#issuecomment-1628695214
 Origin: https://github.com/openEuler-BaseService/yajl/commit/23a122eddaa28165a6c219000adcc31ff9a8a698
 Bug-Debian: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1039984
 Bug: https://github.com/lloyd/yajl/issues/250
 ---
- src/yajl_tree.c | 3 +++
- 1 file changed, 3 insertions(+)
+ src/yajl_tree.c | 9 ++++++++-
+ 1 file changed, 8 insertions(+), 1 deletion(-)
 
 --- a/src/yajl_tree.c
 +++ b/src/yajl_tree.c
-@@ -445,6 +445,9 @@
+@@ -143,7 +143,7 @@
+     ctx->stack = stack->next;
+
+     v = stack->value;
+-
++    free (stack->key);
+     free (stack);
+
+     return (v);
+@@ -444,7 +444,14 @@
+              snprintf(error_buffer, error_buffer_size, "%s", internal_err_str);
               YA_FREE(&(handle->alloc), internal_err_str);
          }
++        while(ctx.stack != NULL) {
++             yajl_val v = context_pop(&ctx);
++             yajl_tree_free(v);
++        }
          yajl_free (handle);
 +	//If the requested memory is not released in time, it will cause memory leakage
 +	if(ctx.root)