-
Notifications
You must be signed in to change notification settings - Fork 567
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Patch apparmor for CVE-2024-31755 (#9258)
- Loading branch information
Showing
2 changed files
with
45 additions
and
1 deletion.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,40 @@ | ||
| commit 7e4d5dabe7a9b754c601f214e65b544e67ba9f59 | ||
| Author: Up-wind <[email protected]> | ||
| Date: Mon Mar 25 20:07:11 2024 +0800 | ||
|
|
||
| Add NULL check to cJSON_SetValuestring() | ||
|
|
||
| If the valuestring passed to cJSON_SetValuestring is NULL, a null pointer dereference will happen. | ||
|
|
||
| This commit adds the NULL check of valuestring before it is dereferenced. | ||
|
|
||
| --- | ||
| binutils/cJSON.c | 5 +++-- | ||
| 1 file changed, 3 insertions(+), 2 deletions(-) | ||
|
|
||
| diff --git a/binutils/cJSON.c b/binutils/cJSON.c | ||
| index 541934c..e85ac11 100644 | ||
| --- a/binutils/cJSON.c | ||
| +++ b/binutils/cJSON.c | ||
| @@ -393,6 +393,7 @@ CJSON_PUBLIC(double) cJSON_SetNumberHelper(cJSON *object, double number) | ||
| return object->valuedouble = number; | ||
| } | ||
|
|
||
| +/* Note: when passing a NULL valuestring, cJSON_SetValuestring treats this as an error and return NULL */ | ||
| CJSON_PUBLIC(char*) cJSON_SetValuestring(cJSON *object, const char *valuestring) | ||
| { | ||
| char *copy = NULL; | ||
| @@ -401,8 +402,8 @@ CJSON_PUBLIC(char*) cJSON_SetValuestring(cJSON *object, const char *valuestring) | ||
| { | ||
| return NULL; | ||
| } | ||
| - /* return NULL if the object is corrupted */ | ||
| - if (object->valuestring == NULL) | ||
| + /* return NULL if the object is corrupted or valuestring is NULL */ | ||
| + if (object->valuestring == NULL || valuestring == NULL) | ||
| { | ||
| return NULL; | ||
| } | ||
| -- | ||
| 2.25.1 | ||
|
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1,7 +1,7 @@ | ||
| Summary: AppArmor is an effective and easy-to-use Linux application security system. | ||
| Name: apparmor | ||
| Version: 3.0.4 | ||
| Release: 3%{?dist} | ||
| Release: 4%{?dist} | ||
| License: GPLv2 | ||
| Vendor: Microsoft Corporation | ||
| Distribution: Mariner | ||
|
|
@@ -10,6 +10,7 @@ URL: https://launchpad.net/apparmor | |
| Source0: https://launchpad.net/apparmor/3.0/3.0.4/+download/%{name}-%{version}.tar.gz | ||
| Patch1: apparmor-service-start-fix.patch | ||
| Patch2: CVE-2023-50471.patch | ||
| Patch3: CVE-2024-31755.patch | ||
| # CVE-2016-1585 has no upstream fix as of 2020/09/28 | ||
| Patch100: CVE-2016-1585.nopatch | ||
| BuildRequires: apr | ||
|
|
@@ -354,6 +355,9 @@ make DESTDIR=%{buildroot} install | |
| %exclude %{perl_archlib}/perllocal.pod | ||
|
|
||
| %changelog | ||
| * Thu May 30 2024 Sumedh Sharma <[email protected]> - 3.0.4-4 | ||
| - Add patch for CVE-2024-31755 | ||
|
|
||
| * Wed Dec 27 2023 Dallas Delaney <[email protected]> - 3.0.4-3 | ||
| - Add patch for CVE-2023-50471 and CVE-2023-50472 | ||
|
|
||
|
|
||