Fix for CVE-2017-16516

Description: Fix for CVE-2017-16516 Potential buffer overread: A JSON file can cause denial of service. Origin: brianmario/yajl-ruby@a8ca8f4 Bug-Debian: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1040036 Bug: lloyd#248 Patch taken from Debian package source NB, Fedora code can't trigger the reported aborts since it passes the -DNDEBUG flag, but pulling the fix for robustness in case a future change enables the assert()s. Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
berrange · Jul 10, 2023 · 0b5e73c · 0b5e73c
1 parent c98c00d
commit 0b5e73c
Showing 1 changed file with 2 additions and 2 deletions.
diff --git a/src/yajl_encode.c b/src/yajl_encode.c
@@ -139,8 +139,8 @@ void yajl_string_decode(yajl_buf buf, const unsigned char * str,
                     end+=3;
                     /* check if this is a surrogate */
                     if ((codepoint & 0xFC00) == 0xD800) {
-                        end++;
-                        if (str[end] == '\\' && str[end + 1] == 'u') {
+                        if (end + 2 < len && str[end + 1] == '\\' && str[end + 2] == 'u') {
+                            end++;
                             unsigned int surrogate = 0;
                             hexToDigit(&surrogate, str + end + 2);
                             codepoint =