Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

rubygem-yajl-ruby: fix CVE 2022 24795 #3598

Merged
merged 5 commits into from
Aug 24, 2022
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
41 changes: 41 additions & 0 deletions SPECS/rubygem-yajl-ruby/CVE-2022-24795.patch
Original file line number Diff line number Diff line change
@@ -0,0 +1,41 @@
Nicolas Guibourge, Tue Aug 23 2022, backport from version 1.4.1 to 1.3.1
From commitid 8daacc158c209ae881db76a762e3f105a22741b9
From commitid 22aa1e7b8f613263c781f9c44468b997e91ac583

diff -ru yajl-ruby-1.3.1-orig/ext/yajl/api/yajl_gen.h yajl-ruby-1.3.1/ext/yajl/api/yajl_gen.h
--- yajl-ruby-1.3.1-orig/ext/yajl/api/yajl_gen.h 2017-11-06 22:19:23.000000000 -0800
+++ yajl-ruby-1.3.1/ext/yajl/api/yajl_gen.h 2022-08-23 02:58:32.587721599 -0700
@@ -63,7 +63,9 @@
yajl_gen_invalid_number,
/** A print callback was passed in, so there is no internal
* buffer to get from */
- yajl_gen_no_buf
+ yajl_gen_no_buf,
+ /** Tried to decrement at depth 0 */
+ yajl_depth_underflow
} yajl_gen_status;

/** an opaque handle to a generator */
diff -ru yajl-ruby-1.3.1-orig/ext/yajl/yajl_gen.c yajl-ruby-1.3.1/ext/yajl/yajl_gen.c
--- yajl-ruby-1.3.1-orig/ext/yajl/yajl_gen.c 2017-11-06 22:19:23.000000000 -0800
+++ yajl-ruby-1.3.1/ext/yajl/yajl_gen.c 2022-08-23 03:00:27.108553941 -0700
@@ -178,7 +178,7 @@
if (++(g->depth) >= YAJL_MAX_DEPTH) return yajl_max_depth_exceeded;

#define DECREMENT_DEPTH \
- if (--(g->depth) >= YAJL_MAX_DEPTH) return yajl_gen_error;
+ if (--(g->depth) >= YAJL_MAX_DEPTH) return yajl_depth_underflow;

#define APPENDED_ATOM \
switch (g->state[g->depth]) { \
diff -ru yajl-ruby-1.3.1-orig/ext/yajl/yajl_lex.c yajl-ruby-1.3.1/ext/yajl/yajl_lex.c
--- yajl-ruby-1.3.1-orig/ext/yajl/yajl_lex.c 2017-11-06 22:19:23.000000000 -0800
+++ yajl-ruby-1.3.1/ext/yajl/yajl_lex.c 2022-08-23 03:01:34.613044611 -0700
@@ -46,6 +46,7 @@
case yajl_tok_bool: return "bool";
case yajl_tok_colon: return "colon";
case yajl_tok_comma: return "comma";
+ case yajl_tok_comment: return "comment";
case yajl_tok_eof: return "eof";
case yajl_tok_error: return "error";
case yajl_tok_left_brace: return "brace";
6 changes: 5 additions & 1 deletion SPECS/rubygem-yajl-ruby/rubygem-yajl-ruby.spec
Original file line number Diff line number Diff line change
Expand Up @@ -3,14 +3,15 @@
Summary: A streaming JSON parsing and encoding library for Ruby
Name: rubygem-yajl-ruby
Version: 1.3.1
Release: 1%{?dist}
Release: 2%{?dist}
License: MIT
Vendor: Microsoft Corporation
Distribution: Mariner
Group: Development/Languages
URL: https://github.com/brianmario/yajl-ruby
Source0: https://github.com/brianmario/yajl-ruby/archive/refs/tags/%{version}.tar.gz#/%{gem_name}-%{version}.tar.gz
Patch0: fix-file_list.patch
Patch1: CVE-2022-24795.patch
BuildRequires: git
BuildRequires: ruby
Provides: rubygem(%{gem_name}) = %{version}-%{release}
Expand All @@ -33,6 +34,9 @@ gem install -V --local --force --install-dir %{buildroot}/%{gemdir} %{gem_name}-
%{gemdir}

%changelog
* Tue Aug 23 2022 Nicolas Guibourge <[email protected]> - 1.3.1-2
- Fix CVE-2022-24795.

* Wed Jun 22 2022 Neha Agarwal <[email protected]> - 1.3.1-1
- Downgrade to v1.3.1.
- Build from .tar.gz source.
Expand Down