diff options
-rw-r--r-- | gnu/local.mk | 1 | ||||
-rw-r--r-- | gnu/packages/patches/jansson-CVE-2016-4425.patch | 125 | ||||
-rw-r--r-- | gnu/packages/web.scm | 3 |
3 files changed, 128 insertions, 1 deletions
diff --git a/gnu/local.mk b/gnu/local.mk index 4dda1fa28a..63ac668fc9 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -551,6 +551,7 @@ dist_patch_DATA = \ %D%/packages/patches/ilmbase-fix-tests.patch \ %D%/packages/patches/inkscape-drop-wait-for-targets.patch \ %D%/packages/patches/irrlicht-mesa-10.patch \ + %D%/packages/patches/jansson-CVE-2016-4425.patch \ %D%/packages/patches/jasper-CVE-2007-2721.patch \ %D%/packages/patches/jasper-CVE-2008-3520.patch \ %D%/packages/patches/jasper-CVE-2008-3522.patch \ diff --git a/gnu/packages/patches/jansson-CVE-2016-4425.patch b/gnu/packages/patches/jansson-CVE-2016-4425.patch new file mode 100644 index 0000000000..ebe9aa7809 --- /dev/null +++ b/gnu/packages/patches/jansson-CVE-2016-4425.patch @@ -0,0 +1,125 @@ +From 64ce0ad3731ebd77e02897b07920eadd0e2cc318 Mon Sep 17 00:00:00 2001 +From: Dmitry Janushkevich <gauri@tut.by> +Date: Mon, 2 May 2016 13:59:26 +0200 +Subject: [PATCH] Fix for issue #282 + +The fix limits recursion depths when parsing arrays and objects. +The limit is configurable via the `JSON_PARSER_MAX_DEPTH` setting +within `jansson_config.h` and is set by default to 2048. + +Update the RFC conformance document to note the limit; the RFC +allows limits to be set by the implementation so nothing has +actually changed w.r.t. conformance state. + +Reported by Gustavo Grieco. +--- + android/jansson_config.h | 4 ++++ + cmake/jansson_config.h.cmake | 4 ++++ + doc/conformance.rst | 10 ++++++++++ + src/jansson_config.h.in | 4 ++++ + src/load.c | 10 ++++++++++ + test/suites/invalid/recursion-depth/error | 2 ++ + test/suites/invalid/recursion-depth/input | 1 + + 7 files changed, 35 insertions(+) + create mode 100644 test/suites/invalid/recursion-depth/error + create mode 100644 test/suites/invalid/recursion-depth/input + +--- a/android/jansson_config.h ++++ b/android/jansson_config.h +@@ -36,4 +36,8 @@ + otherwise to 0. */ + #define JSON_HAVE_LOCALECONV 0 + ++/* Maximum recursion depth for parsing JSON input. ++ This limits the depth of e.g. array-within-array constructions. */ ++#define JSON_PARSER_MAX_DEPTH 2048 ++ + #endif +--- a/cmake/jansson_config.h.cmake ++++ b/cmake/jansson_config.h.cmake +@@ -60,5 +60,9 @@ + #define JSON_HAVE_LOCALECONV @JSON_HAVE_LOCALECONV@ + + ++/* Maximum recursion depth for parsing JSON input. ++ This limits the depth of e.g. array-within-array constructions. */ ++#define JSON_PARSER_MAX_DEPTH 2048 ++ + + #endif +--- a/doc/conformance.rst ++++ b/doc/conformance.rst +@@ -108,3 +108,13 @@ + are implicitly handled via the ordinary C type coercion rules (subject + to overflow semantics). Also, no support or hooks are provided for any + supplemental "bignum" type add-on packages. ++ ++Depth of nested values ++---------------------- ++ ++To avoid stack exhaustion, Jansson currently limits the nesting depth ++for arrays and objects to a certain value (default: 2048), defined as ++a macro ``JSON_PARSER_MAX_DEPTH`` within ``jansson_config.h``. ++ ++The limit is allowed to be set by the RFC; there is no recommended value ++or required minimum depth to be supported. +--- a/src/jansson_config.h.in ++++ b/src/jansson_config.h.in 2020-10-11 | Revert "Revert "install: Pass "modprobe.blacklist=radeon".""... | Florian Pelz |