Fix CVE-2015-8863 (Off-by-one error in the tokenadd function in jv_parse.c in jq allows remote attackers to cause a denial of service (crash) via a long JSON-encoded number, which triggers a heap-based buffer overflow): Copied from upstream code repository: From 8eb1367ca44e772963e704a700ef72ae2e12babd Mon Sep 17 00:00:00 2001 From: Nicolas Williams Date: Sat, 24 Oct 2015 17:24:57 -0500 Subject: [PATCH] Heap buffer overflow in tokenadd() (fix #105) This was an off-by one: the NUL terminator byte was not allocated on resize. This was triggered by JSON-encoded numbers longer than 256 bytes. --- jv_parse.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/jv_parse.c b/jv_parse.c index 3102ed4..84245b8 100644 --- a/jv_parse.c +++ b/jv_parse.c @@ -383,7 +383,7 @@ static pfunc stream_token(struct jv_parser* p, char ch) { static void tokenadd(struct jv_parser* p, char c) { assert(p->tokenpos <= p->tokenlen); - if (p->tokenpos == p->tokenlen) { + if (p->tokenpos >= (p->tokenlen - 1)) { p->tokenlen = p->tokenlen*2 + 256; p->tokenbuf = jv_mem_realloc(p->tokenbuf, p->tokenlen); } @@ -485,7 +485,7 @@ static pfunc check_literal(struct jv_parser* p) { TRY(value(p, v)); } else { // FIXME: better parser - p->tokenbuf[p->tokenpos] = 0; // FIXME: invalid + p->tokenbuf[p->tokenpos] = 0; char* end = 0; double d = jvp_strtod(&p->dtoa, p->tokenbuf, &end); if (end == 0 || *end != 0) 
;;; GNU Guix --- Functional package management for GNU
;;; Copyright © 2013 Andreas Enge <andreas@enge.fr>
;;; Copyright © 2016 Efraim Flashner <efraim@flashner.co.il>
;;; Copyright © 2018, 2020 Tobias Geerinckx-Rice <me@tobias.gr>
;;;
;;; This file is part of GNU Guix.
;;;
;;; GNU Guix is free software; you can redistribute it and/or modify it
;;; under the terms of the GNU General Public License as published by
;;; the Free Software Foundation; either version 3 of the License, or (at
;;; your option) any later version.
;;;
;;; GNU Guix is distributed in the hope that it will be useful, but
;;; WITHOUT ANY WARRANTY; without even the implied warranty of
;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
;;; GNU General Public License for more details.
;;;
;;; You should have received a copy of the GNU General Public License
;;; along with GNU Guix.  If not, see <http://www.gnu.org/licenses/>.

(define-module (gnu packages gkrellm)
  #:use-module ((guix licenses) #:prefix license:)
  #:use-module (guix packages)
  #:use-module (guix download)
  #:use-module (guix build-system gnu)
  #:use-module (gnu packages gettext)
  #:use-module (gnu packages gtk)
  #:use-module (gnu packages pkg-config)
  #:use-module (gnu packages xorg))

(define-public gkrellm
  (package
    (name "gkrellm")
    (version "2.3.11")
    (source
     (origin
      (method url-fetch)
      (uri (string-append "http://gkrellm.srcbox.net/releases/gkrellm-"
                          version ".tar.bz2"))
      (sha256
       (base32 "01lccz4fga40isv09j8rjgr0qy10rff9vj042n6gi6gdv4z69q0y"))))
    (build-system gnu-build-system)
    (inputs
     `(("gettext" ,gettext-minimal)
       ("gtk+" ,gtk+-2)
       ("libice" ,libice)
       ("libsm" ,libsm)))
    (native-inputs
     (list pkg-config))
    (arguments
     `(#:tests? #f                      ; there is no check target
       #:phases
       (modify-phases %standard-phases
         (delete 'configure))           ; no configure script
       #:make-flags
       (let ((out (assoc-ref %outputs "out")))
         (list (string-append "INSTALLROOT=" out)
               "CC=gcc"))))
    (home-page "http://gkrellm.srcbox.net/")
    (synopsis "System monitors")
    (description
     "GKrellM is a single process stack of system monitors which supports
applying themes to match its appearance to your window manager, Gtk, or any
other theme.")
    (license license:gpl3+)))
generated by cgit