mirror of https://github.com/DaveGamble/cJSON
Compare commits
5 Commits
be60d05ede
...
507366bdba
Author | SHA1 | Date |
---|---|---|
slark-yuxj | 507366bdba | |
Alanscut | 87d8f0961a | |
Lee | f66cbab4bf | |
Lee | 60ff122ef5 | |
“uinontech_yuxiaojun” | b64963332f |
|
@ -1,3 +1,10 @@
|
|||
1.7.17 (Dec 26, 2023)
|
||||
======
|
||||
Fixes:
|
||||
------
|
||||
* Fix null reference in cJSON_SetValuestring(CVE-2023-50472), see #809
|
||||
* Fix null reference in cJSON_InsertItemInArray(CVE-2023-50471), see #809 and #810
|
||||
|
||||
1.7.16 (Jul 5, 2023)
|
||||
======
|
||||
Features:
|
||||
|
|
|
@ -2,7 +2,7 @@ set(CMAKE_LEGACY_CYGWIN_WIN32 0)
|
|||
cmake_minimum_required(VERSION 3.0)
|
||||
|
||||
project(cJSON
|
||||
VERSION 1.7.16
|
||||
VERSION 1.7.17
|
||||
LANGUAGES C)
|
||||
|
||||
cmake_policy(SET CMP0054 NEW) # set CMP0054 policy
|
||||
|
|
2
Makefile
2
Makefile
|
@ -8,7 +8,7 @@ CJSON_TEST_SRC = cJSON.c test.c
|
|||
|
||||
LDLIBS = -lm
|
||||
|
||||
LIBVERSION = 1.7.16
|
||||
LIBVERSION = 1.7.17
|
||||
CJSON_SOVERSION = 1
|
||||
UTILS_SOVERSION = 1
|
||||
|
||||
|
|
39
cJSON.c
39
cJSON.c
|
@ -117,7 +117,7 @@ CJSON_PUBLIC(double) cJSON_GetNumberValue(const cJSON * const item)
|
|||
}
|
||||
|
||||
/* This is a safeguard to prevent copy-pasters from using incompatible C and header files */
|
||||
#if (CJSON_VERSION_MAJOR != 1) || (CJSON_VERSION_MINOR != 7) || (CJSON_VERSION_PATCH != 16)
|
||||
#if (CJSON_VERSION_MAJOR != 1) || (CJSON_VERSION_MINOR != 7) || (CJSON_VERSION_PATCH != 17)
|
||||
#error cJSON.h and cJSON.c have different versions. Make sure that both have the same.
|
||||
#endif
|
||||
|
||||
|
@ -401,7 +401,12 @@ CJSON_PUBLIC(char*) cJSON_SetValuestring(cJSON *object, const char *valuestring)
|
|||
{
|
||||
char *copy = NULL;
|
||||
/* if object's type is not cJSON_String or is cJSON_IsReference, it should not set valuestring */
|
||||
if (!(object->type & cJSON_String) || (object->type & cJSON_IsReference))
|
||||
if ((object == NULL) || !(object->type & cJSON_String) || (object->type & cJSON_IsReference))
|
||||
{
|
||||
return NULL;
|
||||
}
|
||||
/* return NULL if the object is corrupted */
|
||||
if (object->valuestring == NULL)
|
||||
{
|
||||
return NULL;
|
||||
}
|
||||
|
@ -568,15 +573,22 @@ static cJSON_bool print_number(const cJSON * const item, printbuffer * const out
|
|||
}
|
||||
else
|
||||
{
|
||||
/* Try 15 decimal places of precision to avoid nonsignificant nonzero digits */
|
||||
length = sprintf((char*)number_buffer, "%1.15g", d);
|
||||
if(item->valuedouble == item->valueint)
|
||||
{
|
||||
length = sprintf((char*)number_buffer, "%d", item->valueint);
|
||||
}
|
||||
else
|
||||
{
|
||||
/* Try 15 decimal places of precision to avoid nonsignificant nonzero digits */
|
||||
length = sprintf((char*)number_buffer, "%1.15g", d);
|
||||
|
||||
/* Check whether the original double can be recovered */
|
||||
if ((sscanf((char*)number_buffer, "%lg", &test) != 1) || !compare_double((double)test, d))
|
||||
{
|
||||
/* If not, print with 17 decimal places of precision */
|
||||
length = sprintf((char*)number_buffer, "%1.17g", d);
|
||||
}
|
||||
/* Check whether the original double can be recovered */
|
||||
if ((sscanf((char*)number_buffer, "%lg", &test) != 1) || !compare_double((double)test, d))
|
||||
{
|
||||
/* If not, print with 17 decimal places of precision */
|
||||
length = sprintf((char*)number_buffer, "%1.17g", d);
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
/* sprintf failed or buffer overrun occurred */
|
||||
|
@ -2264,7 +2276,7 @@ CJSON_PUBLIC(cJSON_bool) cJSON_InsertItemInArray(cJSON *array, int which, cJSON
|
|||
{
|
||||
cJSON *after_inserted = NULL;
|
||||
|
||||
if (which < 0)
|
||||
if (which < 0 || newitem == NULL)
|
||||
{
|
||||
return false;
|
||||
}
|
||||
|
@ -2275,6 +2287,11 @@ CJSON_PUBLIC(cJSON_bool) cJSON_InsertItemInArray(cJSON *array, int which, cJSON
|
|||
return add_item_to_array(array, newitem);
|
||||
}
|
||||
|
||||
if (after_inserted != array->child && after_inserted->prev == NULL) {
|
||||
/* return false if after_inserted is a corrupted array item */
|
||||
return false;
|
||||
}
|
||||
|
||||
newitem->next = after_inserted;
|
||||
newitem->prev = after_inserted->prev;
|
||||
after_inserted->prev = newitem;
|
||||
|
|
2
cJSON.h
2
cJSON.h
|
@ -81,7 +81,7 @@ then using the CJSON_API_VISIBILITY flag to "export" the same symbols the way CJ
|
|||
/* project version */
|
||||
#define CJSON_VERSION_MAJOR 1
|
||||
#define CJSON_VERSION_MINOR 7
|
||||
#define CJSON_VERSION_PATCH 16
|
||||
#define CJSON_VERSION_PATCH 17
|
||||
|
||||
#include <stddef.h>
|
||||
|
||||
|
|
|
@ -352,6 +352,19 @@ static void cjson_functions_should_not_crash_with_null_pointers(void)
|
|||
{
|
||||
char buffer[10];
|
||||
cJSON *item = cJSON_CreateString("item");
|
||||
cJSON *array = cJSON_CreateArray();
|
||||
cJSON *item1 = cJSON_CreateString("item1");
|
||||
cJSON *item2 = cJSON_CreateString("corrupted array item3");
|
||||
cJSON *corruptedString = cJSON_CreateString("corrupted");
|
||||
struct cJSON *originalPrev;
|
||||
|
||||
add_item_to_array(array, item1);
|
||||
add_item_to_array(array, item2);
|
||||
|
||||
originalPrev = item2->prev;
|
||||
item2->prev = NULL;
|
||||
free(corruptedString->valuestring);
|
||||
corruptedString->valuestring = NULL;
|
||||
|
||||
cJSON_InitHooks(NULL);
|
||||
TEST_ASSERT_NULL(cJSON_Parse(NULL));
|
||||
|
@ -411,6 +424,8 @@ static void cjson_functions_should_not_crash_with_null_pointers(void)
|
|||
cJSON_DeleteItemFromObject(item, NULL);
|
||||
cJSON_DeleteItemFromObjectCaseSensitive(NULL, "item");
|
||||
cJSON_DeleteItemFromObjectCaseSensitive(item, NULL);
|
||||
TEST_ASSERT_FALSE(cJSON_InsertItemInArray(array, 0, NULL));
|
||||
TEST_ASSERT_FALSE(cJSON_InsertItemInArray(array, 1, item));
|
||||
TEST_ASSERT_FALSE(cJSON_InsertItemInArray(NULL, 0, item));
|
||||
TEST_ASSERT_FALSE(cJSON_InsertItemInArray(item, 0, NULL));
|
||||
TEST_ASSERT_FALSE(cJSON_ReplaceItemViaPointer(NULL, item, item));
|
||||
|
@ -427,10 +442,16 @@ static void cjson_functions_should_not_crash_with_null_pointers(void)
|
|||
TEST_ASSERT_NULL(cJSON_Duplicate(NULL, true));
|
||||
TEST_ASSERT_FALSE(cJSON_Compare(item, NULL, false));
|
||||
TEST_ASSERT_FALSE(cJSON_Compare(NULL, item, false));
|
||||
TEST_ASSERT_NULL(cJSON_SetValuestring(NULL, "test"));
|
||||
TEST_ASSERT_NULL(cJSON_SetValuestring(corruptedString, "test"));
|
||||
cJSON_Minify(NULL);
|
||||
/* skipped because it is only used via a macro that checks for NULL */
|
||||
/* cJSON_SetNumberHelper(NULL, 0); */
|
||||
|
||||
/* restore corrupted item2 to delete it */
|
||||
item2->prev = originalPrev;
|
||||
cJSON_Delete(corruptedString);
|
||||
cJSON_Delete(array);
|
||||
cJSON_Delete(item);
|
||||
}
|
||||
|
||||
|
|
Loading…
Reference in New Issue