Merge 133d106e07 into 66e9dff670

Create SECURITY.md
Add NULL check to cJSON_SetValuestring()
2024-04-26 16:59:56 +08:00 · 2024-04-26 16:58:00 +08:00 · 2024-04-26 16:34:05 +08:00
2 changed files with 12 additions and 1 deletions
--- a/SECURITY.md
+++ b/SECURITY.md
@ -0,0 +1,11 @@
+# Security Policy
+
+## Supported Versions
+
+Security is of the highest importance and all security vulnerabilities or suspected security vulnerabilities should be reported to mavonEditor team privately, to minimize attacks against current users of mavonEditor before they are fixed. Vulnerabilities will be investigated and patched on the next patch (or minor) release as soon as possible. This information could be kept entirely internal to the project.
+
+## Reporting a Vulnerability
+
+If you know of a publicly disclosed security vulnerability for mavonEditor, please IMMEDIATELY contact wp_scut@163.com and peterlee@apache.org to inform the mavonEditor Team.
+
+IMPORTANT: Do not file public issues on GitHub for security vulnerabilities.
--- a/cJSON.c
+++ b/cJSON.c
@ -406,7 +406,7 @@ CJSON_PUBLIC(char*) cJSON_SetValuestring(cJSON *object, const char *valuestring)
        return NULL;
    }
    /* return NULL if the object is corrupted */
-    if (object->valuestring == NULL)
+    if (object->valuestring == NULL || valuestring == NULL)
    {
        return NULL;
    }
Author	SHA1	Message	Date
yinhongbo	3fda6b0ec7	Merge `133d106e07` into `66e9dff670`	2024-04-26 16:59:56 +08:00
Alan Wang	66e9dff670	Create SECURITY.md	2024-04-26 16:58:00 +08:00
Up-wind	7e4d5dabe7	Add NULL check to cJSON_SetValuestring() If the valuestring passed to cJSON_SetValuestring is NULL, a null pointer dereference will happen. This commit adds the NULL check of valuestring before it is dereferenced.	2024-04-26 16:34:05 +08:00