42 lines
1.4 KiB
Diff
42 lines
1.4 KiB
Diff
From 31531a6e6b5641398237ce15b7e62da02d975fc6 Mon Sep 17 00:00:00 2001
|
|
From: Like Ma <likemartinma@gmail.com>
|
|
Date: Sat, 2 Dec 2023 19:55:55 +0800
|
|
Subject: [PATCH] Fix for CVE-2023-33460a
|
|
|
|
Memory leak in yajl 2.1.0 with use of yajl_tree_parse function
|
|
See https://github.com/lloyd/yajl/issues/250#issuecomment-1628695214
|
|
|
|
Origin: https://github.com/openEuler-BaseService/yajl/commit/23a122eddaa28165a6c219000adcc31ff9a8a698
|
|
Bug-Debian: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1039984
|
|
Bug: https://github.com/lloyd/yajl/issues/250
|
|
---
|
|
src/yajl_tree.c | 9 ++++++++-
|
|
1 file changed, 8 insertions(+), 1 deletion(-)
|
|
|
|
--- a/src/yajl_tree.c
|
|
+++ b/src/yajl_tree.c
|
|
@@ -143,7 +143,7 @@ static yajl_val context_pop(context_t *c
|
|
ctx->stack = stack->next;
|
|
|
|
v = stack->value;
|
|
-
|
|
+ free (stack->key);
|
|
free (stack);
|
|
|
|
return (v);
|
|
@@ -444,7 +444,14 @@ yajl_val yajl_tree_parse (const char *in
|
|
snprintf(error_buffer, error_buffer_size, "%s", internal_err_str);
|
|
YA_FREE(&(handle->alloc), internal_err_str);
|
|
}
|
|
+ while(ctx.stack != NULL) {
|
|
+ yajl_val v = context_pop(&ctx);
|
|
+ yajl_tree_free(v);
|
|
+ }
|
|
yajl_free (handle);
|
|
+ //If the requested memory is not released in time, it will cause memory leakage
|
|
+ if(ctx.root)
|
|
+ yajl_tree_free(ctx.root);
|
|
return NULL;
|
|
}
|
|
|