Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix potential bad read #178

Merged
merged 1 commit into from
Nov 7, 2017
Merged

Fix potential bad read #178

merged 1 commit into from
Nov 7, 2017

Conversation

brianmario
Copy link
Owner

When decoding a string with escape sequences sure we need to make sure we don't advance our end pointer until we've checked we have enough buffer left to parse, as well as have peeked ahead to see that a unicode escape is approaching.

Thanks @kivikakk for helping me track down the actual bug here! (Previous attempt here)

This fix should be applied upstream on yajl itself as well, but I'm starting here since that's where the original issue was reported and we have a patched yajl embedded anyway.

Fixes #176

@brianmario
Don't advance our end pointer until we've checked we have enough
a8ca8f4 
buffer left and have peeked ahead to see that a unicode escape
is approaching.

Thanks @kivikakk for helping me track down the actual bug here!
@brianmario brianmario mentioned this pull request Nov 7, 2017
Closed
@brianmario brianmario merged commit fe083cc into master Nov 7, 2017
@brianmario brianmario deleted the brianmario/prevent-bad-read branch November 7, 2017 06:16
zerebubuth pushed a commit to tilezen/chef-joerd that referenced this pull request Nov 29, 2017
Bump yajl-ruby version for security reasons.
2fed19f 
Make sure to use version 1.3.1 or later to include fix in brianmario/yajl-ruby#178.
netbsd-srcmastr pushed a commit to NetBSD/pkgsrc that referenced this pull request Dec 9, 2017
@tsutsui
ruby-yajl: update to 1.3.1.
a53bdba 
No upstream changelog, but seems to include security fixes CVE-2017-16516
and others:
 brianmario/yajl-ruby#176
 brianmario/yajl-ruby#178
@brianmario brianmario mentioned this pull request Dec 18, 2017
Closed
@tdunlap607 tdunlap607 mentioned this pull request Apr 22, 2023
Merged
jeroen added a commit to jeroen/jsonlite that referenced this pull request Oct 26, 2023
@jeroen
Port patch for CVE-2017-16516
ce9520f 
From brianmario/yajl-ruby#178
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

SIGABRT - process aborted
1 participant
@brianmario