| From 31531a6e6b5641398237ce15b7e62da02d975fc6 Mon Sep 17 00:00:00 2001 |
| From: Like Ma <likemartinma@gmail.com> |
| Date: Sat, 2 Dec 2023 19:55:55 +0800 |
| Subject: [PATCH] Fix for CVE-2023-33460a |
| |
| Memory leak in yajl 2.1.0 with use of yajl_tree_parse function |
| See https://github.com/lloyd/yajl/issues/250#issuecomment-1628695214 |
| |
| Origin: https://github.com/openEuler-BaseService/yajl/commit/23a122eddaa28165a6c219000adcc31ff9a8a698 |
| Bug-Debian: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1039984 |
| Bug: https://github.com/lloyd/yajl/issues/250 |
| --- |
| src/yajl_tree.c | 9 ++++++++- |
| 1 file changed, 8 insertions(+), 1 deletion(-) |
| |
| --- a/src/yajl_tree.c |
| +++ b/src/yajl_tree.c |
| @@ -143,7 +143,7 @@ static yajl_val context_pop(context_t *c |
| ctx->stack = stack->next; |
| |
| v = stack->value; |
| - |
| + free (stack->key); |
| free (stack); |
| |
| return (v); |
| @@ -444,7 +444,14 @@ yajl_val yajl_tree_parse (const char *in |
| snprintf(error_buffer, error_buffer_size, "%s", internal_err_str); |
| YA_FREE(&(handle->alloc), internal_err_str); |
| } |
| + while(ctx.stack != NULL) { |
| + yajl_val v = context_pop(&ctx); |
| + yajl_tree_free(v); |
| + } |
| yajl_free (handle); |
| + //If the requested memory is not released in time, it will cause memory leakage |
| + if(ctx.root) |
| + yajl_tree_free(ctx.root); |
| return NULL; |
| } |
| |