Release version 1.5.8

Makefile: Fix 'make test'
make test tried to execute the test for cJSON_Utils, which has been ported to CUnity tests.
2017-08-21 11:06:10 +02:00 · 2017-08-21 10:58:49 +02:00 · 2017-07-12 23:13:14 +02:00 · 2017-07-12 23:02:31 +02:00 · 2017-07-08 20:16:33 +02:00 · 2017-07-08 09:39:06 +02:00
8 changed files with 45 additions and 10 deletions
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,3 +1,14 @@
+1.5.8
+=====
+* Fix `make test` in the Makefile, thanks @YanhaoMo for reporting this (#195)
+
+1.5.7
+=====
+Fixes:
+------
+* Fix a bug where realloc failing would return a pointer to an invalid memory address. This is a security issue as it could potentially be used by an attacker to write to arbitrary memory addresses. (see #189), fixed in (954d61e5e7cb9dc6c480fc28ac1cdceca07dd5bd), big thanks @timothyjohncarney for reporting this issue
+* Fix a spelling mistake in the AFL fuzzer dictionary (#185), thanks @jwilk
+
 1.5.6
 =====
 Fixes:
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@@ -7,7 +7,7 @@ project(cJSON C)

 set(PROJECT_VERSION_MAJOR 1)
 set(PROJECT_VERSION_MINOR 5)
-set(PROJECT_VERSION_PATCH 6)
+set(PROJECT_VERSION_PATCH 8)
 set(CJSON_VERSION_SO 1)
 set(CJSON_UTILS_VERSION_SO 1)
 set(PROJECT_VERSION "${PROJECT_VERSION_MAJOR}.${PROJECT_VERSION_MINOR}.${PROJECT_VERSION_PATCH}")
--- a/CONTRIBUTORS.md
+++ b/CONTRIBUTORS.md
@@ -15,6 +15,7 @@ Contributors
 * Ian Mobley
 * Irwan Djadjadi
 * [IvanVoid](https://github.com/npi3pak)
+* [Jakub Wilk](https://github.com/jwilk)
 * [Jiri Zouhar](https://github.com/loigu)
 * [Jonathan Fether](https://github.com/jfether)
 * [Julián Vásquez](https://github.com/juvasquezg)
--- a/7
+++ b/7
@@ -8,7 +8,7 @@ CJSON_TEST_SRC = cJSON.c test.c

 LDLIBS = -lm

-LIBVERSION = 1.5.6
+LIBVERSION = 1.5.8
 CJSON_SOVERSION = 1
 UTILS_SOVERSION = 1

@@ -66,11 +66,10 @@ shared: $(CJSON_SHARED) $(UTILS_SHARED)

 static: $(CJSON_STATIC) $(UTILS_STATIC)

-tests: $(CJSON_TEST) $(UTILS_TEST)
+tests: $(CJSON_TEST)

 test: tests
 	./$(CJSON_TEST)
-	./$(UTILS_TEST)

 .c.o:
 	$(CC) -c $(R_CFLAGS) $<
@@ -150,4 +149,4 @@ clean:
 	$(RM) $(CJSON_OBJ) $(UTILS_OBJ) #delete object files
 	$(RM) $(CJSON_SHARED) $(CJSON_SHARED_VERSION) $(CJSON_SHARED_SO) $(CJSON_STATIC) #delete cJSON
 	$(RM) $(UTILS_SHARED) $(UTILS_SHARED_VERSION) $(UTILS_SHARED_SO) $(UTILS_STATIC) #delete cJSON_Utils
-	$(RM) $(CJSON_TEST) $(UTILS_TEST) #delete tests
+	$(RM) $(CJSON_TEST)  #delete test
--- a/cJSON.c
+++ b/cJSON.c
@@ -58,7 +58,7 @@ CJSON_PUBLIC(const char *) cJSON_GetErrorPtr(void)
 }

 /* This is a safeguard to prevent copy-pasters from using incompatible C and header files */
-#if (CJSON_VERSION_MAJOR != 1) || (CJSON_VERSION_MINOR != 5) || (CJSON_VERSION_PATCH != 6)
+#if (CJSON_VERSION_MAJOR != 1) || (CJSON_VERSION_MINOR != 5) || (CJSON_VERSION_PATCH != 8)
    #error cJSON.h and cJSON.c have different versions. Make sure that both have the same.
 #endif

@@ -377,6 +377,14 @@ static unsigned char* ensure(printbuffer * const p, size_t needed)
    {
        /* reallocate with realloc if available */
        newbuffer = (unsigned char*)p->hooks.reallocate(p->buffer, newsize);
+        if (newbuffer == NULL)
+        {
+            p->hooks.deallocate(p->buffer);
+            p->length = 0;
+            p->buffer = NULL;
+
+            return NULL;
+        }
    }
    else
    {
--- a/cJSON.h
+++ b/cJSON.h
@@ -31,7 +31,7 @@ extern "C"
 /* project version */
 #define CJSON_VERSION_MAJOR 1
 #define CJSON_VERSION_MINOR 5
-#define CJSON_VERSION_PATCH 6
+#define CJSON_VERSION_PATCH 8

 #include <stddef.h>

--- a/fuzzing/json.dict
+++ b/fuzzing/json.dict
@@ -25,8 +25,8 @@ escape_sequence_r="\\r"
 escape_sequence_t="\\t"
 escape_sequence_quote="\\\""
 escape_sequence_backslash="\\\\"
-escapce_sequence_slash="\\/"
-escpae_sequence_utf16_base="\\u"
+escape_sequence_slash="\\/"
+escape_sequence_utf16_base="\\u"
 escape_sequence_utf16="\\u12ab"

 number_integer="1"
--- a/tests/misc_tests.c
+++ b/tests/misc_tests.c
@@ -410,6 +410,22 @@ static void cjson_functions_shouldnt_crash_with_null_pointers(void)
    cJSON_Delete(item);
 }

+static void *failing_realloc(void *pointer, size_t size)
+{
+    (void)size;
+    (void)pointer;
+    return NULL;
+}
+
+static void ensure_should_fail_on_failed_realloc(void)
+{
+    printbuffer buffer = {NULL, 10, 0, 0, false, false, {&malloc, &free, &failing_realloc}};
+    buffer.buffer = (unsigned char*)malloc(100);
+    TEST_ASSERT_NOT_NULL(buffer.buffer);
+
+    TEST_ASSERT_NULL_MESSAGE(ensure(&buffer, 200), "Ensure didn't fail with failing realloc.");
+}
+
 int main(void)
 {
    UNITY_BEGIN();
@@ -425,6 +441,6 @@ int main(void)
    RUN_TEST(cjson_replace_item_via_pointer_should_replace_items);
    RUN_TEST(cjson_replace_item_in_object_should_preserve_name);
    RUN_TEST(cjson_functions_shouldnt_crash_with_null_pointers);
-
+    RUN_TEST(ensure_should_fail_on_failed_realloc);
    return UNITY_END();
 }
Author	SHA1	Message	Date
Max Bruckner	1925d1bbe5	Release version 1.5.8	2017-08-21 11:06:10 +02:00
Max Bruckner	76b705576f	Makefile: Fix 'make test' make test tried to execute the test for cJSON_Utils, which has been ported to CUnity tests.	2017-08-21 10:58:49 +02:00
Max Bruckner	88d66c5da9	Release version 1.5.7	2017-07-12 23:13:14 +02:00
Max Bruckner	954d61e5e7	Fix #189 , ensure returns an invalid pointer If realloc returns NULL, ensure didn't abort but returned printbuffer.offset instead. If an attacker can control printbuffer.offset and also make realloc fail at just the right moment, this would make cJSON potentially write at an arbitrary memory address.	2017-07-12 23:02:31 +02:00
Max Bruckner	ecdff7837c	Merge pull request #185 from jwilk-forks/spelling Fix typos in json.dict	2017-07-08 20:16:33 +02:00
Jakub Wilk	a3c2eba991	Fix typos in json.dict	2017-07-08 09:39:06 +02:00