backport patches

backport-Fix-issue-854-Set-error-json_tokener_error_memory-in.patch

@@ -0,0 +1,28 @@
+From e93ae70417867dac9ff87614f3e7bc50e79ef951 Mon Sep 17 00:00:00 2001
+From: Eric Hawicz <erh+git@nimenees.com>
+Date: Fri, 29 Mar 2024 18:09:12 -0400
+Subject: [PATCH] Fix issue #854: Set error=json_tokener_error_memory in
+ json_tokener_parser_verbose() when allocating the tokener fails.
+
+---
+ json_tokener.c | 3 +++
+ 1 file changed, 3 insertions(+)
+
+diff --git a/json_tokener.c b/json_tokener.c
+index 9926563..e8244a3 100644
+--- a/json_tokener.c
++++ b/json_tokener.c
+@@ -226,7 +226,10 @@ struct json_object *json_tokener_parse_verbose(const char *str, enum json_tokene
+ 
+ 	tok = json_tokener_new();
+ 	if (!tok)
++	{
++		*error = json_tokener_error_memory;
+ 		return NULL;
++	}
+ 	obj = json_tokener_parse_ex(tok, str, -1);
+ 	*error = tok->err;
+ 	if (tok->err != json_tokener_success
+-- 
+2.35.1.windows.2
+

backport-Handle-NULL-gracefully-in-json_tokener_free.patch

@@ -0,0 +1,32 @@
+From 828c12b22661de53d6497bd1410c68cb153b4f35 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?J=C3=A1n=20Tomko?= <jtomko@redhat.com>
+Date: Wed, 6 Nov 2024 15:19:04 +0100
+Subject: [PATCH] Handle NULL gracefully in json_tokener_free
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+Similarly to glibc's free, make json_tokener_free(NULL)
+a no-op, to simplify cleanup paths.
+
+Signed-off-by: Ján Tomko <jtomko@redhat.com>
+---
+ json_tokener.c | 2 ++
+ 1 file changed, 2 insertions(+)
+
+diff --git a/json_tokener.c b/json_tokener.c
+index c831f8a..4453c89 100644
+--- a/json_tokener.c
++++ b/json_tokener.c
+@@ -182,6 +182,8 @@ struct json_tokener *json_tokener_new(void)
+ 
+ void json_tokener_free(struct json_tokener *tok)
+ {
++	if (!tok)
++		return;
+ 	json_tokener_reset(tok);
+ 	if (tok->pb)
+ 		printbuf_free(tok->pb);
+-- 
+2.35.1.windows.2
+

backport-Handle-yet-another-out-of-memory-condition.patch

@@ -0,0 +1,64 @@
+From 833233faa8d6835276ebbd48b92c7feeb141270d Mon Sep 17 00:00:00 2001
+From: Bruno Haible <bruno@clisp.org>
+Date: Mon, 22 Apr 2024 01:50:59 +0200
+Subject: [PATCH] Handle yet another out-of-memory condition.
+
+duplocale() can return NULL, with errno set to ENOMEM.
+In this case, bail out and set the current error code to
+json_tokener_error_memory.
+---
+ json_tokener.c | 9 ++++++++-
+ json_tokener.h | 3 ++-
+ 2 files changed, 10 insertions(+), 2 deletions(-)
+
+diff --git a/json_tokener.c b/json_tokener.c
+index 6527270..4a2e01e 100644
+--- a/json_tokener.c
++++ b/json_tokener.c
+@@ -17,6 +17,7 @@
+ 
+ #include "math_compat.h"
+ #include <assert.h>
++#include <errno.h>
+ #include <ctype.h>
+ #include <limits.h>
+ #include <math.h>
+@@ -87,7 +88,8 @@ static const char *json_tokener_errors[] = {
+ 	"invalid string sequence",
+ 	"expected comment",
+ 	"invalid utf-8 string",
+-	"buffer size overflow"
++	"buffer size overflow",
++	"out of memory"
+ };
+ /* clang-format on */
+ 
+@@ -289,6 +291,11 @@ struct json_object *json_tokener_parse_ex(struct json_tokener *tok, const char *
+ #ifdef HAVE_USELOCALE
+ 	{
+ 		locale_t duploc = duplocale(oldlocale);
++		if (duploc == NULL && errno == ENOMEM)
++		{
++			tok->err = json_tokener_error_memory;
++			return NULL;
++		}
+ 		newloc = newlocale(LC_NUMERIC_MASK, "C", duploc);
+ 		if (newloc == NULL)
+ 		{
+diff --git a/json_tokener.h b/json_tokener.h
+index a07e12c..ce412e2 100644
+--- a/json_tokener.h
++++ b/json_tokener.h
+@@ -40,7 +40,8 @@ enum json_tokener_error
+ 	json_tokener_error_parse_string,
+ 	json_tokener_error_parse_comment,
+ 	json_tokener_error_parse_utf8_string,
+-	json_tokener_error_size
++	json_tokener_error_size,
++	json_tokener_error_memory
+ };
+ 
+ /**
+-- 
+2.43.0
+

backport-Issue-857-fix-a-few-places-where-json_tokener-should.patch

@@ -0,0 +1,53 @@
+From 31a22fb2dabae30a759ae3346b493b44cedf1647 Mon Sep 17 00:00:00 2001
+From: Eric Hawicz <erh+git@nimenees.com>
+Date: Sun, 21 Apr 2024 10:37:16 -0400
+Subject: [PATCH] Issue #857: fix a few places where json_tokener should have
+ been returning json_tokener_error_memory but wasn't.
+
+---
+ json_tokener.c | 14 +++++++++++++-
+ 1 file changed, 13 insertions(+), 1 deletion(-)
+
+diff --git a/json_tokener.c b/json_tokener.c
+index 57b006a..2b21928 100644
+--- a/json_tokener.c
++++ b/json_tokener.c
+@@ -300,6 +300,7 @@ struct json_object *json_tokener_parse_ex(struct json_tokener *tok, const char *
+ 		newloc = newlocale(LC_NUMERIC_MASK, "C", duploc);
+ 		if (newloc == NULL)
+ 		{
++			tok->err = json_tokener_error_memory;
+ 			freelocale(duploc);
+ 			return NULL;
+ 		}
+@@ -310,7 +311,14 @@ struct json_object *json_tokener_parse_ex(struct json_tokener *tok, const char *
+ 		char *tmplocale;
+ 		tmplocale = setlocale(LC_NUMERIC, NULL);
+ 		if (tmplocale)
++		{
+ 			oldlocale = strdup(tmplocale);
++			if (oldlocale == NULL)
++			{
++				tok->err = json_tokener_error_memory;
++ 				return NULL;
++			}
++		}
+ 		setlocale(LC_NUMERIC, "C");
+ 	}
+ #endif
+@@ -1155,7 +1163,11 @@ struct json_object *json_tokener_parse_ex(struct json_tokener *tok, const char *
+ 			goto redo_char;
+ 
+ 		case json_tokener_state_object_value_add:
+-			json_object_object_add(current, obj_field_name, obj);
++			if (json_object_object_add(current, obj_field_name, obj) != 0)
++			{
++				tok->err = json_tokener_error_memory;
++				goto out;
++			}
+ 			free(obj_field_name);
+ 			obj_field_name = NULL;
+ 			saved_state = json_tokener_state_object_sep;
+-- 
+2.43.0
+

backport-Issue-881-don-t-allow-json_tokener_new_ex-with-a-dep.patch

@@ -0,0 +1,40 @@
+From ff8ed0f094ddb48edad8169b711097f69fe8efea Mon Sep 17 00:00:00 2001
+From: Eric Hawicz <erh+git@nimenees.com>
+Date: Sun, 17 Nov 2024 22:11:24 -0500
+Subject: [PATCH] Issue #881: don't allow json_tokener_new_ex() with a depth <
+ 1
+
+---
+ json_tokener.c | 3 +++
+ json_tokener.h | 1 +
+ 2 files changed, 4 insertions(+)
+
+diff --git a/json_tokener.c b/json_tokener.c
+index 773229e..1954bcd 100644
+--- a/json_tokener.c
++++ b/json_tokener.c
+@@ -154,6 +154,9 @@ struct json_tokener *json_tokener_new_ex(int depth)
+ {
+ 	struct json_tokener *tok;
+ 
++	if (depth < 1)
++		return NULL;
++
+ 	tok = (struct json_tokener *)calloc(1, sizeof(struct json_tokener));
+ 	if (!tok)
+ 		return NULL;
+diff --git a/json_tokener.h b/json_tokener.h
+index 54925e5..f53a761 100644
+--- a/json_tokener.h
++++ b/json_tokener.h
+@@ -206,6 +206,7 @@ JSON_EXPORT struct json_tokener *json_tokener_new(void);
+ 
+ /**
+  * Allocate a new json_tokener with a custom max nesting depth.
++ * The depth must be at least 1.
+  * @see JSON_TOKENER_DEFAULT_DEPTH
+  */
+ JSON_EXPORT struct json_tokener *json_tokener_new_ex(int depth);
+-- 
+2.35.1.windows.2
+

json-c.spec

@@ -6,7 +6,7 @@
 
 Name:           json-c
 Version:        0.15
-Release:        6
+Release:        7
 Summary:        JSON implementation in C
 
 License:        MIT
@@ -18,6 +18,12 @@ BuildRequires:  cmake gcc ninja-build
 Patch6000: backport-json-escape-str-avoid-harmless-unsigned-integer-overflow.patch
 Patch6001: backport-CVE-2021-32292-Fix-read-past-end-of-buffer.patch
 
+Patch6002: backport-Handle-yet-another-out-of-memory-condition.patch
+Patch6003: backport-Fix-issue-854-Set-error-json_tokener_error_memory-in.patch
+Patch6004: backport-Issue-857-fix-a-few-places-where-json_tokener-should.patch
+Patch6005: backport-Handle-NULL-gracefully-in-json_tokener_free.patch
+Patch6006: backport-Issue-881-don-t-allow-json_tokener_new_ex-with-a-dep.patch
+
 %description
 JSON-C implements a reference counting object model that allows you
 to easily construct JSON objects in C, output them as JSON formatted
@@ -106,6 +112,13 @@ end
 %doc %{_pkgdocdir}
 
 %changelog
+* Wed Mar 19 2025 sunhai <sunhai10@huawei.com> - 0.15-7
+- Handle yet another out of memory condition
+- Fix issue 854 Set error json_tokener_error_memory in
+- Issue 857 fix a few places where json_tokener should
+- Handle NULL gracefully in json_tokener_free
+- Issue 881 don t allow json_tokener_new_ex with a dep
+
 * Tue Aug 29 2023 sunhai <sunhai10@huawei.com> - 0.15-6
 - CVE:CVE-2021-32292
 - SUG:NA