DaveGamble/cJSON
1
0
Fork 0
mirror of https://github.com/DaveGamble/cJSON.git synced 2026-06-06 05:14:39 +00:00
Code Issues Packages Projects Releases Wiki Activity

add NULL checkings (#809)

Browse Source 
* add NULL checks in cJSON_SetValuestring

Fixes #803(CVE-2023-50472)

* add NULL check in cJSON_InsertItemInArray

Fixes #802(CVE-2023-50471)

* add tests for NULL checks

add tests for NULL checks in cJSON_InsertItemInArray and cJSON_SetValuestring
This commit is contained in:
Lee
2023-12-18 11:47:52 +08:00
committed by GitHub
parent cb8693b058
commit 60ff122ef5
2 changed files with 33 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files
cJSON.c
+12 -2
View File
@@ -401,7 +401,12 @@ CJSON_PUBLIC(char*) cJSON_SetValuestring(cJSON *object, const char *valuestring)
{
char *copy = NULL;
/* if object's type is not cJSON_String or is cJSON_IsReference, it should not set valuestring */
if (!(object->type & cJSON_String) || (object->type & cJSON_IsReference))
if ((object == NULL) || !(object->type & cJSON_String) || (object->type & cJSON_IsReference))
{
return NULL;
}
/* return NULL if the object is corrupted */
if (object->valuestring == NULL)
{
return NULL;
}
@@ -2264,7 +2269,7 @@ CJSON_PUBLIC(cJSON_bool) cJSON_InsertItemInArray(cJSON *array, int which, cJSON
{
cJSON *after_inserted = NULL;
if (which < 0)
if (which < 0 || newitem == NULL)
{
return false;
}
@@ -2275,6 +2280,11 @@ CJSON_PUBLIC(cJSON_bool) cJSON_InsertItemInArray(cJSON *array, int which, cJSON
return add_item_to_array(array, newitem);
}
if (after_inserted != array->child && newitem->prev == NULL) {
/* return false if after_inserted is a corrupted array item */
return false;
}
newitem->next = after_inserted;
newitem->prev = after_inserted->prev;
after_inserted->prev = newitem;