gador/nixpkgs
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

perlPackages.{CpanelJSONXS,JSONXS}: Patches for CVE-2025-40928 and CVE-2025-40929 (#441228)

Browse Source
This commit is contained in:
Stig
2025-09-12 19:38:45 +02:00
committed by GitHub
parent 87a0f16cb0 cb88a6fe75
commit 9c6d827f8d
3 changed files with 80 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

47
pkgs/development/perl-modules/Cpanel-JSON-XS-CVE-2025-40929.patch Normal file
View File

@@ -0,0 +1,47 @@
From 5592bfb58eb8d1c8a644e67c9bba795d1384a995 Mon Sep 17 00:00:00 2001
From: Marc Lehmann <schmorp@schmorp.de>
Date: Sat, 6 Sep 2025 11:31:36 +0200
Subject: [PATCH 1/2] fix json_atof_scan1 overflows
with fuzzed overlong numbers. CVE-2025-40928
Really the comparisons were wrong.
---
XS.xs | 8 ++++----
1 file changed, 4 insertions(+), 4 deletions(-)
diff --git a/XS.xs b/XS.xs
index 9b1ce2b..94ab0d6 100755
--- a/XS.xs
+++ b/XS.xs
@@ -710,16 +710,16 @@ json_atof_scan1 (const char *s, NV *accum, int *expo, int postdp, int maxdepth)
/* if we recurse too deep, skip all remaining digits */
/* to avoid a stack overflow attack */
if (UNLIKELY(--maxdepth <= 0))
- while (((U8)*s - '0') < 10)
+ while ((U8)(*s - '0') < 10)
++s;
for (;;)
{
- U8 dig = (U8)*s - '0';
+ U8 dig = (U8)(*s - '0');
if (UNLIKELY(dig >= 10))
{
- if (dig == (U8)((U8)'.' - (U8)'0'))
+ if (dig == (U8)('.' - '0'))
{
++s;
json_atof_scan1 (s, accum, expo, 1, maxdepth);
@@ -739,7 +739,7 @@ json_atof_scan1 (const char *s, NV *accum, int *expo, int postdp, int maxdepth)
else if (*s == '+')
++s;
- while ((dig = (U8)*s - '0') < 10)
+ while ((dig = (U8)(*s - '0')) < 10)
exp2 = exp2 * 10 + *s++ - '0';
*expo += neg ? -exp2 : exp2;
--
2.50.1

31
pkgs/development/perl-modules/JSON-XS-CVE-2025-40928.patch Normal file
View File

@@ -0,0 +1,31 @@
--- a/XS.xs 2025-09-06 08:34:51.376455632 -0300
+++ b/XS.xs 2025-09-06 08:35:30.725873619 -0300
@@ -253,16 +253,16 @@
// if we recurse too deep, skip all remaining digits
// to avoid a stack overflow attack
if (expect_false (--maxdepth <= 0))
- while (((U8)*s - '0') < 10)
+ while ((U8)(*s - '0') < 10)
++s;
for (;;)
{
- U8 dig = (U8)*s - '0';
+ U8 dig = *s - '0';
if (expect_false (dig >= 10))
{
- if (dig == (U8)((U8)'.' - (U8)'0'))
+ if (dig == (U8)('.' - '0'))
{
++s;
json_atof_scan1 (s, accum, expo, 1, maxdepth);
@@ -282,7 +282,7 @@
else if (*s == '+')
++s;
- while ((dig = (U8)*s - '0') < 10)
+ while ((dig = (U8)(*s - '0')) < 10)
exp2 = exp2 * 10 + *s++ - '0';
*expo += neg ? -exp2 : exp2;

2
pkgs/top-level/perl-packages.nix
View File

@@ -6645,6 +6645,7 @@ with self;
url = "mirror://cpan/authors/id/R/RU/RURBAN/Cpanel-JSON-XS-4.37.tar.gz"; url = "mirror://cpan/authors/id/R/RU/RURBAN/Cpanel-JSON-XS-4.37.tar.gz";
hash = "sha256-wkFhWg4X/3Raqoa79Gam4pzSQFFeZfBqegUBe2GebUs="; hash = "sha256-wkFhWg4X/3Raqoa79Gam4pzSQFFeZfBqegUBe2GebUs=";
}; };
patches = [ ../development/perl-modules/Cpanel-JSON-XS-CVE-2025-40929.patch ];
meta = { meta = {
description = "CPanel fork of JSON::XS, fast and correct serializing"; description = "CPanel fork of JSON::XS, fast and correct serializing";
license = with lib.licenses; [ license = with lib.licenses; [
@@ -18308,6 +18309,7 @@ with self;
url = "mirror://cpan/authors/id/M/ML/MLEHMANN/JSON-XS-4.03.tar.gz"; url = "mirror://cpan/authors/id/M/ML/MLEHMANN/JSON-XS-4.03.tar.gz";
hash = "sha256-UVU29F8voafojIgkUzdY0BIdJnq5y0U6G1iHyKVrkGg="; hash = "sha256-UVU29F8voafojIgkUzdY0BIdJnq5y0U6G1iHyKVrkGg=";
}; };
patches = [ ../development/perl-modules/JSON-XS-CVE-2025-40928.patch ];
propagatedBuildInputs = [ TypesSerialiser ]; propagatedBuildInputs = [ TypesSerialiser ];
buildInputs = [ CanaryStability ]; buildInputs = [ CanaryStability ];
meta = { meta = {