From 8e9d81203bfa607b9043be28e0c5e6dfd1919969 Mon Sep 17 00:00:00 2001 From: youbing54 Date: Mon, 12 May 2025 15:29:53 +0800 Subject: [PATCH] =?UTF-8?q?IssueNo:=20https://gitee.com/openharmony/third?= =?UTF-8?q?=5Fparty=5FcJSON/issues/IC740N=20describe:=20CVE-2023-26819=20?= =?UTF-8?q?=E4=BB=A3=E7=A0=81=E5=9B=9E=E9=80=80=20Feature=20or=20Bugfix:?= =?UTF-8?q?=20Bugfix=20Binary=20Source:Yes=20Signed-off-by:=20youbing54?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- cJSON.c | 12 +----------- cJSON.h | 6 ------ tests/misc_tests.c | 18 ------------------ 3 files changed, 1 insertion(+), 35 deletions(-) diff --git a/cJSON.c b/cJSON.c index ae0783a..63fb043 100644 --- a/cJSON.c +++ b/cJSON.c @@ -3014,14 +3014,7 @@ CJSON_PUBLIC(cJSON *) cJSON_CreateStringArray(const char *const *strings, int co } /* Duplication */ -cJSON * cJSON_Duplicate_rec(const cJSON *item, size_t depth, cJSON_bool recurse); - CJSON_PUBLIC(cJSON *) cJSON_Duplicate(const cJSON *item, cJSON_bool recurse) -{ - return cJSON_Duplicate_rec(item, 0, recurse ); -} - -cJSON * cJSON_Duplicate_rec(const cJSON *item, size_t depth, cJSON_bool recurse) { cJSON *newitem = NULL; cJSON *child = NULL; @@ -3068,10 +3061,7 @@ cJSON * cJSON_Duplicate_rec(const cJSON *item, size_t depth, cJSON_bool recurse) child = item->child; while (child != NULL) { - if(depth >= CJSON_CIRCULAR_LIMIT) { - goto fail; - } - newchild = cJSON_Duplicate_rec(child, ++depth, true); /* Duplicate (with recurse) each item in the ->next chain */ + newchild = cJSON_Duplicate(child, true); /* Duplicate (with recurse) each item in the ->next chain */ if (!newchild) { goto fail; diff --git a/cJSON.h b/cJSON.h index 2f54695..50d3395 100644 --- a/cJSON.h +++ b/cJSON.h @@ -150,12 +150,6 @@ typedef int cJSON_bool; #define CJSON_NESTING_LIMIT 1000 #endif -/* Limits the length of circular references can be before cJSON rejects to parse them. - * This is to prevent stack overflows. */ -#ifndef CJSON_CIRCULAR_LIMIT -#define CJSON_CIRCULAR_LIMIT 10000 -#endif - /* returns the version of cJSON as a string */ CJSON_PUBLIC(const char*) cJSON_Version(void); diff --git a/tests/misc_tests.c b/tests/misc_tests.c index 399007c..2a79dc0 100644 --- a/tests/misc_tests.c +++ b/tests/misc_tests.c @@ -219,23 +219,6 @@ static void cjson_should_not_parse_to_deeply_nested_jsons(void) TEST_ASSERT_NULL_MESSAGE(cJSON_Parse(deep_json), "To deep JSONs should not be parsed."); } -static void cjson_should_not_follow_too_deep_circular_references(void) -{ - cJSON *o = cJSON_CreateArray(); - cJSON *a = cJSON_CreateArray(); - cJSON *b = cJSON_CreateArray(); - cJSON *x; - - cJSON_AddItemToArray(o, a); - cJSON_AddItemToArray(a, b); - cJSON_AddItemToArray(b, o); - - x = cJSON_Duplicate(o, 1); - TEST_ASSERT_NULL(x); - cJSON_DetachItemFromArray(b, 0); - cJSON_Delete(o); -} - static void cjson_set_number_value_should_set_numbers(void) { cJSON number[1] = {{NULL, NULL, NULL, cJSON_Number, NULL, 0, 0, NULL}}; @@ -770,7 +753,6 @@ int CJSON_CDECL main(void) RUN_TEST(cjson_get_object_item_case_sensitive_should_not_crash_with_array); RUN_TEST(typecheck_functions_should_check_type); RUN_TEST(cjson_should_not_parse_to_deeply_nested_jsons); - RUN_TEST(cjson_should_not_follow_too_deep_circular_references); RUN_TEST(cjson_set_number_value_should_set_numbers); RUN_TEST(cjson_detach_item_via_pointer_should_detach_items); RUN_TEST(cjson_replace_item_via_pointer_should_replace_items); -- Gitee