From e327f1c860a9bee8f6d919f8bcde673f12a64701 Mon Sep 17 00:00:00 2001 From: Alanscut Date: Sun, 28 Apr 2024 10:26:02 +0800 Subject: [PATCH] fix: fix NULL valuestring error Fix NULL valuestring problem in cJSON_SetValuestring. This fixes #839 and CVE-2024-31755 Related issue #845 --- cJSON.c | 9 ++++++++- tests/misc_tests.c | 1 + 2 files changed, 9 insertions(+), 1 deletion(-) diff --git a/cJSON.c b/cJSON.c index 8903e4c2..dcee4712 100644 --- a/cJSON.c +++ b/cJSON.c @@ -406,10 +406,17 @@ CJSON_PUBLIC(char*) cJSON_SetValuestring(cJSON *object, const char *valuestring) return NULL; } /* return NULL if the object is corrupted */ - if (object->valuestring == NULL || valuestring == NULL) + if (object->valuestring == NULL) { return NULL; } + /* NULL valuestring causes error with strlen and should be treated separately */ + if (valuestring == NULL) + { + cJSON_free(object->valuestring); + object->valuestring = NULL; + return NULL; + } if (strlen(valuestring) <= strlen(object->valuestring)) { strcpy(object->valuestring, valuestring); diff --git a/tests/misc_tests.c b/tests/misc_tests.c index 48fb6ec2..ba3e003e 100644 --- a/tests/misc_tests.c +++ b/tests/misc_tests.c @@ -444,6 +444,7 @@ static void cjson_functions_should_not_crash_with_null_pointers(void) TEST_ASSERT_FALSE(cJSON_Compare(NULL, item, false)); TEST_ASSERT_NULL(cJSON_SetValuestring(NULL, "test")); TEST_ASSERT_NULL(cJSON_SetValuestring(corruptedString, "test")); + TEST_ASSERT_NULL(cJSON_SetValuestring(item, NULL)); cJSON_Minify(NULL); /* skipped because it is only used via a macro that checks for NULL */ /* cJSON_SetNumberHelper(NULL, 0); */