Debian Bug report logs - #687269
libjson0: Empty strings and unicode zero values break json parsing.

Package: libjson0; Maintainer for libjson0 is fabien boucher <fabien.dot.boucher@gmail.com>; Source for libjson0 is src:json-c.

Reported by: Vincent Sanders <vince@debian.org>

Date: Tue, 11 Sep 2012 11:00:01 UTC

Severity: important

Tags: fixed-upstream, moreinfo

Forwarded to https://github.com/json-c/json-c/issues/53

Reply or subscribe to this bug.

Toggle useless messages

View this report as an mbox folder, status mbox, maintainer mbox


Report forwarded to debian-bugs-dist@lists.debian.org, fabien boucher <fabien.dot.boucher@gmail.com>:
Bug#687269; Package libjson0. (Tue, 11 Sep 2012 11:00:04 GMT) Full text and rfc822 format available.

Acknowledgement sent to Vincent Sanders <vince@debian.org>:
New Bug report received and forwarded. Copy sent to fabien boucher <fabien.dot.boucher@gmail.com>. (Tue, 11 Sep 2012 11:00:04 GMT) Full text and rfc822 format available.

Message #5 received at submit@bugs.debian.org (full text, mbox):

From: Vincent Sanders <vince@debian.org>
To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: libjson0: Empty strings and unicode zero values break json parsing.
Date: Tue, 11 Sep 2012 11:48:08 +0100
[Message part 1 (text/plain, inline)]
Package: libjson0
Version: 0.10-1.1
Severity: important

If the input JSON contains empty value (i.e. "") The internal string
buffer is unterminated and unexpected behaviour occours.

If the unicode value \u0000 appears in the input the string is
terminated early and the string is truncated.

The attached patch fixes these issues.

-- System Information:
Debian Release: wheezy/sid
  APT prefers testing
  APT policy: (500, 'testing')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 3.2.0-1-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

Versions of packages libjson0 depends on:
ii  libc6              2.13-33
ii  multiarch-support  2.13-33

libjson0 recommends no packages.

libjson0 suggests no packages.

-- no debconf information
[fix-null-unicode (text/plain, attachment)]

Set Bug forwarded-to-address to 'https://github.com/json-c/json-c/issues/53'. Request was from Samuel Bronson <naesten@gmail.com> to control@bugs.debian.org. (Sat, 01 Dec 2012 22:42:19 GMT) Full text and rfc822 format available.

Information forwarded to debian-bugs-dist@lists.debian.org, fabien boucher <fabien.dot.boucher@gmail.com>:
Bug#687269; Package libjson0. (Fri, 13 Sep 2013 11:03:04 GMT) Full text and rfc822 format available.

Acknowledgement sent to Mathieu Malaterre <malat@debian.org>:
Extra info received and forwarded to list. Copy sent to fabien boucher <fabien.dot.boucher@gmail.com>. (Fri, 13 Sep 2013 11:03:04 GMT) Full text and rfc822 format available.

Message #12 received at 687269@bugs.debian.org (full text, mbox):

From: Mathieu Malaterre <malat@debian.org>
To: Control bugs server <control@bugs.debian.org>, 687269@bugs.debian.org, 687269-submitter@bugs.debian.org
Subject: Empty strings and unicode zero values break json parsing.
Date: Fri, 13 Sep 2013 12:58:47 +0200
tags 687269 fixed-upstream
tags 687269 moreinfo
thanks

Reading:

https://github.com/json-c/json-c/issues/53#issuecomment-11177141

It looks to me as if #687269 is fixed, right ?



Added tag(s) fixed-upstream. Request was from Mathieu Malaterre <malat@debian.org> to control@bugs.debian.org. (Fri, 13 Sep 2013 11:03:10 GMT) Full text and rfc822 format available.

Added tag(s) moreinfo. Request was from Mathieu Malaterre <malat@debian.org> to control@bugs.debian.org. (Fri, 13 Sep 2013 11:03:11 GMT) Full text and rfc822 format available.

Message sent on to Vincent Sanders <vince@debian.org>:
Bug#687269. (Fri, 13 Sep 2013 11:03:23 GMT) Full text and rfc822 format available.

Send a report that this bug log contains spam.


Debian bug tracking system administrator <owner@bugs.debian.org>. Last modified: Thu Apr 24 20:04:19 2014; Machine Name: buxtehude.debian.org

Debian Bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.