forked from microsoft/azurelinux
-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathCVE-2026-33948.patch
More file actions
51 lines (44 loc) · 1.51 KB
/
CVE-2026-33948.patch
File metadata and controls
51 lines (44 loc) · 1.51 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
From 6b00368687afbad32cb454a1cddb4af18ae2eb8b Mon Sep 17 00:00:00 2001
From: itchyny <itchyny@cybozu.co.jp>
Date: Mon, 13 Apr 2026 08:46:11 +0900
Subject: [PATCH] Fix NUL truncation in the JSON parser
This fixes CVE-2026-33948.
Signed-off-by: Azure Linux Security Servicing Account <azurelinux-security@microsoft.com>
Upstream-reference: https://github.com/jqlang/jq/commit/6374ae0bcdfe33a18eb0ae6db28493b1f34a0a5b.patch
---
src/util.c | 8 +-------
tests/shtest | 6 ++++++
2 files changed, 7 insertions(+), 7 deletions(-)
diff --git a/src/util.c b/src/util.c
index de44fa6..422a8b8 100644
--- a/src/util.c
+++ b/src/util.c
@@ -311,13 +311,7 @@ static int jq_util_input_read_more(jq_util_input_state *state) {
if (p != NULL)
state->current_line++;
- if (p == NULL && state->parser != NULL) {
- /*
- * There should be no NULs in JSON texts (but JSON text
- * sequences are another story).
- */
- state->buf_valid_len = strlen(state->buf);
- } else if (p == NULL && feof(state->current_input)) {
+ if (p == NULL && feof(state->current_input)) {
size_t i;
/*
diff --git a/tests/shtest b/tests/shtest
index a471889..0397ca0 100755
--- a/tests/shtest
+++ b/tests/shtest
@@ -609,4 +609,10 @@ $VALGRIND $Q $JQ . <<\NUM
-10E-1000000001
NUM
+# CVE-2026-33948: No NUL truncation in the JSON parser
+if printf '{}\x00{}' | $JQ >/dev/null 2> /dev/null; then
+ printf 'Error expected but jq exited successfully\n' 1>&2
+ exit 1
+fi
+
exit 0
--
2.45.4