File raptor-CVE-2024-57822.patch of Package raptor
From ece2c79df43091686a538b8231cf387d84bfa60e Mon Sep 17 00:00:00 2001
From: Dave Beckett <dave@dajobe.org>
Date: Fri, 7 Feb 2025 11:38:34 -0800
Subject: [PATCH] Fix Github issue 70 B) Heap read buffer overflow in ntriples
bnode
(raptor_ntriples_parse_term_internal): Only allow looking at the last
character of a bnode ID only if bnode length >0
---
src/raptor_ntriples.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/raptor_ntriples.c b/src/raptor_ntriples.c
index 3276e790..ecc4247c 100644
--- a/src/raptor_ntriples.c
+++ b/src/raptor_ntriples.c
@@ -212,7 +212,7 @@ raptor_ntriples_parse_term_internal(raptor_world* world,
locator->column--;
locator->byte--;
}
- if(term_class == RAPTOR_TERM_CLASS_BNODEID && dest[-1] == '.') {
+ if(term_class == RAPTOR_TERM_CLASS_BNODEID && position > 0 && dest[-1] == '.') {
/* If bnode id ended on '.' move back one */
dest--;
From da7a79976bd0314c23cce55d22495e7d29301c44 Mon Sep 17 00:00:00 2001
From: Dave Beckett <dave@dajobe.org>
Date: Thu, 6 Feb 2025 21:12:37 -0800
Subject: [PATCH] Fix Github issue 70 A) Integer Underflow in
raptor_uri_normalize_path()
(raptor_uri_normalize_path): Return empty buffer if path gets to 0
length
---
src/raptor_rfc2396.c | 8 ++++++++
1 file changed, 8 insertions(+)
diff --git a/src/raptor_rfc2396.c b/src/raptor_rfc2396.c
index 8cc364f4..f8ec5798 100644
--- a/src/raptor_rfc2396.c
+++ b/src/raptor_rfc2396.c
@@ -351,6 +351,10 @@ raptor_uri_normalize_path(unsigned char* path_buffer, size_t path_len)
*dest++ = *s++;
*dest = '\0';
path_len -= len;
+ if(path_len <= 0) {
+ *path_buffer = '\0';
+ return 0;
+ }
if(p && p < prev) {
/* We know the previous prev path component and we didn't do
@@ -390,6 +394,10 @@ raptor_uri_normalize_path(unsigned char* path_buffer, size_t path_len)
/* Remove <component>/.. at the end of the path */
*prev = '\0';
path_len -= (s-prev);
+ if(path_len <= 0) {
+ *path_buffer = '\0';
+ return 0;
+ }
}
