Victor, that's a top-notch reproducer program. :) Thanks ** Information type changed from Private Security to Public Security
-- You received this bug notification because you are a member of Desktop Packages, which is subscribed to jansson in Ubuntu. https://bugs.launchpad.net/bugs/1785077 Title: reachable assertion in 2.5-2ubuntu0.1 (trusty) Status in jansson package in Ubuntu: Fix Released Bug description: Last nights libjansson (security) upgrade breaks while outputting simple json objects. I've attached a simple test case to reproduce. It only happens if JSON_PRESERVE_ORDER is passed to the dumper function. I haven't debugged it, but it seems hashmap lookup after sorting fails. So my best guess is that it is somehow related to the hashmap fixes in CVE-2013-6401.patch Pre-upgrade: victor@trusty32:~/tmp$ gcc test.c -l jansson victor@trusty32:~/tmp$ ./a.out {"dest_ip":"192.168.10.1","timestamp":"2017-10-09T18:13:19.602062+0200","proto":"TCP","src_ip":"192.168.10.31","flow_id":996701387095811,"event_type":"alert","pcap_cnt":10,"src_port":12345,"dest_port":123} dumped OK without JSON_PRESERVE_ORDER(0x100) flag {"timestamp":"2017-10-09T18:13:19.602062+0200","flow_id":996701387095811,"pcap_cnt":10,"event_type":"alert","proto":"TCP","src_ip":"192.168.10.31","dest_ip":"192.168.10.1","src_port":12345,"dest_port":123} dumped OK with JSON_PRESERVE_ORDER(0x100) flag victor@trusty32:~/tmp$ Post-upgrade: victor@trusty32:~/tmp$ gcc test.c -l jansson victor@trusty32:~/tmp$ ./a.out {"timestamp":"2017-10-09T18:13:19.602062+0200","src_port":12345,"flow_id":996701387095811,"dest_ip":"192.168.10.1","event_type":"alert","pcap_cnt":10,"src_ip":"192.168.10.31","proto":"TCP","dest_port":123} dumped OK without JSON_PRESERVE_ORDER(0x100) flag a.out: dump.c:337: do_dump: Assertion `value' failed. {"timestamp":"2017-10-09T18:13:19.602062+0200",Aborted (core dumped) victor@trusty32:~/tmp$ Bt: Program received signal SIGABRT, Aborted. 0xb7fdd428 in __kernel_vsyscall () (gdb) bt #0 0xb7fdd428 in __kernel_vsyscall () #1 0xb7e46687 in __GI_raise (sig=sig@entry=6) at ../nptl/sysdeps/unix/sysv/linux/raise.c:56 #2 0xb7e49ab3 in __GI_abort () at abort.c:89 #3 0xb7e3f7c7 in __assert_fail_base (fmt=0xb7f7f314 "%s%s%s:%u: %s%sAssertion `%s' failed.\n%n", assertion=assertion@entry=0xb7fd14e1 "value", file=file@entry=0xb7fd0eeb "dump.c", line=line@entry=337, function=function@entry=0xb7fd0f20 <__PRETTY_FUNCTION__.3883> "do_dump") at assert.c:92 #4 0xb7e3f877 in __GI___assert_fail (assertion=assertion@entry=0xb7fd14e1 "value", file=file@entry=0xb7fd0eeb "dump.c", line=line@entry=337, function=function@entry=0xb7fd0f20 <__PRETTY_FUNCTION__.3883> "do_dump") at assert.c:101 #5 0xb7fcb15a in do_dump (json=0x804b008, flags=1376, depth=0, dump=0xb7fca600 <dump_to_file>, data=0xb7fc5ac0 <_IO_2_1_stdout_>) at dump.c:337 #6 0xb7fcb1c5 in json_dump_callback (json=<optimized out>, json@entry=0x804b008, callback=<optimized out>, callback@entry=0xb7fca600 <dump_to_file>, data=<optimized out>, data@entry=0xb7fc5ac0 <_IO_2_1_stdout_>, flags=flags@entry=1376) at dump.c:455 #7 0xb7fcb285 in json_dumpf (json=0x804b008, output=0xb7fc5ac0 <_IO_2_1_stdout_>, flags=1376) at dump.c:431 #8 0x08048834 in main () Program attached. Compile with gcc test.c -l jansson. Since this can lead to crashes of consumers of the library, I've ticked the security checkbox. In my case, it crashes Suricata, a network IPS. This would lead to denial of service. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/jansson/+bug/1785077/+subscriptions -- Mailing list: https://launchpad.net/~desktop-packages Post to : [email protected] Unsubscribe : https://launchpad.net/~desktop-packages More help : https://help.launchpad.net/ListHelp
