[AUTO-CHERRYPICK] apparmor: add patches for CVE-2023-50471 and CVE-2023-50472 - branch main (#7149)

Co-authored-by: Dallas Delaney <106280731+dallasd1@users.noreply.github.com>

Author: CBL-Mariner-Bot

SPECS/apparmor/CVE-2023-50471.patch

@@ -0,0 +1,63 @@
+From 60ff122ef5862d04b39b150541459e7f5e35add8 Mon Sep 17 00:00:00 2001
+From: Lee <peterlee@apache.org>
+Date: Mon, 18 Dec 2023 11:47:52 +0800
+Subject: [PATCH] add NULL checkings (#809)
+
+* add NULL checks in cJSON_SetValuestring
+
+Fixes #803(CVE-2023-50472)
+
+* add NULL check in cJSON_InsertItemInArray
+
+Fixes #802(CVE-2023-50471)
+
+* add tests for NULL checks
+
+add tests for NULL checks in cJSON_InsertItemInArray and cJSON_SetValuestring
+---
+ binutils/cJSON.c            | 14 ++++++++++++--
+ tests/misc_tests.c | 21 +++++++++++++++++++++
+ 2 files changed, 33 insertions(+), 2 deletions(-)
+
+diff --git a/binutils/cJSON.c b/binutils/cJSON.c
+index f6dd11c..faa3e29 100644
+--- a/binutils/cJSON.c
++++ b/binutils/cJSON.c
+@@ -401,7 +401,12 @@ CJSON_PUBLIC(char*) cJSON_SetValuestring(cJSON *object, const char *valuestring)
+ {
+     char *copy = NULL;
+     /* if object's type is not cJSON_String or is cJSON_IsReference, it should not set valuestring */
+-    if (!(object->type & cJSON_String) || (object->type & cJSON_IsReference))
++    if ((object == NULL) || !(object->type & cJSON_String) || (object->type & cJSON_IsReference))
++    {
++        return NULL;
++    }
++    /* return NULL if the object is corrupted */
++    if (object->valuestring == NULL)
+     {
+         return NULL;
+     }
+@@ -2264,7 +2269,7 @@ CJSON_PUBLIC(cJSON_bool) cJSON_InsertItemInArray(cJSON *array, int which, cJSON
+ {
+     cJSON *after_inserted = NULL;
+ 
+-    if (which < 0)
++    if (which < 0 || newitem == NULL)
+     {
+         return false;
+     }
+@@ -2275,6 +2280,11 @@ CJSON_PUBLIC(cJSON_bool) cJSON_InsertItemInArray(cJSON *array, int which, cJSON
+         return add_item_to_array(array, newitem);
+     }
+ 
++    if (after_inserted != array->child && after_inserted->prev == NULL) {
++        /* return false if after_inserted is a corrupted array item */
++        return false;
++    }
++
+     newitem->next = after_inserted;
+     newitem->prev = after_inserted->prev;
+     after_inserted->prev = newitem;
+
+-- 
+2.17.1

SPECS/apparmor/apparmor.spec

@@ -1,14 +1,15 @@
 Summary:        AppArmor is an effective and easy-to-use Linux application security system.
 Name:           apparmor
 Version:        3.0.4
-Release:        2%{?dist}
+Release:        3%{?dist}
 License:        GPLv2
 Vendor:         Microsoft Corporation
 Distribution:   Mariner
 Group:          Productivity/Security
 URL:            https://launchpad.net/apparmor
 Source0:        https://launchpad.net/apparmor/3.0/3.0.4/+download/%{name}-%{version}.tar.gz
 Patch1:         apparmor-service-start-fix.patch
+Patch2:         CVE-2023-50471.patch
 # CVE-2016-1585 has no upstream fix as of 2020/09/28
 Patch100:       CVE-2016-1585.nopatch
 BuildRequires:  apr
@@ -353,6 +354,9 @@ make DESTDIR=%{buildroot} install
 %exclude %{perl_archlib}/perllocal.pod
 
 %changelog
+* Wed Dec 27 2023 Dallas Delaney <dadelan@microsoft.com> - 3.0.4-3
+- Add patch for CVE-2023-50471 and CVE-2023-50472
+
 * Wed Sep 20 2023 Jon Slobodzian <joslobo@microsoft.com> - 3.0.4-2
 - Recompile with stack-protection fixed gcc version (CVE-2023-4039)