diff options
author | Ross Burton <ross.burton@arm.com> | 2022-06-28 14:29:34 +0100 |
---|---|---|
committer | Richard Purdie <richard.purdie@linuxfoundation.org> | 2022-07-01 11:31:42 +0100 |
commit | b88129ed328adb3760f159e8f334534c1641d502 (patch) | |
tree | 214dccf9081ca73512af1f0e26aa2a47d0a8562c | |
parent | 603652a38e7b76fa93090c7eaaf2dc4e8f146f0e (diff) | |
download | poky-b88129ed328adb3760f159e8f334534c1641d502.tar.gz |
busybox: fix CVE-2022-30065
(From OE-Core rev: bf3d981b0303eab91d4cb19092ac27b489c8ad27)
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
-rw-r--r-- | meta/recipes-core/busybox/busybox/CVE-2022-30065.patch | 29 | ||||
-rw-r--r-- | meta/recipes-core/busybox/busybox_1.35.0.bb | 1 |
2 files changed, 30 insertions, 0 deletions
diff --git a/meta/recipes-core/busybox/busybox/CVE-2022-30065.patch b/meta/recipes-core/busybox/busybox/CVE-2022-30065.patch new file mode 100644 index 0000000000..25ad653b25 --- /dev/null +++ b/meta/recipes-core/busybox/busybox/CVE-2022-30065.patch | |||
@@ -0,0 +1,29 @@ | |||
1 | Fix use-after-free in awk. | ||
2 | |||
3 | CVE: CVE-2022-30065 | ||
4 | Upstream-Status: Submitted [http://lists.busybox.net/pipermail/busybox/2022-June/089768.html] | ||
5 | Signed-off-by: Ross Burton <ross.burton@arm.com> | ||
6 | |||
7 | fixes https://bugs.busybox.net/show_bug.cgi?id=14781 | ||
8 | |||
9 | Signed-off-by: Natanael Copa <ncopa at alpinelinux.org> | ||
10 | --- | ||
11 | editors/awk.c | 3 +++ | ||
12 | 1 file changed, 3 insertions(+) | ||
13 | |||
14 | diff --git a/editors/awk.c b/editors/awk.c | ||
15 | index 079d0bde5..728ee8685 100644 | ||
16 | --- a/editors/awk.c | ||
17 | +++ b/editors/awk.c | ||
18 | @@ -3128,6 +3128,9 @@ static var *evaluate(node *op, var *res) | ||
19 | |||
20 | case XC( OC_MOVE ): | ||
21 | debug_printf_eval("MOVE\n"); | ||
22 | + /* make sure that we never return a temp var */ | ||
23 | + if (L.v == TMPVAR0) | ||
24 | + L.v = res; | ||
25 | /* if source is a temporary string, jusk relink it to dest */ | ||
26 | if (R.v == TMPVAR1 | ||
27 | && !(R.v->type & VF_NUMBER) | ||
28 | -- | ||
29 | 2.36.1 | ||
diff --git a/meta/recipes-core/busybox/busybox_1.35.0.bb b/meta/recipes-core/busybox/busybox_1.35.0.bb index f2f1b35902..edf896485e 100644 --- a/meta/recipes-core/busybox/busybox_1.35.0.bb +++ b/meta/recipes-core/busybox/busybox_1.35.0.bb | |||
@@ -49,6 +49,7 @@ SRC_URI = "https://busybox.net/downloads/busybox-${PV}.tar.bz2;name=tarball \ | |||
49 | file://0001-sysctl-ignore-EIO-of-stable_secret-below-proc-sys-ne.patch \ | 49 | file://0001-sysctl-ignore-EIO-of-stable_secret-below-proc-sys-ne.patch \ |
50 | file://0001-libbb-sockaddr2str-ensure-only-printable-characters-.patch \ | 50 | file://0001-libbb-sockaddr2str-ensure-only-printable-characters-.patch \ |
51 | file://0002-nslookup-sanitize-all-printed-strings-with-printable.patch \ | 51 | file://0002-nslookup-sanitize-all-printed-strings-with-printable.patch \ |
52 | file://CVE-2022-30065.patch \ | ||
52 | " | 53 | " |
53 | SRC_URI:append:libc-musl = " file://musl.cfg " | 54 | SRC_URI:append:libc-musl = " file://musl.cfg " |
54 | 55 | ||