busybox: fix CVE-2022-30065

(From OE-Core rev: bf3d981b0303eab91d4cb19092ac27b489c8ad27) Signed-off-by: Ross Burton <ross.burton@arm.com> Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
author: Ross Burton <ross.burton@arm.com> 2022-06-28 14:29:34 +0100
committer: Richard Purdie <richard.purdie@linuxfoundation.org> 2022-07-01 11:31:42 +0100
commit: b88129ed328adb3760f159e8f334534c1641d502 (patch)
tree: 214dccf9081ca73512af1f0e26aa2a47d0a8562c /meta/recipes-core/busybox
parent: 603652a38e7b76fa93090c7eaaf2dc4e8f146f0e (diff)
download: poky-b88129ed328adb3760f159e8f334534c1641d502.tar.gz
2 files changed, 30 insertions, 0 deletions
diff --git a/meta/recipes-core/busybox/busybox/CVE-2022-30065.patch b/meta/recipes-core/busybox/busybox/CVE-2022-30065.patch
new file mode 100644
index 0000000000..25ad653b25
--- /dev/null
+++ b/meta/recipes-core/busybox/busybox/CVE-2022-30065.patch
@@ -0,0 +1,29 @@
+Fix use-after-free in awk.
+CVE: CVE-2022-30065
+Upstream-Status: Submitted [http://lists.busybox.net/pipermail/busybox/2022-June/089768.html]
+Signed-off-by: Ross Burton <ross.burton@arm.com>
+fixes https://bugs.busybox.net/show_bug.cgi?id=14781
+Signed-off-by: Natanael Copa <ncopa at alpinelinux.org>
+---
+ editors/awk.c | 3 +++
+ 1 file changed, 3 insertions(+)
+diff --git a/editors/awk.c b/editors/awk.c
+index 079d0bde5..728ee8685 100644
+--- a/editors/awk.c
+++ b/editors/awk.c
+@@ -3128,6 +3128,9 @@ static var *evaluate(node *op, var *res)
+ 
+                case XC( OC_MOVE ):
+                        debug_printf_eval("MOVE\n");
+                       /* make sure that we never return a temp var */
+                       if (L.v == TMPVAR0)
+                               L.v = res;
+                        /* if source is a temporary string, jusk relink it to dest */
+                        if (R.v == TMPVAR1
+                         && !(R.v->type & VF_NUMBER)
+-- 
+2.36.1
diff --git a/meta/recipes-core/busybox/busybox_1.35.0.bb b/meta/recipes-core/busybox/busybox_1.35.0.bb
index f2f1b35902..edf896485e 100644
--- a/meta/recipes-core/busybox/busybox_1.35.0.bb
+++ b/meta/recipes-core/busybox/busybox_1.35.0.bb
@@ -49,6 +49,7 @@ SRC_URI = "https://busybox.net/downloads/busybox-${PV}.tar.bz2;name=tarball \
           file://0001-sysctl-ignore-EIO-of-stable_secret-below-proc-sys-ne.patch \
           file://0001-libbb-sockaddr2str-ensure-only-printable-characters-.patch \
           file://0002-nslookup-sanitize-all-printed-strings-with-printable.patch \
+           file://CVE-2022-30065.patch \
           "
 SRC_URI:append:libc-musl = " file://musl.cfg "
author	Ross Burton <ross.burton@arm.com>	2022-06-28 14:29:34 +0100
committer	Richard Purdie <richard.purdie@linuxfoundation.org>	2022-07-01 11:31:42 +0100
commit	b88129ed328adb3760f159e8f334534c1641d502 (patch)
tree	214dccf9081ca73512af1f0e26aa2a47d0a8562c /meta/recipes-core/busybox
parent	603652a38e7b76fa93090c7eaaf2dc4e8f146f0e (diff)
download	poky-b88129ed328adb3760f159e8f334534c1641d502.tar.gz

diff --git a/meta/recipes-core/busybox/busybox/CVE-2022-30065.patch b/meta/recipes-core/busybox/busybox/CVE-2022-30065.patch new file mode 100644 index 0000000000..25ad653b25 --- /dev/null +++ b/meta/recipes-core/busybox/busybox/CVE-2022-30065.patch
@@ -0,0 +1,29 @@
		1	Fix use-after-free in awk.
		2
		3	CVE: CVE-2022-30065
		4	Upstream-Status: Submitted [http://lists.busybox.net/pipermail/busybox/2022-June/089768.html]
		5	Signed-off-by: Ross Burton <ross.burton@arm.com>
		6
		7	fixes https://bugs.busybox.net/show_bug.cgi?id=14781
		8
		9	Signed-off-by: Natanael Copa <ncopa at alpinelinux.org>
		10	---
		11	editors/awk.c \| 3 +++
		12	1 file changed, 3 insertions(+)
		13
		14	diff --git a/editors/awk.c b/editors/awk.c
		15	index 079d0bde5..728ee8685 100644
		16	--- a/editors/awk.c
		17	+++ b/editors/awk.c
		18	@@ -3128,6 +3128,9 @@ static var evaluate(node op, var *res)
		19
		20	case XC( OC_MOVE ):
		21	debug_printf_eval("MOVE\n");
		22	+ /* make sure that we never return a temp var */
		23	+ if (L.v == TMPVAR0)
		24	+ L.v = res;
		25	/* if source is a temporary string, jusk relink it to dest */
		26	if (R.v == TMPVAR1
		27	&& !(R.v->type & VF_NUMBER)
		28	--
		29	2.36.1


diff --git a/meta/recipes-core/busybox/busybox_1.35.0.bb b/meta/recipes-core/busybox/busybox_1.35.0.bb index f2f1b35902..edf896485e 100644 --- a/meta/recipes-core/busybox/busybox_1.35.0.bb +++ b/meta/recipes-core/busybox/busybox_1.35.0.bb
@@ -49,6 +49,7 @@ SRC_URI = "https://busybox.net/downloads/busybox-${PV}.tar.bz2;name=tarball \
49	file://0001-sysctl-ignore-EIO-of-stable_secret-below-proc-sys-ne.patch \	49	file://0001-sysctl-ignore-EIO-of-stable_secret-below-proc-sys-ne.patch \
50	file://0001-libbb-sockaddr2str-ensure-only-printable-characters-.patch \	50	file://0001-libbb-sockaddr2str-ensure-only-printable-characters-.patch \
51	file://0002-nslookup-sanitize-all-printed-strings-with-printable.patch \	51	file://0002-nslookup-sanitize-all-printed-strings-with-printable.patch \
		52	file://CVE-2022-30065.patch \
52	"	53	"
53	SRC_URI:append:libc-musl = " file://musl.cfg "	54	SRC_URI:append:libc-musl = " file://musl.cfg "
54		55