1 files changed, 138 insertions, 0 deletions
diff --git a/meta/recipes-core/busybox/busybox/CVE-2021-42376.patch b/meta/recipes-core/busybox/busybox/CVE-2021-42376.patch
new file mode 100644
index 0000000000..c913eaee9c
--- /dev/null
+++ b/meta/recipes-core/busybox/busybox/CVE-2021-42376.patch
@@ -0,0 +1,138 @@
+From 56a335378ac100d51c30b21eee499a2effa37fba Mon Sep 17 00:00:00 2001
+From: Denys Vlasenko <vda.linux@googlemail.com>
+Date: Tue, 15 Jun 2021 16:05:57 +0200
+Subject: hush: fix handling of \^C and "^C"
+function                                             old     new   delta
+parse_stream                                        2238    2252     +14
+encode_string                                        243     256     +13
+------------------------------------------------------------------------------
+(add/remove: 0/0 grow/shrink: 2/0 up/down: 27/0)               Total: 27 bytes
+Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
+(cherry picked from commit 1b7a9b68d0e9aa19147d7fda16eb9a6b54156985)
+Signed-off-by: Pavel Zhukov <pavel.zhukov@huawei.com>
+CVE: CVE-2021-42376
+Upstream-Status: Backport [https://git.busybox.net/busybox/patch/?id=56a335378ac100d51c30b21eee499a2effa37fba]
+Comment: No changes in any hunk
+---
+ shell/ash_test/ash-misc/control_char3.right   |  1 +
+ shell/ash_test/ash-misc/control_char3.tests   |  2 ++
+ shell/ash_test/ash-misc/control_char4.right   |  1 +
+ shell/ash_test/ash-misc/control_char4.tests   |  2 ++
+ shell/hush.c                                  | 11 +++++++++++
+ shell/hush_test/hush-misc/control_char3.right |  1 +
+ shell/hush_test/hush-misc/control_char3.tests |  2 ++
+ shell/hush_test/hush-misc/control_char4.right |  1 +
+ shell/hush_test/hush-misc/control_char4.tests |  2 ++
+ 9 files changed, 23 insertions(+)
+ create mode 100644 shell/ash_test/ash-misc/control_char3.right
+ create mode 100755 shell/ash_test/ash-misc/control_char3.tests
+ create mode 100644 shell/ash_test/ash-misc/control_char4.right
+ create mode 100755 shell/ash_test/ash-misc/control_char4.tests
+ create mode 100644 shell/hush_test/hush-misc/control_char3.right
+ create mode 100755 shell/hush_test/hush-misc/control_char3.tests
+ create mode 100644 shell/hush_test/hush-misc/control_char4.right
+ create mode 100755 shell/hush_test/hush-misc/control_char4.tests
+diff --git a/shell/ash_test/ash-misc/control_char3.right b/shell/ash_test/ash-misc/control_char3.right
+new file mode 100644
+index 000000000..283e02cbb
+--- /dev/null
+++ b/shell/ash_test/ash-misc/control_char3.right
+@@ -0,0 +1 @@
+SHELL: line 1: : not found
+diff --git a/shell/ash_test/ash-misc/control_char3.tests b/shell/ash_test/ash-misc/control_char3.tests
+new file mode 100755
+index 000000000..4359db3f3
+--- /dev/null
+++ b/shell/ash_test/ash-misc/control_char3.tests
+@@ -0,0 +1,2 @@
+# (set argv0 to "SHELL" to avoid "/path/to/shell: blah" in error messages)
+$THIS_SH -c '\' SHELL
+diff --git a/shell/ash_test/ash-misc/control_char4.right b/shell/ash_test/ash-misc/control_char4.right
+new file mode 100644
+index 000000000..2bf18e684
+--- /dev/null
+++ b/shell/ash_test/ash-misc/control_char4.right
+@@ -0,0 +1 @@
+SHELL: line 1: -: not found
+diff --git a/shell/ash_test/ash-misc/control_char4.tests b/shell/ash_test/ash-misc/control_char4.tests
+new file mode 100755
+index 000000000..48010f154
+--- /dev/null
+++ b/shell/ash_test/ash-misc/control_char4.tests
+@@ -0,0 +1,2 @@
+# (set argv0 to "SHELL" to avoid "/path/to/shell: blah" in error messages)
+$THIS_SH -c '"-"' SHELL
+diff --git a/shell/hush.c b/shell/hush.c
+index 9fead37da..249728b9d 100644
+--- a/shell/hush.c
+++ b/shell/hush.c
+@@ -5235,6 +5235,11 @@ static int encode_string(o_string *as_string,
+        }
+ #endif
+        o_addQchr(dest, ch);
+       if (ch == SPECIAL_VAR_SYMBOL) {
+               /* Convert "^C" to corresponding special variable reference */
+               o_addchr(dest, SPECIAL_VAR_QUOTED_SVS);
+               o_addchr(dest, SPECIAL_VAR_SYMBOL);
+       }
+        goto again;
+ #undef as_string
+ }
+@@ -5346,6 +5351,11 @@ static struct pipe *parse_stream(char **pstring,
+                        if (ch == '\n')
+                                continue; /* drop \<newline>, get next char */
+                        nommu_addchr(&ctx.as_string, '\\');
+                       if (ch == SPECIAL_VAR_SYMBOL) {
+                               nommu_addchr(&ctx.as_string, ch);
+                               /* Convert \^C to corresponding special variable reference */
+                               goto case_SPECIAL_VAR_SYMBOL;
+                       }
+                        o_addchr(&ctx.word, '\\');
+                        if (ch == EOF) {
+                                /* Testcase: eval 'echo Ok\' */
+@@ -5670,6 +5680,7 @@ static struct pipe *parse_stream(char **pstring,
+                /* Note: nommu_addchr(&ctx.as_string, ch) is already done */
+ 
+                switch (ch) {
+               case_SPECIAL_VAR_SYMBOL:
+                case SPECIAL_VAR_SYMBOL:
+                        /* Convert raw ^C to corresponding special variable reference */
+                        o_addchr(&ctx.word, SPECIAL_VAR_SYMBOL);
+diff --git a/shell/hush_test/hush-misc/control_char3.right b/shell/hush_test/hush-misc/control_char3.right
+new file mode 100644
+index 000000000..94b4f8699
+--- /dev/null
+++ b/shell/hush_test/hush-misc/control_char3.right
+@@ -0,0 +1 @@
+hush: can't execute '': No such file or directory
+diff --git a/shell/hush_test/hush-misc/control_char3.tests b/shell/hush_test/hush-misc/control_char3.tests
+new file mode 100755
+index 000000000..4359db3f3
+--- /dev/null
+++ b/shell/hush_test/hush-misc/control_char3.tests
+@@ -0,0 +1,2 @@
+# (set argv0 to "SHELL" to avoid "/path/to/shell: blah" in error messages)
+$THIS_SH -c '\' SHELL
+diff --git a/shell/hush_test/hush-misc/control_char4.right b/shell/hush_test/hush-misc/control_char4.right
+new file mode 100644
+index 000000000..698e21427
+--- /dev/null
+++ b/shell/hush_test/hush-misc/control_char4.right
+@@ -0,0 +1 @@
+hush: can't execute '-': No such file or directory
+diff --git a/shell/hush_test/hush-misc/control_char4.tests b/shell/hush_test/hush-misc/control_char4.tests
+new file mode 100755
+index 000000000..48010f154
+--- /dev/null
+++ b/shell/hush_test/hush-misc/control_char4.tests
+@@ -0,0 +1,2 @@
+# (set argv0 to "SHELL" to avoid "/path/to/shell: blah" in error messages)
+$THIS_SH -c '"-"' SHELL
+-- 
+cgit v1.2.3

diff --git a/meta/recipes-core/busybox/busybox/CVE-2021-42376.patch b/meta/recipes-core/busybox/busybox/CVE-2021-42376.patch new file mode 100644 index 0000000000..c913eaee9c --- /dev/null +++ b/meta/recipes-core/busybox/busybox/CVE-2021-42376.patch
@@ -0,0 +1,138 @@
	1	From 56a335378ac100d51c30b21eee499a2effa37fba Mon Sep 17 00:00:00 2001
	2	From: Denys Vlasenko <vda.linux@googlemail.com>
	3	Date: Tue, 15 Jun 2021 16:05:57 +0200
	4	Subject: hush: fix handling of \^C and "^C"
	5
	6	function old new delta
	7	parse_stream 2238 2252 +14
	8	encode_string 243 256 +13
	9	------------------------------------------------------------------------------
	10	(add/remove: 0/0 grow/shrink: 2/0 up/down: 27/0) Total: 27 bytes
	11
	12	Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
	13	(cherry picked from commit 1b7a9b68d0e9aa19147d7fda16eb9a6b54156985)
	14
	15	Signed-off-by: Pavel Zhukov <pavel.zhukov@huawei.com>
	16
	17	CVE: CVE-2021-42376
	18	Upstream-Status: Backport [https://git.busybox.net/busybox/patch/?id=56a335378ac100d51c30b21eee499a2effa37fba]
	19	Comment: No changes in any hunk
	20	---
	21	shell/ash_test/ash-misc/control_char3.right \| 1 +
	22	shell/ash_test/ash-misc/control_char3.tests \| 2 ++
	23	shell/ash_test/ash-misc/control_char4.right \| 1 +
	24	shell/ash_test/ash-misc/control_char4.tests \| 2 ++
	25	shell/hush.c \| 11 +++++++++++
	26	shell/hush_test/hush-misc/control_char3.right \| 1 +
	27	shell/hush_test/hush-misc/control_char3.tests \| 2 ++
	28	shell/hush_test/hush-misc/control_char4.right \| 1 +
	29	shell/hush_test/hush-misc/control_char4.tests \| 2 ++
	30	9 files changed, 23 insertions(+)
	31	create mode 100644 shell/ash_test/ash-misc/control_char3.right
	32	create mode 100755 shell/ash_test/ash-misc/control_char3.tests
	33	create mode 100644 shell/ash_test/ash-misc/control_char4.right
	34	create mode 100755 shell/ash_test/ash-misc/control_char4.tests
	35	create mode 100644 shell/hush_test/hush-misc/control_char3.right
	36	create mode 100755 shell/hush_test/hush-misc/control_char3.tests
	37	create mode 100644 shell/hush_test/hush-misc/control_char4.right
	38	create mode 100755 shell/hush_test/hush-misc/control_char4.tests
	39
	40	diff --git a/shell/ash_test/ash-misc/control_char3.right b/shell/ash_test/ash-misc/control_char3.right
	41	new file mode 100644
	42	index 000000000..283e02cbb
	43	--- /dev/null
	44	+++ b/shell/ash_test/ash-misc/control_char3.right
	45	@@ -0,0 +1 @@
	46	+SHELL: line 1: : not found
	47	diff --git a/shell/ash_test/ash-misc/control_char3.tests b/shell/ash_test/ash-misc/control_char3.tests
	48	new file mode 100755
	49	index 000000000..4359db3f3
	50	--- /dev/null
	51	+++ b/shell/ash_test/ash-misc/control_char3.tests
	52	@@ -0,0 +1,2 @@
	53	+# (set argv0 to "SHELL" to avoid "/path/to/shell: blah" in error messages)
	54	+$THIS_SH -c '\' SHELL
	55	diff --git a/shell/ash_test/ash-misc/control_char4.right b/shell/ash_test/ash-misc/control_char4.right
	56	new file mode 100644
	57	index 000000000..2bf18e684
	58	--- /dev/null
	59	+++ b/shell/ash_test/ash-misc/control_char4.right
	60	@@ -0,0 +1 @@
	61	+SHELL: line 1: -: not found
	62	diff --git a/shell/ash_test/ash-misc/control_char4.tests b/shell/ash_test/ash-misc/control_char4.tests
	63	new file mode 100755
	64	index 000000000..48010f154
	65	--- /dev/null
	66	+++ b/shell/ash_test/ash-misc/control_char4.tests
	67	@@ -0,0 +1,2 @@
	68	+# (set argv0 to "SHELL" to avoid "/path/to/shell: blah" in error messages)
	69	+$THIS_SH -c '"-"' SHELL
	70	diff --git a/shell/hush.c b/shell/hush.c
	71	index 9fead37da..249728b9d 100644
	72	--- a/shell/hush.c
	73	+++ b/shell/hush.c
	74	@@ -5235,6 +5235,11 @@ static int encode_string(o_string *as_string,
	75	}
	76	#endif
	77	o_addQchr(dest, ch);
	78	+ if (ch == SPECIAL_VAR_SYMBOL) {
	79	+ /* Convert "^C" to corresponding special variable reference */
	80	+ o_addchr(dest, SPECIAL_VAR_QUOTED_SVS);
	81	+ o_addchr(dest, SPECIAL_VAR_SYMBOL);
	82	+ }
	83	goto again;
	84	#undef as_string
	85	}
	86	@@ -5346,6 +5351,11 @@ static struct pipe parse_stream(char *pstring,
	87	if (ch == '\n')
	88	continue; /* drop \<newline>, get next char */
	89	nommu_addchr(&ctx.as_string, '\\');
	90	+ if (ch == SPECIAL_VAR_SYMBOL) {
	91	+ nommu_addchr(&ctx.as_string, ch);
	92	+ /* Convert \^C to corresponding special variable reference */
	93	+ goto case_SPECIAL_VAR_SYMBOL;
	94	+ }
	95	o_addchr(&ctx.word, '\\');
	96	if (ch == EOF) {
	97	/* Testcase: eval 'echo Ok\' */
	98	@@ -5670,6 +5680,7 @@ static struct pipe parse_stream(char *pstring,
	99	/* Note: nommu_addchr(&ctx.as_string, ch) is already done */
	100
	101	switch (ch) {
	102	+ case_SPECIAL_VAR_SYMBOL:
	103	case SPECIAL_VAR_SYMBOL:
	104	/* Convert raw ^C to corresponding special variable reference */
	105	o_addchr(&ctx.word, SPECIAL_VAR_SYMBOL);
	106	diff --git a/shell/hush_test/hush-misc/control_char3.right b/shell/hush_test/hush-misc/control_char3.right
	107	new file mode 100644
	108	index 000000000..94b4f8699
	109	--- /dev/null
	110	+++ b/shell/hush_test/hush-misc/control_char3.right
	111	@@ -0,0 +1 @@
	112	+hush: can't execute '': No such file or directory
	113	diff --git a/shell/hush_test/hush-misc/control_char3.tests b/shell/hush_test/hush-misc/control_char3.tests
	114	new file mode 100755
	115	index 000000000..4359db3f3
	116	--- /dev/null
	117	+++ b/shell/hush_test/hush-misc/control_char3.tests
	118	@@ -0,0 +1,2 @@
	119	+# (set argv0 to "SHELL" to avoid "/path/to/shell: blah" in error messages)
	120	+$THIS_SH -c '\' SHELL
	121	diff --git a/shell/hush_test/hush-misc/control_char4.right b/shell/hush_test/hush-misc/control_char4.right
	122	new file mode 100644
	123	index 000000000..698e21427
	124	--- /dev/null
	125	+++ b/shell/hush_test/hush-misc/control_char4.right
	126	@@ -0,0 +1 @@
	127	+hush: can't execute '-': No such file or directory
	128	diff --git a/shell/hush_test/hush-misc/control_char4.tests b/shell/hush_test/hush-misc/control_char4.tests
	129	new file mode 100755
	130	index 000000000..48010f154
	131	--- /dev/null
	132	+++ b/shell/hush_test/hush-misc/control_char4.tests
	133	@@ -0,0 +1,2 @@
	134	+# (set argv0 to "SHELL" to avoid "/path/to/shell: blah" in error messages)
	135	+$THIS_SH -c '"-"' SHELL
	136	--
	137	cgit v1.2.3
	138