diff options
Diffstat (limited to 'meta/recipes-extended/gzip/gzip-1.10/CVE-2022-1271.patch')
-rw-r--r-- | meta/recipes-extended/gzip/gzip-1.10/CVE-2022-1271.patch | 45 |
1 files changed, 45 insertions, 0 deletions
diff --git a/meta/recipes-extended/gzip/gzip-1.10/CVE-2022-1271.patch b/meta/recipes-extended/gzip/gzip-1.10/CVE-2022-1271.patch new file mode 100644 index 0000000000..046c95df47 --- /dev/null +++ b/meta/recipes-extended/gzip/gzip-1.10/CVE-2022-1271.patch | |||
@@ -0,0 +1,45 @@ | |||
1 | From 7073a366ee71639a1902eefb7500e14acb920f64 Mon Sep 17 00:00:00 2001 | ||
2 | From: Lasse Collin <lasse.collin@tukaani.org> | ||
3 | Date: Mon, 4 Apr 2022 23:52:49 -0700 | ||
4 | Subject: [PATCH] zgrep: avoid exploit via multi-newline file names | ||
5 | |||
6 | * zgrep.in: The issue with the old code is that with multiple | ||
7 | newlines, the N-command will read the second line of input, | ||
8 | then the s-commands will be skipped because it's not the end | ||
9 | of the file yet, then a new sed cycle starts and the pattern | ||
10 | space is printed and emptied. So only the last line or two get | ||
11 | escaped. This patch makes sed read all lines into the pattern | ||
12 | space and then do the escaping. | ||
13 | |||
14 | This vulnerability was discovered by: | ||
15 | cleemy desu wayo working with Trend Micro Zero Day Initiative | ||
16 | |||
17 | Upstream-Status: Backport [https://git.savannah.gnu.org/cgit/gzip.git/commit/?id=dc9740df61e575e8c3148b7bd3c147a81ea00c7c] | ||
18 | CVE: CVE-2022-1271 | ||
19 | |||
20 | Signed-off-by: Ralph Siemsen <ralph.siemsen@linaro.org> | ||
21 | --- | ||
22 | zgrep.in | 10 +++++++--- | ||
23 | 1 file changed, 7 insertions(+), 3 deletions(-) | ||
24 | |||
25 | diff --git a/zgrep.in b/zgrep.in | ||
26 | index 3efdb52..d391291 100644 | ||
27 | --- a/zgrep.in | ||
28 | +++ b/zgrep.in | ||
29 | @@ -222,9 +222,13 @@ do | ||
30 | '* | *'&'* | *'\'* | *'|'*) | ||
31 | i=$(printf '%s\n' "$i" | | ||
32 | sed ' | ||
33 | - $!N | ||
34 | - $s/[&\|]/\\&/g | ||
35 | - $s/\n/\\n/g | ||
36 | + :start | ||
37 | + $!{ | ||
38 | + N | ||
39 | + b start | ||
40 | + } | ||
41 | + s/[&\|]/\\&/g | ||
42 | + s/\n/\\n/g | ||
43 | ');; | ||
44 | esac | ||
45 | sed_script="s|^|$i:|" | ||