From b88129ed328adb3760f159e8f334534c1641d502 Mon Sep 17 00:00:00 2001
From: Ross Burton <ross.burton@arm.com>
Date: Tue, 28 Jun 2022 14:29:34 +0100
Subject: busybox: fix CVE-2022-30065

(From OE-Core rev: bf3d981b0303eab91d4cb19092ac27b489c8ad27)

Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
---
 .../busybox/busybox/CVE-2022-30065.patch           | 29 ++++++++++++++++++++++
 meta/recipes-core/busybox/busybox_1.35.0.bb        |  1 +
 2 files changed, 30 insertions(+)
 create mode 100644 meta/recipes-core/busybox/busybox/CVE-2022-30065.patch

(limited to 'meta/recipes-core/busybox')

diff --git a/meta/recipes-core/busybox/busybox/CVE-2022-30065.patch b/meta/recipes-core/busybox/busybox/CVE-2022-30065.patch
new file mode 100644
index 0000000000..25ad653b25
--- /dev/null
+++ b/meta/recipes-core/busybox/busybox/CVE-2022-30065.patch
@@ -0,0 +1,29 @@
+Fix use-after-free in awk.
+
+CVE: CVE-2022-30065
+Upstream-Status: Submitted [http://lists.busybox.net/pipermail/busybox/2022-June/089768.html]
+Signed-off-by: Ross Burton <ross.burton@arm.com>
+
+fixes https://bugs.busybox.net/show_bug.cgi?id=14781
+
+Signed-off-by: Natanael Copa <ncopa at alpinelinux.org>
+---
+ editors/awk.c | 3 +++
+ 1 file changed, 3 insertions(+)
+
+diff --git a/editors/awk.c b/editors/awk.c
+index 079d0bde5..728ee8685 100644
+--- a/editors/awk.c
++++ b/editors/awk.c
+@@ -3128,6 +3128,9 @@ static var *evaluate(node *op, var *res)
+ 
+ 		case XC( OC_MOVE ):
+ 			debug_printf_eval("MOVE\n");
++			/* make sure that we never return a temp var */
++			if (L.v == TMPVAR0)
++				L.v = res;
+ 			/* if source is a temporary string, jusk relink it to dest */
+ 			if (R.v == TMPVAR1
+ 			 && !(R.v->type & VF_NUMBER)
+-- 
+2.36.1
diff --git a/meta/recipes-core/busybox/busybox_1.35.0.bb b/meta/recipes-core/busybox/busybox_1.35.0.bb
index f2f1b35902..edf896485e 100644
--- a/meta/recipes-core/busybox/busybox_1.35.0.bb
+++ b/meta/recipes-core/busybox/busybox_1.35.0.bb
@@ -49,6 +49,7 @@ SRC_URI = "https://busybox.net/downloads/busybox-${PV}.tar.bz2;name=tarball \
            file://0001-sysctl-ignore-EIO-of-stable_secret-below-proc-sys-ne.patch \
            file://0001-libbb-sockaddr2str-ensure-only-printable-characters-.patch \
            file://0002-nslookup-sanitize-all-printed-strings-with-printable.patch \
+           file://CVE-2022-30065.patch \
            "
 SRC_URI:append:libc-musl = " file://musl.cfg "
 
-- 
cgit v1.2.3-54-g00ecf