diff options
| author | Khem Raj <raj.khem@gmail.com> | 2024-07-14 12:01:33 -0700 |
|---|---|---|
| committer | Richard Purdie <richard.purdie@linuxfoundation.org> | 2024-07-18 17:21:39 +0100 |
| commit | 7c45a025ed712860491b1403fcfa8ff43c2bb4e5 (patch) | |
| tree | e7df50acb1faca36a8fc439aeb629d3d0142df48 | |
| parent | 13699cf0f25cb8f7214089328f3a5083a75319b7 (diff) | |
| download | poky-7c45a025ed712860491b1403fcfa8ff43c2bb4e5.tar.gz | |
busybox: Add fix for CVE-2023-42366
(From OE-Core rev: 34ba71151c93d6fb19469555131519dcb820ab3c)
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
| -rw-r--r-- | meta/recipes-core/busybox/busybox/0001-awk.c-fix-CVE-2023-42366-bug-15874.patch | 37 | ||||
| -rw-r--r-- | meta/recipes-core/busybox/busybox_1.36.1.bb | 1 |
2 files changed, 38 insertions, 0 deletions
diff --git a/meta/recipes-core/busybox/busybox/0001-awk.c-fix-CVE-2023-42366-bug-15874.patch b/meta/recipes-core/busybox/busybox/0001-awk.c-fix-CVE-2023-42366-bug-15874.patch new file mode 100644 index 0000000000..282c2fde5a --- /dev/null +++ b/meta/recipes-core/busybox/busybox/0001-awk.c-fix-CVE-2023-42366-bug-15874.patch | |||
| @@ -0,0 +1,37 @@ | |||
| 1 | From 8542236894a8d5f7393327117bc7f64787444efc Mon Sep 17 00:00:00 2001 | ||
| 2 | From: Valery Ushakov <uwe@stderr.spb.ru> | ||
| 3 | Date: Wed, 24 Jan 2024 22:24:41 +0300 | ||
| 4 | Subject: [PATCH] awk.c: fix CVE-2023-42366 (bug #15874) | ||
| 5 | |||
| 6 | Make sure we don't read past the end of the string in next_token() | ||
| 7 | when backslash is the last character in an (invalid) regexp. | ||
| 8 | a fix and issue reported in bugzilla | ||
| 9 | |||
| 10 | https://bugs.busybox.net/show_bug.cgi?id=15874 | ||
| 11 | |||
| 12 | Upstream-Status: Submitted [http://lists.busybox.net/pipermail/busybox/2024-May/090766.html] | ||
| 13 | |||
| 14 | CVE: CVE-2023-42366 | ||
| 15 | Signed-off-by: Khem Raj <raj.khem@gmail.com> | ||
| 16 | --- | ||
| 17 | editors/awk.c | 6 ++++-- | ||
| 18 | 1 file changed, 4 insertions(+), 2 deletions(-) | ||
| 19 | |||
| 20 | diff --git a/editors/awk.c b/editors/awk.c | ||
| 21 | index f320d8c..a53b193 100644 | ||
| 22 | --- a/editors/awk.c | ||
| 23 | +++ b/editors/awk.c | ||
| 24 | @@ -1168,9 +1168,11 @@ static uint32_t next_token(uint32_t expected) | ||
| 25 | s[-1] = bb_process_escape_sequence((const char **)&pp); | ||
| 26 | if (*p == '\\') | ||
| 27 | *s++ = '\\'; | ||
| 28 | - if (pp == p) | ||
| 29 | + if (pp == p) { | ||
| 30 | + if (*p == '\0') | ||
| 31 | + syntax_error(EMSG_UNEXP_EOS); | ||
| 32 | *s++ = *p++; | ||
| 33 | - else | ||
| 34 | + } else | ||
| 35 | p = pp; | ||
| 36 | } | ||
| 37 | } | ||
diff --git a/meta/recipes-core/busybox/busybox_1.36.1.bb b/meta/recipes-core/busybox/busybox_1.36.1.bb index 6972eef81f..980a96b88a 100644 --- a/meta/recipes-core/busybox/busybox_1.36.1.bb +++ b/meta/recipes-core/busybox/busybox_1.36.1.bb | |||
| @@ -55,6 +55,7 @@ SRC_URI = "https://busybox.net/downloads/busybox-${PV}.tar.bz2;name=tarball \ | |||
| 55 | file://busybox-1.36.1-no-cbq.patch \ | 55 | file://busybox-1.36.1-no-cbq.patch \ |
| 56 | file://0001-awk-fix-precedence-of-relative-to.patch \ | 56 | file://0001-awk-fix-precedence-of-relative-to.patch \ |
| 57 | file://0002-awk-fix-ternary-operator-and-precedence-of.patch \ | 57 | file://0002-awk-fix-ternary-operator-and-precedence-of.patch \ |
| 58 | file://0001-awk.c-fix-CVE-2023-42366-bug-15874.patch \ | ||
| 58 | " | 59 | " |
| 59 | SRC_URI:append:libc-musl = " file://musl.cfg " | 60 | SRC_URI:append:libc-musl = " file://musl.cfg " |
| 60 | # TODO http://lists.busybox.net/pipermail/busybox/2023-January/090078.html | 61 | # TODO http://lists.busybox.net/pipermail/busybox/2023-January/090078.html |