* [ptxdist] [PATCH] busybox: Plug CVE-2022-30065.
@ 2022-12-05 10:39 Christian Melki
2022-12-15 7:34 ` [ptxdist] [APPLIED] " Michael Olbrich
0 siblings, 1 reply; 2+ messages in thread
From: Christian Melki @ 2022-12-05 10:39 UTC (permalink / raw)
To: ptxdist
A use after free fix.
* Add upstream patch but remove the testcase that didn't apply.
Testcase isn't relevant for plugging the CVE.
* Place patch in the ptx tag as it is part modified.
Signed-off-by: Christian Melki <christian.melki@t2data.com>
---
...wk-fix-use-after-free-CVE-2022-30065.patch | 29 +++++++++++++++++++
patches/busybox-1.35.0/series | 3 +-
2 files changed, 31 insertions(+), 1 deletion(-)
create mode 100644 patches/busybox-1.35.0/0203-awk-fix-use-after-free-CVE-2022-30065.patch
diff --git a/patches/busybox-1.35.0/0203-awk-fix-use-after-free-CVE-2022-30065.patch b/patches/busybox-1.35.0/0203-awk-fix-use-after-free-CVE-2022-30065.patch
new file mode 100644
index 000000000..aff9faabc
--- /dev/null
+++ b/patches/busybox-1.35.0/0203-awk-fix-use-after-free-CVE-2022-30065.patch
@@ -0,0 +1,29 @@
+From: Natanael Copa <ncopa@alpinelinux.org>
+Date: Fri, 17 Jun 2022 17:45:34 +0200
+Subject: [PATCH] awk: fix use after free (CVE-2022-30065)
+
+fixes https://bugs.busybox.net/show_bug.cgi?id=14781
+
+function old new delta
+evaluate 3343 3357 +14
+
+Signed-off-by: Natanael Copa <ncopa@alpinelinux.org>
+Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
+---
+ editors/awk.c | 3 +++
+ 1 file changed, 3 insertions(+)
+
+diff --git a/editors/awk.c b/editors/awk.c
+index f6314ac7201a..654cbac33331 100644
+--- a/editors/awk.c
++++ b/editors/awk.c
+@@ -3114,6 +3114,9 @@ static var *evaluate(node *op, var *res)
+
+ case XC( OC_MOVE ):
+ debug_printf_eval("MOVE\n");
++ /* make sure that we never return a temp var */
++ if (L.v == TMPVAR0)
++ L.v = res;
+ /* if source is a temporary string, jusk relink it to dest */
+ if (R.v == TMPVAR1
+ && !(R.v->type & VF_NUMBER)
diff --git a/patches/busybox-1.35.0/series b/patches/busybox-1.35.0/series
index ee5360887..3e1a02a16 100644
--- a/patches/busybox-1.35.0/series
+++ b/patches/busybox-1.35.0/series
@@ -6,4 +6,5 @@
0200-reactivate-check-for-tty.patch
0201-build-system-only-pass-real-libs-to-SELINUX_LIBS.patch
0202-scripts-trylink-honour-SKIP_STRIP-and-don-t-strip-if.patch
-# 9c0cc4baa8090165b429198c9a10e02c - git-ptx-patches magic
+0203-awk-fix-use-after-free-CVE-2022-30065.patch
+# e8b4a3103390b1bd27c9ce24d1e435d7 - git-ptx-patches magic
--
2.34.1
^ permalink raw reply [flat|nested] 2+ messages in thread
* Re: [ptxdist] [APPLIED] busybox: Plug CVE-2022-30065.
2022-12-05 10:39 [ptxdist] [PATCH] busybox: Plug CVE-2022-30065 Christian Melki
@ 2022-12-15 7:34 ` Michael Olbrich
0 siblings, 0 replies; 2+ messages in thread
From: Michael Olbrich @ 2022-12-15 7:34 UTC (permalink / raw)
To: ptxdist; +Cc: Christian Melki
Thanks, applied as 46da668e48779c9be08561c0a6141456beb2b841.
Michael
[sent from post-receive hook]
On Thu, 15 Dec 2022 08:34:54 +0100, Christian Melki <christian.melki@t2data.com> wrote:
> A use after free fix.
>
> * Add upstream patch but remove the testcase that didn't apply.
> Testcase isn't relevant for plugging the CVE.
> * Place patch in the ptx tag as it is part modified.
>
> Signed-off-by: Christian Melki <christian.melki@t2data.com>
> Message-Id: <20221205103900.2531096-1-christian.melki@t2data.com>
> Signed-off-by: Michael Olbrich <m.olbrich@pengutronix.de>
>
> diff --git a/patches/busybox-1.35.0/0203-awk-fix-use-after-free-CVE-2022-30065.patch b/patches/busybox-1.35.0/0203-awk-fix-use-after-free-CVE-2022-30065.patch
> new file mode 100644
> index 000000000000..aff9faabc10e
> --- /dev/null
> +++ b/patches/busybox-1.35.0/0203-awk-fix-use-after-free-CVE-2022-30065.patch
> @@ -0,0 +1,29 @@
> +From: Natanael Copa <ncopa@alpinelinux.org>
> +Date: Fri, 17 Jun 2022 17:45:34 +0200
> +Subject: [PATCH] awk: fix use after free (CVE-2022-30065)
> +
> +fixes https://bugs.busybox.net/show_bug.cgi?id=14781
> +
> +function old new delta
> +evaluate 3343 3357 +14
> +
> +Signed-off-by: Natanael Copa <ncopa@alpinelinux.org>
> +Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
> +---
> + editors/awk.c | 3 +++
> + 1 file changed, 3 insertions(+)
> +
> +diff --git a/editors/awk.c b/editors/awk.c
> +index f6314ac7201a..654cbac33331 100644
> +--- a/editors/awk.c
> ++++ b/editors/awk.c
> +@@ -3114,6 +3114,9 @@ static var *evaluate(node *op, var *res)
> +
> + case XC( OC_MOVE ):
> + debug_printf_eval("MOVE\n");
> ++ /* make sure that we never return a temp var */
> ++ if (L.v == TMPVAR0)
> ++ L.v = res;
> + /* if source is a temporary string, jusk relink it to dest */
> + if (R.v == TMPVAR1
> + && !(R.v->type & VF_NUMBER)
> diff --git a/patches/busybox-1.35.0/series b/patches/busybox-1.35.0/series
> index ee536088790b..3e1a02a1659e 100644
> --- a/patches/busybox-1.35.0/series
> +++ b/patches/busybox-1.35.0/series
> @@ -6,4 +6,5 @@
> 0200-reactivate-check-for-tty.patch
> 0201-build-system-only-pass-real-libs-to-SELINUX_LIBS.patch
> 0202-scripts-trylink-honour-SKIP_STRIP-and-don-t-strip-if.patch
> -# 9c0cc4baa8090165b429198c9a10e02c - git-ptx-patches magic
> +0203-awk-fix-use-after-free-CVE-2022-30065.patch
> +# e8b4a3103390b1bd27c9ce24d1e435d7 - git-ptx-patches magic
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2022-12-15 7:35 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2022-12-05 10:39 [ptxdist] [PATCH] busybox: Plug CVE-2022-30065 Christian Melki
2022-12-15 7:34 ` [ptxdist] [APPLIED] " Michael Olbrich
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox