From: Michael Olbrich <m.olbrich@pengutronix.de>
To: ptxdist@pengutronix.de
Cc: Christian Melki <christian.melki@t2data.com>
Subject: Re: [ptxdist] [APPLIED] busybox: Plug CVE-2022-30065.
Date: Thu, 15 Dec 2022 08:34:54 +0100 [thread overview]
Message-ID: <20221215073454.2504644-1-m.olbrich@pengutronix.de> (raw)
In-Reply-To: <20221205103900.2531096-1-christian.melki@t2data.com>
Thanks, applied as 46da668e48779c9be08561c0a6141456beb2b841.
Michael
[sent from post-receive hook]
On Thu, 15 Dec 2022 08:34:54 +0100, Christian Melki <christian.melki@t2data.com> wrote:
> A use after free fix.
>
> * Add upstream patch but remove the testcase that didn't apply.
> Testcase isn't relevant for plugging the CVE.
> * Place patch in the ptx tag as it is part modified.
>
> Signed-off-by: Christian Melki <christian.melki@t2data.com>
> Message-Id: <20221205103900.2531096-1-christian.melki@t2data.com>
> Signed-off-by: Michael Olbrich <m.olbrich@pengutronix.de>
>
> diff --git a/patches/busybox-1.35.0/0203-awk-fix-use-after-free-CVE-2022-30065.patch b/patches/busybox-1.35.0/0203-awk-fix-use-after-free-CVE-2022-30065.patch
> new file mode 100644
> index 000000000000..aff9faabc10e
> --- /dev/null
> +++ b/patches/busybox-1.35.0/0203-awk-fix-use-after-free-CVE-2022-30065.patch
> @@ -0,0 +1,29 @@
> +From: Natanael Copa <ncopa@alpinelinux.org>
> +Date: Fri, 17 Jun 2022 17:45:34 +0200
> +Subject: [PATCH] awk: fix use after free (CVE-2022-30065)
> +
> +fixes https://bugs.busybox.net/show_bug.cgi?id=14781
> +
> +function old new delta
> +evaluate 3343 3357 +14
> +
> +Signed-off-by: Natanael Copa <ncopa@alpinelinux.org>
> +Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
> +---
> + editors/awk.c | 3 +++
> + 1 file changed, 3 insertions(+)
> +
> +diff --git a/editors/awk.c b/editors/awk.c
> +index f6314ac7201a..654cbac33331 100644
> +--- a/editors/awk.c
> ++++ b/editors/awk.c
> +@@ -3114,6 +3114,9 @@ static var *evaluate(node *op, var *res)
> +
> + case XC( OC_MOVE ):
> + debug_printf_eval("MOVE\n");
> ++ /* make sure that we never return a temp var */
> ++ if (L.v == TMPVAR0)
> ++ L.v = res;
> + /* if source is a temporary string, jusk relink it to dest */
> + if (R.v == TMPVAR1
> + && !(R.v->type & VF_NUMBER)
> diff --git a/patches/busybox-1.35.0/series b/patches/busybox-1.35.0/series
> index ee536088790b..3e1a02a1659e 100644
> --- a/patches/busybox-1.35.0/series
> +++ b/patches/busybox-1.35.0/series
> @@ -6,4 +6,5 @@
> 0200-reactivate-check-for-tty.patch
> 0201-build-system-only-pass-real-libs-to-SELINUX_LIBS.patch
> 0202-scripts-trylink-honour-SKIP_STRIP-and-don-t-strip-if.patch
> -# 9c0cc4baa8090165b429198c9a10e02c - git-ptx-patches magic
> +0203-awk-fix-use-after-free-CVE-2022-30065.patch
> +# e8b4a3103390b1bd27c9ce24d1e435d7 - git-ptx-patches magic
prev parent reply other threads:[~2022-12-15 7:35 UTC|newest]
Thread overview: 2+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-12-05 10:39 [ptxdist] [PATCH] " Christian Melki
2022-12-15 7:34 ` Michael Olbrich [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20221215073454.2504644-1-m.olbrich@pengutronix.de \
--to=m.olbrich@pengutronix.de \
--cc=christian.melki@t2data.com \
--cc=ptxdist@pengutronix.de \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox