From mboxrd@z Thu Jan  1 00:00:00 1970
Delivery-date: Thu, 15 Dec 2022 08:35:40 +0100
Received: from metis.ext.pengutronix.de ([2001:67c:670:201:290:27ff:fe1d:cc33])
	by lore.white.stw.pengutronix.de with esmtps  (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
	(Exim 4.94.2)
	(envelope-from <ptxdist-bounces+lore=lore.pengutronix.de@pengutronix.de>)
	id 1p5imJ-004SNO-SK
	for lore@lore.pengutronix.de; Thu, 15 Dec 2022 08:35:40 +0100
Received: from localhost ([127.0.0.1] helo=metis.ext.pengutronix.de)
	by metis.ext.pengutronix.de with esmtp (Exim 4.92)
	(envelope-from <ptxdist-bounces@pengutronix.de>)
	id 1p5imI-00011O-Ka; Thu, 15 Dec 2022 08:35:38 +0100
Received: from drehscheibe.grey.stw.pengutronix.de ([2a0a:edc0:0:c01:1d::a2])
 by metis.ext.pengutronix.de with esmtps
 (TLS1.3:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.92)
 (envelope-from <mol@pengutronix.de>)
 id 1p5ilb-0000Lc-Qk; Thu, 15 Dec 2022 08:34:55 +0100
Received: from [2a0a:edc0:0:1101:1d::54] (helo=dude05.red.stw.pengutronix.de)
 by drehscheibe.grey.stw.pengutronix.de with esmtp (Exim 4.94.2)
 (envelope-from <mol@pengutronix.de>)
 id 1p5ila-004eWY-D9; Thu, 15 Dec 2022 08:34:55 +0100
Received: from mol by dude05.red.stw.pengutronix.de with local (Exim 4.94.2)
 (envelope-from <mol@pengutronix.de>)
 id 1p5ila-00AVaG-Ck; Thu, 15 Dec 2022 08:34:54 +0100
From: Michael Olbrich <m.olbrich@pengutronix.de>
To: ptxdist@pengutronix.de
Date: Thu, 15 Dec 2022 08:34:54 +0100
Message-Id: <20221215073454.2504644-1-m.olbrich@pengutronix.de>
X-Mailer: git-send-email 2.30.2
In-Reply-To: <20221205103900.2531096-1-christian.melki@t2data.com>
References: <20221205103900.2531096-1-christian.melki@t2data.com>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
Subject: Re: [ptxdist] [APPLIED] busybox: Plug CVE-2022-30065.
X-BeenThere: ptxdist@pengutronix.de
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: PTXdist Development Mailing List <ptxdist.pengutronix.de>
List-Unsubscribe: <http://metis.pengutronix.de/cgi-bin/mailman/options/ptxdist>, 
 <mailto:ptxdist-request@pengutronix.de?subject=unsubscribe>
List-Archive: <http://metis.pengutronix.de/cgi-bin/mailman/private/ptxdist/>
List-Post: <mailto:ptxdist@pengutronix.de>
List-Help: <mailto:ptxdist-request@pengutronix.de?subject=help>
List-Subscribe: <http://metis.pengutronix.de/cgi-bin/mailman/listinfo/ptxdist>, 
 <mailto:ptxdist-request@pengutronix.de?subject=subscribe>
Reply-To: ptxdist@pengutronix.de
Cc: Christian Melki <christian.melki@t2data.com>
Sender: "ptxdist" <ptxdist-bounces@pengutronix.de>
X-SA-Exim-Connect-IP: 127.0.0.1
X-SA-Exim-Mail-From: ptxdist-bounces@pengutronix.de
X-SA-Exim-Scanned: No (on metis.ext.pengutronix.de); SAEximRunCond expanded to false

Thanks, applied as 46da668e48779c9be08561c0a6141456beb2b841.

Michael

[sent from post-receive hook]

On Thu, 15 Dec 2022 08:34:54 +0100, Christian Melki <christian.melki@t2data.com> wrote:
> A use after free fix.
> 
> * Add upstream patch but remove the testcase that didn't apply.
> Testcase isn't relevant for plugging the CVE.
> * Place patch in the ptx tag as it is part modified.
> 
> Signed-off-by: Christian Melki <christian.melki@t2data.com>
> Message-Id: <20221205103900.2531096-1-christian.melki@t2data.com>
> Signed-off-by: Michael Olbrich <m.olbrich@pengutronix.de>
> 
> diff --git a/patches/busybox-1.35.0/0203-awk-fix-use-after-free-CVE-2022-30065.patch b/patches/busybox-1.35.0/0203-awk-fix-use-after-free-CVE-2022-30065.patch
> new file mode 100644
> index 000000000000..aff9faabc10e
> --- /dev/null
> +++ b/patches/busybox-1.35.0/0203-awk-fix-use-after-free-CVE-2022-30065.patch
> @@ -0,0 +1,29 @@
> +From: Natanael Copa <ncopa@alpinelinux.org>
> +Date: Fri, 17 Jun 2022 17:45:34 +0200
> +Subject: [PATCH] awk: fix use after free (CVE-2022-30065)
> +
> +fixes https://bugs.busybox.net/show_bug.cgi?id=14781
> +
> +function                                             old     new   delta
> +evaluate                                            3343    3357     +14
> +
> +Signed-off-by: Natanael Copa <ncopa@alpinelinux.org>
> +Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
> +---
> + editors/awk.c | 3 +++
> + 1 file changed, 3 insertions(+)
> +
> +diff --git a/editors/awk.c b/editors/awk.c
> +index f6314ac7201a..654cbac33331 100644
> +--- a/editors/awk.c
> ++++ b/editors/awk.c
> +@@ -3114,6 +3114,9 @@ static var *evaluate(node *op, var *res)
> + 
> + 		case XC( OC_MOVE ):
> + 			debug_printf_eval("MOVE\n");
> ++			/* make sure that we never return a temp var */
> ++			if (L.v == TMPVAR0)
> ++				L.v = res;
> + 			/* if source is a temporary string, jusk relink it to dest */
> + 			if (R.v == TMPVAR1
> + 			 && !(R.v->type & VF_NUMBER)
> diff --git a/patches/busybox-1.35.0/series b/patches/busybox-1.35.0/series
> index ee536088790b..3e1a02a1659e 100644
> --- a/patches/busybox-1.35.0/series
> +++ b/patches/busybox-1.35.0/series
> @@ -6,4 +6,5 @@
>  0200-reactivate-check-for-tty.patch
>  0201-build-system-only-pass-real-libs-to-SELINUX_LIBS.patch
>  0202-scripts-trylink-honour-SKIP_STRIP-and-don-t-strip-if.patch
> -# 9c0cc4baa8090165b429198c9a10e02c  - git-ptx-patches magic
> +0203-awk-fix-use-after-free-CVE-2022-30065.patch
> +# e8b4a3103390b1bd27c9ce24d1e435d7  - git-ptx-patches magic