mailarchive of the ptxdist mailing list
 help / color / mirror / Atom feed
* [ptxdist] [PATCH] busybox: Plug CVE-2022-30065.
@ 2022-12-05 10:39 Christian Melki
  2022-12-15  7:34 ` [ptxdist] [APPLIED] " Michael Olbrich
  0 siblings, 1 reply; 2+ messages in thread
From: Christian Melki @ 2022-12-05 10:39 UTC (permalink / raw)
  To: ptxdist

A use after free fix.

* Add upstream patch but remove the testcase that didn't apply.
Testcase isn't relevant for plugging the CVE.
* Place patch in the ptx tag as it is part modified.

Signed-off-by: Christian Melki <christian.melki@t2data.com>
---
 ...wk-fix-use-after-free-CVE-2022-30065.patch | 29 +++++++++++++++++++
 patches/busybox-1.35.0/series                 |  3 +-
 2 files changed, 31 insertions(+), 1 deletion(-)
 create mode 100644 patches/busybox-1.35.0/0203-awk-fix-use-after-free-CVE-2022-30065.patch

diff --git a/patches/busybox-1.35.0/0203-awk-fix-use-after-free-CVE-2022-30065.patch b/patches/busybox-1.35.0/0203-awk-fix-use-after-free-CVE-2022-30065.patch
new file mode 100644
index 000000000..aff9faabc
--- /dev/null
+++ b/patches/busybox-1.35.0/0203-awk-fix-use-after-free-CVE-2022-30065.patch
@@ -0,0 +1,29 @@
+From: Natanael Copa <ncopa@alpinelinux.org>
+Date: Fri, 17 Jun 2022 17:45:34 +0200
+Subject: [PATCH] awk: fix use after free (CVE-2022-30065)
+
+fixes https://bugs.busybox.net/show_bug.cgi?id=14781
+
+function                                             old     new   delta
+evaluate                                            3343    3357     +14
+
+Signed-off-by: Natanael Copa <ncopa@alpinelinux.org>
+Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
+---
+ editors/awk.c | 3 +++
+ 1 file changed, 3 insertions(+)
+
+diff --git a/editors/awk.c b/editors/awk.c
+index f6314ac7201a..654cbac33331 100644
+--- a/editors/awk.c
++++ b/editors/awk.c
+@@ -3114,6 +3114,9 @@ static var *evaluate(node *op, var *res)
+ 
+ 		case XC( OC_MOVE ):
+ 			debug_printf_eval("MOVE\n");
++			/* make sure that we never return a temp var */
++			if (L.v == TMPVAR0)
++				L.v = res;
+ 			/* if source is a temporary string, jusk relink it to dest */
+ 			if (R.v == TMPVAR1
+ 			 && !(R.v->type & VF_NUMBER)
diff --git a/patches/busybox-1.35.0/series b/patches/busybox-1.35.0/series
index ee5360887..3e1a02a16 100644
--- a/patches/busybox-1.35.0/series
+++ b/patches/busybox-1.35.0/series
@@ -6,4 +6,5 @@
 0200-reactivate-check-for-tty.patch
 0201-build-system-only-pass-real-libs-to-SELINUX_LIBS.patch
 0202-scripts-trylink-honour-SKIP_STRIP-and-don-t-strip-if.patch
-# 9c0cc4baa8090165b429198c9a10e02c  - git-ptx-patches magic
+0203-awk-fix-use-after-free-CVE-2022-30065.patch
+# e8b4a3103390b1bd27c9ce24d1e435d7  - git-ptx-patches magic
-- 
2.34.1




^ permalink raw reply	[flat|nested] 2+ messages in thread

end of thread, other threads:[~2022-12-15  7:35 UTC | newest]

Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2022-12-05 10:39 [ptxdist] [PATCH] busybox: Plug CVE-2022-30065 Christian Melki
2022-12-15  7:34 ` [ptxdist] [APPLIED] " Michael Olbrich

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox