packages/busybox
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

fix CVE-2023-42363

Browse Source 
Signed-off-by: liuxu <liuxu156@huawei.com>
(cherry picked from commit d43abf028a0e120b85657d39f98fb2daabd4a333)
This commit is contained in:
liuxu 2024-07-22 14:21:02 +08:00 committed by openeuler-sync-bot
parent 8911429bd8
commit 89587450aa
2 changed files with 68 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

60
backport-CVE-2023-42363.patch Normal file
View File

@ -0,0 +1,60 @@
From 695db66d27d4dd9b6ec554e49b34903256dd38ed Mon Sep 17 00:00:00 2001
From: liuxu <liuxu156@huawei.com>
Date: Mon, 22 Jul 2024 11:43:51 +0800
Subject: [PATCH] fix CVE-2023-42363
backport from upstream:
https://git.busybox.net/busybox/commit/editors/awk.c?id=fb08d43d44d1fea1f741fafb9aa7e1958a5f69aa
Signed-off-by: liuxu <liuxu156@huawei.com>
---
editors/awk.c | 21 +++++++++++++--------
1 file changed, 13 insertions(+), 8 deletions(-)
diff --git a/editors/awk.c b/editors/awk.c
index 6a5846e..c202de3 100644
--- a/editors/awk.c
+++ b/editors/awk.c
@@ -2889,19 +2889,14 @@ static var *evaluate(node *op, var *res)
if ((opinfo & OF_REQUIRED) && !op1)
syntax_error(EMSG_TOO_FEW_ARGS);
L.v = evaluate(op1, TMPVAR0);
- if (opinfo & OF_STR1) {
- L.s = getvar_s(L.v);
- debug_printf_eval("L.s:'%s'\n", L.s);
- }
if (opinfo & OF_NUM1) {
L_d = getvar_i(L.v);
debug_printf_eval("L_d:%f\n", L_d);
}
}
- /* NB: Must get string/numeric values of L (done above)
- * _before_ evaluate()'ing R.v: if both L and R are $NNNs,
- * and right one is large, then L.v points to Fields[NNN1],
- * second evaluate() reallocates and moves (!) Fields[],
+ /* NB: if both L and R are $NNNs, and right one is large,
+ * then at this pint L.v points to Fields[NNN1], second
+ * evaluate() below reallocates and moves (!) Fields[],
* R.v points to Fields[NNN2] but L.v now points to freed mem!
* (Seen trying to evaluate "$444 $44444")
*/
@@ -2914,6 +2909,16 @@ static var *evaluate(node *op, var *res)
debug_printf_eval("R.s:'%s'\n", R.s);
}
}
+ /* Get L.s _after_ R.v is evaluated: it may have realloc'd L.v
+ * so we must get the string after "old_Fields_ptr" correction
+ * above. Testcase: x = (v = "abc", gsub("b", "X", v));
+ */
+ if (opinfo & OF_RES1) {
+ if (opinfo & OF_STR1) {
+ L.s = getvar_s(L.v);
+ debug_printf_eval("L.s:'%s'\n", L.s);
+ }
+ }
debug_printf_eval("switch(0x%x)\n", XC(opinfo & OPCLSMASK));
switch (XC(opinfo & OPCLSMASK)) {
--
2.43.0

9
busybox.spec
View File

@ -4,7 +4,7 @@
%endif %endif
%if "%{!?RELEASE:1}" %if "%{!?RELEASE:1}"
%define RELEASE 6 %define RELEASE 7
%endif %endif
Epoch: 1 Epoch: 1
@ -22,6 +22,7 @@ Source3: busybox-dynamic.config
Patch6000: backport-CVE-2022-28391.patch Patch6000: backport-CVE-2022-28391.patch
Patch6001: backport-CVE-2022-48174.patch Patch6001: backport-CVE-2022-48174.patch
Patch6002: backport-CVE-2023-42363.patch
BuildRoot: %_topdir/BUILDROOT BuildRoot: %_topdir/BUILDROOT
#Dependency #Dependency
@ -97,6 +98,12 @@ install -m 644 docs/busybox.dynamic.1 $RPM_BUILD_ROOT/%{_mandir}/man1/busybox.1
%{_mandir}/man1/busybox.petitboot.1.gz %{_mandir}/man1/busybox.petitboot.1.gz
%changelog %changelog
* Mon Jul 22 2024 liuxu <liuxu156@huawei.com> - 1:1.36.1-7
- Type:CVE
- Id:NA
- SUG:NA
- DESC:fix CVE-2023-42363
* Tue Jun 25 2024 liuxu <liuxu156@huawei.com> - 1:1.36.1-6 * Tue Jun 25 2024 liuxu <liuxu156@huawei.com> - 1:1.36.1-6
- Type:CVE - Type:CVE
- Id:NA - Id:NA