!227 [sync] PR-220: wall: fix escape sequence Injection

From: @openeuler-sync-bot Reviewed-by: @openeuler-basic Signed-off-by: @openeuler-basic
2024-04-15 13:10:08 +00:00 · 2024-04-15 13:10:08 +00:00 · d9245c91fe
commit d9245c91fe
parent 4a9d2e828f e15e1479d3
3 changed files with 68 additions and 1 deletions
--- a/backport-CVE-2024-28085.patch
+++ b/backport-CVE-2024-28085.patch
@ -0,0 +1,29 @@
+From 404b0781f52f7c045ca811b2dceec526408ac253 Mon Sep 17 00:00:00 2001
+From: Karel Zak <kzak@redhat.com>
+Date: Thu, 21 Mar 2024 11:16:20 +0100
+Subject: [PATCH] wall: fix escape sequence Injection [CVE-2024-28085]
+
+Let's use for all cases the same output function.
+
+Reported-by: Skyler Ferrante <sjf5462@rit.edu>
+Signed-off-by: Karel Zak <kzak@redhat.com>
+---
+ term-utils/wall.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/term-utils/wall.c b/term-utils/wall.c
+index f894a32f8..588d3a963 100644
+--- a/term-utils/wall.c
+++ b/term-utils/wall.c
+@@ -368,7 +368,7 @@ static char *makemsg(char *fname, char **mvec, int mvecsz,
+ 		int i;
+ 
+ 		for (i = 0; i < mvecsz; i++) {
+-			fputs(mvec[i], fs);
+			fputs_careful(mvec[i], fs, '^', true, TERM_WIDTH);
+ 			if (i < mvecsz - 1)
+ 				fputc(' ', fs);
+ 		}
+-- 
+2.33.0
+
--- a/backport-tests-test_mkfds-netlink-pass-a-correct-file-descrip.patch
+++ b/backport-tests-test_mkfds-netlink-pass-a-correct-file-descrip.patch
@ -0,0 +1,30 @@
+From acdba9c454506cdd29ac400df3f72bde4c74647d Mon Sep 17 00:00:00 2001
+From: Masatake YAMATO <yamato@redhat.com>
+Date: Wed, 3 Apr 2024 00:01:27 +0900
+Subject: [PATCH] tests: (test_mkfds::netlink) pass a correct file descriptor
+ to bind(2)
+
+Close #2901
+
+The original code passed a closed file descriptor to bind(2).
+
+Signed-off-by: Masatake YAMATO <yamato@redhat.com>
+---
+ tests/helpers/test_mkfds.c | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/tests/helpers/test_mkfds.c b/tests/helpers/test_mkfds.c
+index dd0a128a8..28ed3bffc 100644
+--- a/tests/helpers/test_mkfds.c
+++ b/tests/helpers/test_mkfds.c
+@@ -2293,6 +2293,7 @@ static void *make_netlink(const struct factory *factory, struct fdesc fdescs[],
+ 			err(EXIT_FAILURE, "failed to dup %d -> %d", sd, fdescs[0].fd);
+ 		}
+ 		close(sd);
+		sd = fdescs[0].fd;
+ 	}
+ 
+ 	struct sockaddr_nl nl;
+-- 
+2.33.0
+
--- a/util-linux.spec
+++ b/util-linux.spec
@ -3,7 +3,7 @@

 Name:           util-linux
 Version:        2.39.1
-Release:        4
+Release:        5
 Summary:        A random collection of Linux utilities
 License:        GPLv2 and GPLv2+ and LGPLv2+ and BSD with advertising and Public Domain
 URL:            https://git.kernel.org/pub/scm/utils/util-linux/util-linux.git
@ -26,6 +26,8 @@ Patch6004:      backport-fadvise-tests-factor-out-calls-to-fincore.patch
 Patch6005:      backport-fadvise-test-don-t-compare-fincore-page-counts.patch
 Patch6006:      backport-fadvise-test-test-with-64k-blocks.patch
 Patch6007:      backport-tests-lsfd-mkfds-alter-the-L4-ports-for-avo.patch
+Patch6008:      backport-CVE-2024-28085.patch
+Patch6009:      backport-tests-test_mkfds-netlink-pass-a-correct-file-descrip.patch

 Patch9000:      SKIPPED-no-root-permissions-test.patch
 %ifarch sw_64
@ -410,6 +412,12 @@ fi
 %endif

 %changelog
+* Sun Apr 7 2024 zhangyao <zhangyao108@huawei.com> - 2.39.1-5
+- Type:CVE
+- CVE:CVE-2024-28085
+- SUG:NA
+- DESC:fix CVE-2024-28085 and solve test_mkfds::netlink failed
+
 * Fri Dec 1 2023 jiahua.yu <jiahua.yu@shingroup.cn> - 2.39.1-4
 - Type:update
 - CVE:NA