代码拉取完成,页面将自动刷新
From c55dcbb77bb0bd7e61ce5c7a074013be06b32629 Mon Sep 17 00:00:00 2001
From: Valery Ushakov <uwe@stderr.spb.ru>
Date: Wed, 24 Jan 2024 22:24:41 +0300
Subject: [PATCH] awk.c: fix CVE-2023-42366 (bug #15874)
Make sure we don't read past the end of the string in next_token()
when backslash is the last character in an (invalid) regexp.
Conflict:No
Reference:https://git.alpinelinux.org/aports/plain/main/busybox/0026-awk.c-fix-CVE-2023-42366-bug-15874.patch
https://bugs.busybox.net/show_bug.cgi?id=15874
---
editors/awk.c | 6 ++++--
1 file changed, 4 insertions(+), 2 deletions(-)
diff --git a/editors/awk.c b/editors/awk.c
index 64e752f4b..222e6298d 100644
--- a/editors/awk.c
+++ b/editors/awk.c
@@ -1234,9 +1234,11 @@ static uint32_t next_token(uint32_t expected)
s[-1] = bb_process_escape_sequence((const char **)&pp);
if (*p == '\\')
*s++ = '\\';
- if (pp == p)
+ if (pp == p) {
+ if (*p == '\0')
+ syntax_error(EMSG_UNEXP_EOS);
*s++ = *p++;
- else
+ } else
p = pp;
}
}
此处可能存在不合适展示的内容,页面不予展示。您可通过相关编辑功能自查并修改。
如您确认内容无涉及 不当用语 / 纯广告导流 / 暴力 / 低俗色情 / 侵权 / 盗版 / 虚假 / 无价值内容或违法国家有关法律法规的内容,可点击提交进行申诉,我们将尽快为您处理。
马建仓 AI 助手