From 74a4ad870a6f258fb3ef7dbd83bb67c3fbc828e2 Mon Sep 17 00:00:00 2001 From: ch_r Date: Wed, 17 Sep 2025 08:19:07 +0000 Subject: [PATCH] =?UTF-8?q?add=20backport-CVE-2024-58251.patch.=20?= =?UTF-8?q?=E4=BF=AE=E5=A4=8DCVE-2024-58251?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: ch_r --- backport-CVE-2024-58251.patch | 40 +++++++++++++++++++++++++++++++++++ 1 file changed, 40 insertions(+) create mode 100644 backport-CVE-2024-58251.patch diff --git a/backport-CVE-2024-58251.patch b/backport-CVE-2024-58251.patch new file mode 100644 index 0000000..90896b5 --- /dev/null +++ b/backport-CVE-2024-58251.patch @@ -0,0 +1,40 @@ +From 7bf400d5b8d9c68595ac18e50c8234aba0409deb Mon Sep 17 00:00:00 2001 +From: Kyle Steere +Date: Wed, 17 Sep 2025 10:02:31 +0800 +Subject: [PATCH] Fix CVE-2024-58251 - sanitize process names when + calling netstat + +In BusyBox netstat, local users can launch a network application with an +argv[0] containing ANSI terminal escape sequences, leading to a denial of +service (terminal locked up) when netstat is used by a victim. + +This patch sanitizes the process name before storing it in the cache, +replacing any non-printable characters (including escape sequences) with +'?'. + +CVE-2024-58251: https://nvd.nist.gov/vuln/detail/CVE-2024-58251 + +Signed-off-by: Kyle Steere +--- + networking/netstat.c | 6 +++++- + 1 file changed, 5 insertions(+), 1 deletion(-) + +diff --git a/networking/netstat.c b/networking/netstat.c +index 807800a..5ed8fc6 100644 +--- a/networking/netstat.c ++++ b/networking/netstat.c +@@ -316,7 +316,11 @@ static int FAST_FUNC dir_act(struct recursive_state *state, + + /* go through all files in /proc/PID/fd and check whether they are sockets */ + strcpy(proc_pid_fname + len - (sizeof("cmdline")-1), "fd"); +- pid_slash_progname = concat_path_file(pid, bb_basename(cmdline_buf)); /* "PID/argv0" */ ++ ++ /* Sanitize the program name to prevent ANSI escape sequences(CVE-2024-58251) */ ++ /* printable_string() returns a string with non-printable chars replaced by '?' */ ++ const char *sanitized_name = printable_string(bb_basename(cmdline_buf)); ++ pid_slash_progname = concat_path_file(pid, sanitized_name); /* "PID/argv0" */ + n = recursive_action(proc_pid_fname, + ACTION_RECURSE | ACTION_QUIET, + add_to_prg_cache_if_socket, +-- +2.12.3 \ No newline at end of file -- Gitee