diff --git a/backport-fix-use-after-free-in-bc-module.patch b/backport-fix-use-after-free-in-bc-module.patch new file mode 100644 index 0000000000000000000000000000000000000000..0867d4107f5579934e24c09b08ac3b4701b4711d --- /dev/null +++ b/backport-fix-use-after-free-in-bc-module.patch @@ -0,0 +1,29 @@ +From b7fe72349401199f804c1a34ed71a7d6bc93c4b9 Mon Sep 17 00:00:00 2001 +From: jackey_1024 +Date: Fri, 28 Oct 2022 10:15:23 +0800 +Subject: [PATCH] busybox: fix use after free in bc module + +backport from upstream: +https://git.busybox.net/busybox/commit/?id=41d5f800a14769704082f7faeabb8435285499be + +Signed-off-by: jackey_1024 +--- + miscutils/bc.c | 2 ++ + 1 file changed, 2 insertions(+) + +diff --git a/miscutils/bc.c b/miscutils/bc.c +index e880293..1e9a575 100644 +--- a/miscutils/bc.c ++++ b/miscutils/bc.c +@@ -2822,6 +2822,8 @@ static char peek_inbuf(void) + ) { + xc_read_line(&G.input_buffer, G.prs.lex_input_fp); + G.prs.lex_inbuf = G.input_buffer.v; ++ // lex_next_at may point to now-freed data, update it: ++ G.prs.lex_next_at = G.prs.lex_inbuf; + if (G.input_buffer.len <= 1) // on EOF, len is 1 (NUL byte) + G.prs.lex_input_fp = NULL; + } +-- +2.25.1 + diff --git a/busybox.spec b/busybox.spec index a5e323095d82a310498f806cf261fbb11cfda0fa..f60b535e648efb0527a1b7ba3bbe0c03fcd8f99b 100644 --- a/busybox.spec +++ b/busybox.spec @@ -4,7 +4,7 @@ %endif %if "%{!?RELEASE:1}" -%define RELEASE 14 +%define RELEASE 15 %endif Epoch: 1 @@ -28,6 +28,7 @@ Patch6004: backport-CVE-2021-42376.patch Patch6005: backport-fix-awk-cve.patch Patch6006: backport-CVE-2022-28391.patch Patch6007: backport-CVE-2022-30065.patch +Patch6008: backport-fix-use-after-free-in-bc-module.patch BuildRoot: %_topdir/BUILDROOT #Dependency @@ -103,6 +104,9 @@ install -m 644 docs/busybox.dynamic.1 $RPM_BUILD_ROOT/%{_mandir}/man1/busybox.1 %{_mandir}/man1/busybox.petitboot.1.gz %changelog +* Fri Oct 28 2022 jikui - 1:1.31.1-15 +- fix use after free in bc module + * Wed Aug 31 2022 jikui - 1:1.31.1-14 - add Epoch field in spec file