Projects
Eulaceura:Mainline:GA
busybox
_service:obs_scm:backport-CVE-2023-42363.patch
Sign Up
Log In
Username
Password
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File _service:obs_scm:backport-CVE-2023-42363.patch of Package busybox
From 695db66d27d4dd9b6ec554e49b34903256dd38ed Mon Sep 17 00:00:00 2001 From: liuxu <liuxu156@huawei.com> Date: Mon, 22 Jul 2024 11:43:51 +0800 Subject: [PATCH] fix CVE-2023-42363 backport from upstream: https://git.busybox.net/busybox/commit/editors/awk.c?id=fb08d43d44d1fea1f741fafb9aa7e1958a5f69aa Signed-off-by: liuxu <liuxu156@huawei.com> --- editors/awk.c | 21 +++++++++++++-------- 1 file changed, 13 insertions(+), 8 deletions(-) diff --git a/editors/awk.c b/editors/awk.c index 6a5846e..c202de3 100644 --- a/editors/awk.c +++ b/editors/awk.c @@ -2889,19 +2889,14 @@ static var *evaluate(node *op, var *res) if ((opinfo & OF_REQUIRED) && !op1) syntax_error(EMSG_TOO_FEW_ARGS); L.v = evaluate(op1, TMPVAR0); - if (opinfo & OF_STR1) { - L.s = getvar_s(L.v); - debug_printf_eval("L.s:'%s'\n", L.s); - } if (opinfo & OF_NUM1) { L_d = getvar_i(L.v); debug_printf_eval("L_d:%f\n", L_d); } } - /* NB: Must get string/numeric values of L (done above) - * _before_ evaluate()'ing R.v: if both L and R are $NNNs, - * and right one is large, then L.v points to Fields[NNN1], - * second evaluate() reallocates and moves (!) Fields[], + /* NB: if both L and R are $NNNs, and right one is large, + * then at this pint L.v points to Fields[NNN1], second + * evaluate() below reallocates and moves (!) Fields[], * R.v points to Fields[NNN2] but L.v now points to freed mem! * (Seen trying to evaluate "$444 $44444") */ @@ -2914,6 +2909,16 @@ static var *evaluate(node *op, var *res) debug_printf_eval("R.s:'%s'\n", R.s); } } + /* Get L.s _after_ R.v is evaluated: it may have realloc'd L.v + * so we must get the string after "old_Fields_ptr" correction + * above. Testcase: x = (v = "abc", gsub("b", "X", v)); + */ + if (opinfo & OF_RES1) { + if (opinfo & OF_STR1) { + L.s = getvar_s(L.v); + debug_printf_eval("L.s:'%s'\n", L.s); + } + } debug_printf_eval("switch(0x%x)\n", XC(opinfo & OPCLSMASK)); switch (XC(opinfo & OPCLSMASK)) { -- 2.43.0
Locations
Projects
Search
Status Monitor
Help
Open Build Service
OBS Manuals
API Documentation
OBS Portal
Reporting a Bug
Contact
Mailing List
Forums
Chat (IRC)
Twitter
Open Build Service (OBS)
is an
openSUSE project
.
浙ICP备2022010568号-2