fix CVE-2022-48174
Signed-off-by: songbuhuang <544824346@qq.com>
This commit is contained in:
songbuhuang
parent
320245b1d3
commit
5ef5f7eb06
27
backport-CVE-2022-48174.patch
Normal file
27
backport-CVE-2022-48174.patch
Normal file
@ -0,0 +1,27 @@
|
||||
From ba44d48bec1ced7d7706d84da33a5976f1d8c3cb Mon Sep 17 00:00:00 2001
|
||||
From: songbuhuang <544824346@qq.com>
|
||||
Date: Wed, 30 Aug 2023 11:55:40 +0800
|
||||
Subject: [PATCH] fix CVE-2022-48174
|
||||
|
||||
Signed-off-by: songbuhuang <544824346@qq.com>
|
||||
---
|
||||
shell/math.c | 3 ++-
|
||||
1 file changed, 2 insertions(+), 1 deletion(-)
|
||||
|
||||
diff --git a/shell/math.c b/shell/math.c
|
||||
index 2942cdd..8835e90 100644
|
||||
--- a/shell/math.c
|
||||
+++ b/shell/math.c
|
||||
@@ -593,7 +593,8 @@ evaluate_string(arith_state_t *math_state, const char *expr)
|
||||
/* The proof that there can be no more than strlen(startbuf)/2+1
|
||||
* integers in any given correct or incorrect expression
|
||||
* is left as an exercise to the reader. */
|
||||
- var_or_num_t *const numstack = alloca((expr_len / 2) * sizeof(numstack[0]));
|
||||
+ /* Counterexample: 09J results in three integers. */
|
||||
+ var_or_num_t *const numstack = alloca((expr_len - 2) * sizeof(numstack[0]));
|
||||
var_or_num_t *numstackptr = numstack;
|
||||
/* Stack of operator tokens */
|
||||
operator *const stack = alloca(expr_len * sizeof(stack[0]));
|
||||
--
|
||||
2.26.2
|
||||
|
||||
11
busybox.spec
11
busybox.spec
@ -4,7 +4,7 @@
|
||||
%endif
|
||||
|
||||
%if "%{!?RELEASE:1}"
|
||||
%define RELEASE 17
|
||||
%define RELEASE 18
|
||||
%endif
|
||||
Epoch: 1
|
||||
|
||||
@ -23,6 +23,7 @@ Source3: busybox-dynamic.config
|
||||
Patch6000: backport-CVE-2022-28391.patch
|
||||
Patch6001: backport-CVE-2022-30065.patch
|
||||
Patch6002: backport-fix-use-after-free-in-bc-module.patch
|
||||
Patch6003: backport-CVE-2022-48174.patch
|
||||
|
||||
BuildRoot: %_topdir/BUILDROOT
|
||||
#Dependency
|
||||
@ -98,7 +99,13 @@ install -m 644 docs/busybox.dynamic.1 $RPM_BUILD_ROOT/%{_mandir}/man1/busybox.1
|
||||
%{_mandir}/man1/busybox.petitboot.1.gz
|
||||
|
||||
%changelog
|
||||
* Wed Dec 14 2022 jikui <jikui2@huawei.com> - 1:1.34.1-17
|
||||
* Wed Aug 30 2023 huangsong <huangsong14@huawei.com> - 1:1.34.1-18
|
||||
- Type:CVE
|
||||
- Id:NA
|
||||
- SUG:NA
|
||||
- DESC:fix CVE-2022-48174
|
||||
|
||||
* Fri Oct 28 2022 jikui <jikui2@huawei.com> - 1:1.34.1-17
|
||||
- fix use after free in bc module
|
||||
|
||||
* Fri Aug 19 2022 jikui <jikui2@huawei.com> - 1:1.34.1-16
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user