busybox: fix CVE-2022-28391

Signed-off-by: jikui <jikui2@huawei.com>
(cherry picked from commit ffbec3fac41c3dc0e9fd7cc3c4008d5c6dd0ca5b)

backport-CVE-2022-28391.patch

@@ -0,0 +1,87 @@
+From 547745e674728aab32291bd13945d2d134054ffc Mon Sep 17 00:00:00 2001
+From: jikui <jikui2@huawei.com>
+Date: Tue, 19 Apr 2022 10:45:22 +0800
+Subject: [PATCH] busybox: fix CVE-2022-28391
+
+backport from upstream:
+https://git.alpinelinux.org/aports/plain/main/busybox/0001-libbb-sockaddr2str-ensure-only-printable-characters-.patch
+https://git.alpinelinux.org/aports/plain/main/busybox/0002-nslookup-sanitize-all-printed-strings-with-printable.patch
+
+Signed-off-by: jikui <jikui2@huawei.com>
+---
+ libbb/xconnect.c      |  5 +++--
+ networking/nslookup.c | 10 +++++-----
+ 2 files changed, 8 insertions(+), 7 deletions(-)
+
+diff --git a/libbb/xconnect.c b/libbb/xconnect.c
+index 5dd9cfd..264b987 100644
+--- a/libbb/xconnect.c
++++ b/libbb/xconnect.c
+@@ -505,12 +505,13 @@ static char* FAST_FUNC sockaddr2str(const struct sockaddr *sa, int flags)
+ 	);
+ 	if (rc)
+ 		return NULL;
++	/* ensure host contains only printable characters */
+ 	if (flags & IGNORE_PORT)
+-		return xstrdup(host);
++		return xstrdup(printable_string(host));
+ #if ENABLE_FEATURE_IPV6
+ 	if (sa->sa_family == AF_INET6) {
+ 		if (strchr(host, ':')) /* heh, it's not a resolved hostname */
+-			return xasprintf("[%s]:%s", host, serv);
++			return xasprintf("[%s]:%s", printable_string(host), serv);
+ 		/*return xasprintf("%s:%s", host, serv);*/
+ 		/* - fall through instead */
+ 	}
+diff --git a/networking/nslookup.c b/networking/nslookup.c
+index de7b5c0..0ba4adc 100644
+--- a/networking/nslookup.c
++++ b/networking/nslookup.c
+@@ -407,7 +407,7 @@ static int parse_reply(const unsigned char *msg, size_t len)
+ 				//printf("Unable to uncompress domain: %s\n", strerror(errno));
+ 				return -1;
+ 			}
+-			printf(format, ns_rr_name(rr), dname);
++			printf(format, ns_rr_name(rr), printable_string(dname));
+ 			break;
+ 
+ 		case ns_t_mx:
+@@ -422,7 +422,7 @@ static int parse_reply(const unsigned char *msg, size_t len)
+ 				//printf("Cannot uncompress MX domain: %s\n", strerror(errno));
+ 				return -1;
+ 			}
+-			printf("%s\tmail exchanger = %d %s\n", ns_rr_name(rr), n, dname);
++			printf("%s\tmail exchanger = %d %s\n", ns_rr_name(rr), n, printable_string(dname));
+ 			break;
+ 
+ 		case ns_t_txt:
+@@ -434,7 +434,7 @@ static int parse_reply(const unsigned char *msg, size_t len)
+ 			if (n > 0) {
+ 				memset(dname, 0, sizeof(dname));
+ 				memcpy(dname, ns_rr_rdata(rr) + 1, n);
+-				printf("%s\ttext = \"%s\"\n", ns_rr_name(rr), dname);
++				printf("%s\ttext = \"%s\"\n", ns_rr_name(rr), printable_string(dname));
+ 			}
+ 			break;
+ 
+@@ -454,7 +454,7 @@ static int parse_reply(const unsigned char *msg, size_t len)
+ 			}
+ 
+ 			printf("%s\tservice = %u %u %u %s\n", ns_rr_name(rr),
+-				ns_get16(cp), ns_get16(cp + 2), ns_get16(cp + 4), dname);
++				ns_get16(cp), ns_get16(cp + 2), ns_get16(cp + 4), printable_string(dname));
+ 			break;
+ 
+ 		case ns_t_soa:
+@@ -483,7 +483,7 @@ static int parse_reply(const unsigned char *msg, size_t len)
+ 				return -1;
+ 			}
+ 
+-			printf("\tmail addr = %s\n", dname);
++			printf("\tmail addr = %s\n", printable_string(dname));
+ 			cp += n;
+ 
+ 			printf("\tserial = %lu\n", ns_get32(cp));
+-- 
+2.17.1
+

busybox.spec

@@ -4,7 +4,7 @@
 %endif
 
 %if "%{!?RELEASE:1}"
-%define RELEASE 13
+%define RELEASE 14
 %endif
 
 Name: busybox
@@ -19,6 +19,8 @@ Source1: busybox-static.config
 Source2: busybox-petitboot.config
 Source3: busybox-dynamic.config
 
+Patch6000: backport-CVE-2022-28391.patch
+
 BuildRoot:      %_topdir/BUILDROOT
 #Dependency
 BuildRequires: gcc glibc-static
@@ -93,6 +95,12 @@ install -m 644 docs/busybox.dynamic.1 $RPM_BUILD_ROOT/%{_mandir}/man1/busybox.1
 %{_mandir}/man1/busybox.petitboot.1.gz
 
 %changelog
+* Tue Apr 19 2022 jikui <jikui2@huawei.com> - 1:1.34.1-14
+- Type:CVE
+- Id:NA
+- SUG:NA
+- DESC:fix CVE-2022-28391
+
 * Mon Nov 29 2021 jikui <jikui2@huawei.com> - 1:1.34.1-13
 - Type:enhancement
 - Id:NA