!221 [sync] PR-219: wall: fix escape sequence Injection

From: @openeuler-sync-bot Reviewed-by: @jiayi0118 Signed-off-by: @jiayi0118
2024-03-29 07:37:56 +00:00 · 2024-03-29 07:37:56 +00:00 · 65aae489bc
commit 65aae489bc
parent 45d167ec05 1ab48951fa
2 changed files with 37 additions and 1 deletions
--- a/backport-CVE-2024-28085.patch
+++ b/backport-CVE-2024-28085.patch
@ -0,0 +1,29 @@
+From 404b0781f52f7c045ca811b2dceec526408ac253 Mon Sep 17 00:00:00 2001
+From: Karel Zak <kzak@redhat.com>
+Date: Thu, 21 Mar 2024 11:16:20 +0100
+Subject: [PATCH] wall: fix escape sequence Injection [CVE-2024-28085]
+
+Let's use for all cases the same output function.
+
+Reported-by: Skyler Ferrante <sjf5462@rit.edu>
+Signed-off-by: Karel Zak <kzak@redhat.com>
+---
+ term-utils/wall.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/term-utils/wall.c b/term-utils/wall.c
+index f894a32f8..588d3a963 100644
+--- a/term-utils/wall.c
+++ b/term-utils/wall.c
+@@ -368,7 +368,7 @@ static char *makemsg(char *fname, char **mvec, int mvecsz,
+ 		int i;
+ 
+ 		for (i = 0; i < mvecsz; i++) {
+-			fputs(mvec[i], fs);
+			fputs_careful(mvec[i], fs, '^', true, TERM_WIDTH);
+ 			if (i < mvecsz - 1)
+ 				fputc(' ', fs);
+ 		}
+-- 
+2.33.0
+
--- a/util-linux.spec
+++ b/util-linux.spec
@ -3,7 +3,7 @@

 Name:           util-linux
 Version:        2.37.2
-Release:        27
+Release:        28
 Summary:        A random collection of Linux utilities
 License:        GPLv2 and GPLv2+ and LGPLv2+ and BSD with advertising and Public Domain
 URL:            https://git.kernel.org/pub/scm/utils/util-linux/util-linux.git
@ -143,6 +143,7 @@ Patch6121:      backport-lib-cpuset-exit-early-from-cpulist_parse.patch
 Patch6122:      backport-sys-utils-lscpu-Unblock-SIGSEGV-before-vmware_bdoor.patch
 Patch6123:      backport-libblkid-Check-offset-in-LUKS2-header.patch
 Patch6124:      backport-more-fix-poll-use.patch
+Patch6125:      backport-CVE-2024-28085.patch

 Patch9000:      Add-check-to-resolve-uname26-version-test-failed.patch
 Patch9001:      SKIPPED-no-root-permissions-test.patch
@ -514,6 +515,12 @@ fi
 %{_mandir}/man8/{swapoff.8*,swapon.8*,switch_root.8*,umount.8*,wdctl.8.gz,wipefs.8*,zramctl.8*}

 %changelog
+* Fri Mar 29 2024 zhangyao <zhangyao108@huawei.com> - 2.37.2-28
+- Type:CVE
+- CVE:CVE-2024-28085
+- SUG:NA
+- DESC:fix CVE-2024-28085
+
 * Mon Mar 11 2024 zhangyao <zhangyao108@huawei.com> - 2.37.2-27
 - Type:bugfix
 - CVE:NA