diff options
| author | dheerajpdsk <p.dheeraj.srujan.kumar@intel.com> | 2024-08-13 18:57:11 +0300 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2024-08-13 18:57:11 +0300 |
| commit | 2bd6e77fe603cc9ddd4b1ef5421282487bb7a7d3 (patch) | |
| tree | 0b18a326840e661d88333ec9aee349709f3596c1 /meta-openbmc-mods/meta-common/recipes-core/busybox | |
| parent | ac27a5095790a2d49a44d7c46440e375a8f84812 (diff) | |
| parent | 848b831c34ae28e7b8132834656ad59dc6b51a87 (diff) | |
| download | openbmc-1-release.tar.xz | |
Update to internal 1-1.20
Diffstat (limited to 'meta-openbmc-mods/meta-common/recipes-core/busybox')
3 files changed, 83 insertions, 0 deletions
diff --git a/meta-openbmc-mods/meta-common/recipes-core/busybox/busybox/CVE-2022-48174.patch b/meta-openbmc-mods/meta-common/recipes-core/busybox/busybox/CVE-2022-48174.patch new file mode 100644 index 000000000..7547770d3 --- /dev/null +++ b/meta-openbmc-mods/meta-common/recipes-core/busybox/busybox/CVE-2022-48174.patch @@ -0,0 +1,80 @@ +From e39d97700f78586fcbf0837478681ec481433b94 Mon Sep 17 00:00:00 2001 +From: Denys Vlasenko <vda.linux@googlemail.com> +Date: Mon, 12 Jun 2023 17:48:47 +0200 +Subject: [PATCH] shell: avoid segfault on ${0::0/0~09J}. Closes 15216 + +function old new delta +evaluate_string 1011 1053 +42 + +Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com> +--- + shell/math.c | 39 +++++++++++++++++++++++++++++++++++---- + 1 file changed, 35 insertions(+), 4 deletions(-) + +diff --git a/shell/math.c b/shell/math.c +index 2942cdd..e9bd62b 100644 +--- a/shell/math.c ++++ b/shell/math.c +@@ -582,6 +582,28 @@ static arith_t strto_arith_t(const char *nptr, char **endptr) + # endif + #endif + ++//TODO: much better estimation than expr_len/2? Such as: ++//static unsigned estimate_nums_and_names(const char *expr) ++//{ ++// unsigned count = 0; ++// while (*(expr = skip_whitespace(expr)) != '\0') { ++// const char *p; ++// if (isdigit(*expr)) { ++// while (isdigit(*++expr)) ++// continue; ++// count++; ++// continue; ++// } ++// p = endofname(expr); ++// if (p != expr) { ++// expr = p; ++// count++; ++// continue; ++// } ++// } ++// return count; ++//} ++ + static arith_t + evaluate_string(arith_state_t *math_state, const char *expr) + { +@@ -589,10 +611,12 @@ evaluate_string(arith_state_t *math_state, const char *expr) + const char *errmsg; + const char *start_expr = expr = skip_whitespace(expr); + unsigned expr_len = strlen(expr) + 2; +- /* Stack of integers */ +- /* The proof that there can be no more than strlen(startbuf)/2+1 +- * integers in any given correct or incorrect expression +- * is left as an exercise to the reader. */ ++ /* Stack of integers/names */ ++ /* There can be no more than strlen(startbuf)/2+1 ++ * integers/names in any given correct or incorrect expression. ++ * (modulo "09v09v09v09v09v" case, ++ * but we have code to detect that early) ++ */ + var_or_num_t *const numstack = alloca((expr_len / 2) * sizeof(numstack[0])); + var_or_num_t *numstackptr = numstack; + /* Stack of operator tokens */ +@@ -661,6 +685,13 @@ evaluate_string(arith_state_t *math_state, const char *expr) + numstackptr->var = NULL; + errno = 0; + numstackptr->val = strto_arith_t(expr, (char**) &expr); ++ /* A number can't be followed by another number, or a variable name. ++ * We'd catch this later anyway, but this would require numstack[] ++ * to be twice as deep to handle strings where _every_ char is ++ * a new number or name. Example: 09v09v09v09v09v09v09v09v09v ++ */ ++ if (isalnum(*expr) || *expr == '_') ++ goto err; + if (errno) + numstackptr->val = 0; /* bash compat */ + goto num; +-- +2.17.1 + diff --git a/meta-openbmc-mods/meta-common/recipes-core/busybox/busybox/disable.cfg b/meta-openbmc-mods/meta-common/recipes-core/busybox/busybox/disable.cfg index 2550ffaf5..f94ca156d 100644 --- a/meta-openbmc-mods/meta-common/recipes-core/busybox/busybox/disable.cfg +++ b/meta-openbmc-mods/meta-common/recipes-core/busybox/busybox/disable.cfg @@ -4,3 +4,5 @@ CONFIG_TELNET=n CONFIG_TFTP=n CONFIG_WGET=n CONFIG_UDHCPD=n +#To mitigate cpio utility CVE, 2023-39810 +CONFIG_CPIO=n diff --git a/meta-openbmc-mods/meta-common/recipes-core/busybox/busybox_%.bbappend b/meta-openbmc-mods/meta-common/recipes-core/busybox/busybox_%.bbappend index b9c654068..d6c8fcc36 100644 --- a/meta-openbmc-mods/meta-common/recipes-core/busybox/busybox_%.bbappend +++ b/meta-openbmc-mods/meta-common/recipes-core/busybox/busybox_%.bbappend @@ -5,6 +5,7 @@ SRC_URI += " \ file://CVE-2022-28391_1.patch \ file://CVE-2022-28391_2.patch \ file://CVE-2022-30065.patch \ + file://CVE-2022-48174.patch \ " SRC_URI += "${@bb.utils.contains('EXTRA_IMAGE_FEATURES', 'debug-tweaks','file://dev-only.cfg','',d)}" |