diff --git a/backport-CVE-2022-48174.patch b/backport-CVE-2022-48174.patch new file mode 100644 index 0000000000000000000000000000000000000000..82fee09f73af7d1bd44d5e438cc0ee5c65d6c424 --- /dev/null +++ b/backport-CVE-2022-48174.patch @@ -0,0 +1,30 @@ +From c0b333aa189c65293b680b942086ace3f3bfc8c1 Mon Sep 17 00:00:00 2001 +From: huangsong +Date: Mon, 28 Aug 2023 16:27:43 +0800 +Subject: [PATCH] fix CVE-2022-48174 + +backport from upstream: +https://bugs.busybox.net/show_bug.cgi?id=15216 + +Signed-off-by: huangsong +--- + shell/math.c | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +diff --git a/shell/math.c b/shell/math.c +index 76d22c9..83ef85c 100644 +--- a/shell/math.c ++++ b/shell/math.c +@@ -588,7 +588,8 @@ evaluate_string(arith_state_t *math_state, const char *expr) + /* The proof that there can be no more than strlen(startbuf)/2+1 + * integers in any given correct or incorrect expression + * is left as an exercise to the reader. */ +- var_or_num_t *const numstack = alloca((expr_len / 2) * sizeof(numstack[0])); ++ /* Counterexample: 09J results in three integers. */ ++ var_or_num_t *const numstack = alloca((expr_len - 2) * sizeof(numstack[0])); + var_or_num_t *numstackptr = numstack; + /* Stack of operator tokens */ + operator *const stack = alloca(expr_len * sizeof(stack[0])); +-- +2.26.2 + diff --git a/busybox.spec b/busybox.spec index 41d6f26f2898edb5a69f0953ef67b0c43b7653cf..7989690093c455fa5d4abda4d6ea6b48219495ad 100644 --- a/busybox.spec +++ b/busybox.spec @@ -4,7 +4,7 @@ %endif %if "%{!?RELEASE:1}" -%define RELEASE 1 +%define RELEASE 2 %endif Epoch: 1 @@ -21,6 +21,7 @@ Source2: busybox-petitboot.config Source3: busybox-dynamic.config Patch6000: backport-CVE-2022-28391.patch +Patch6001: backport-CVE-2022-48174.patch BuildRoot: %_topdir/BUILDROOT #Dependency @@ -96,6 +97,12 @@ install -m 644 docs/busybox.dynamic.1 $RPM_BUILD_ROOT/%{_mandir}/man1/busybox.1 %{_mandir}/man1/busybox.petitboot.1.gz %changelog +* Mon Aug 28 2023 huangsong - 1:1.36.1-2 +- Type:CVE +- Id:NA +- SUG:NA +- DESC:fix CVE-2022-48174 + * Tue Jul 25 2023 huangsong - 1:1.36.1-1 - Type:enhancement - Id:NA