diff --git a/backport-CVE-2022-48174.patch b/backport-CVE-2022-48174.patch new file mode 100644 index 0000000000000000000000000000000000000000..b38c7a4cdae72bfff927ba78e83d145e31d9a2e9 --- /dev/null +++ b/backport-CVE-2022-48174.patch @@ -0,0 +1,27 @@ +From ba44d48bec1ced7d7706d84da33a5976f1d8c3cb Mon Sep 17 00:00:00 2001 +From: songbuhuang <544824346@qq.com> +Date: Wed, 30 Aug 2023 11:55:40 +0800 +Subject: [PATCH] fix CVE-2022-48174 + +Signed-off-by: songbuhuang <544824346@qq.com> +--- + shell/math.c | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +diff --git a/shell/math.c b/shell/math.c +index 2942cdd..8835e90 100644 +--- a/shell/math.c ++++ b/shell/math.c +@@ -593,7 +593,8 @@ evaluate_string(arith_state_t *math_state, const char *expr) + /* The proof that there can be no more than strlen(startbuf)/2+1 + * integers in any given correct or incorrect expression + * is left as an exercise to the reader. */ +- var_or_num_t *const numstack = alloca((expr_len / 2) * sizeof(numstack[0])); ++ /* Counterexample: 09J results in three integers. */ ++ var_or_num_t *const numstack = alloca((expr_len - 2) * sizeof(numstack[0])); + var_or_num_t *numstackptr = numstack; + /* Stack of operator tokens */ + operator *const stack = alloca(expr_len * sizeof(stack[0])); +-- +2.26.2 + diff --git a/busybox.spec b/busybox.spec index b769065da9eaa3ce0fc2e8b8371d70c7045c0746..a133dcee55cf071ca5cb8d7271c19d3b04165224 100644 --- a/busybox.spec +++ b/busybox.spec @@ -4,7 +4,7 @@ %endif %if "%{!?RELEASE:1}" -%define RELEASE 17 +%define RELEASE 18 %endif Epoch: 1 @@ -23,6 +23,7 @@ Source3: busybox-dynamic.config Patch6000: backport-CVE-2022-28391.patch Patch6001: backport-CVE-2022-30065.patch Patch6002: backport-fix-use-after-free-in-bc-module.patch +Patch6003: backport-CVE-2022-48174.patch BuildRoot: %_topdir/BUILDROOT #Dependency @@ -98,6 +99,12 @@ install -m 644 docs/busybox.dynamic.1 $RPM_BUILD_ROOT/%{_mandir}/man1/busybox.1 %{_mandir}/man1/busybox.petitboot.1.gz %changelog +* Wed Aug 30 2023 huangsong - 1:1.34.1-18 +- Type:CVE +- Id:NA +- SUG:NA +- DESC:fix CVE-2022-48174 + * Fri Oct 28 2022 jikui - 1:1.34.1-17 - fix use after free in bc module