Hi! Is there anything else I can do to help fix CVE-2022-30065? I have created a testcase for the testsuite and proposed a fix, but I'm not that familiar with awk code so I would appreciate some help with this before pushing it to thousands (millions?) of users.
Thanks! On Tue, 7 Jun 2022 21:56:27 +0200 Natanael Copa <[email protected]> wrote: > fixes https://bugs.busybox.net/show_bug.cgi?id=14781 > --- > editors/awk.c | 6 ++++-- > testsuite/awk.tests | 6 ++++++ > 2 files changed, 10 insertions(+), 2 deletions(-) > > diff --git a/editors/awk.c b/editors/awk.c > index 079d0bde5..be38289e4 100644 > --- a/editors/awk.c > +++ b/editors/awk.c > @@ -2921,8 +2921,8 @@ static var *evaluate(node *op, var *res) > */ > if (opinfo & OF_RES2) { > R.v = evaluate(op->r.n, TMPVAR1); > - //TODO: L.v may be invalid now, set L.v to NULL to > catch bugs? > - //L.v = NULL; > + // L.v may be invalid now, set L.v to NULL to catch bugs > + L.v = NULL; > if (opinfo & OF_STR2) { > R.s = getvar_s(R.v); > debug_printf_eval("R.s:'%s'\n", R.s); > @@ -3128,6 +3128,8 @@ static var *evaluate(node *op, var *res) > > case XC( OC_MOVE ): > debug_printf_eval("MOVE\n"); > + if (L.v == NULL) > + syntax_error(EMSG_POSSIBLE_ERROR); > /* if source is a temporary string, jusk relink it to > dest */ > if (R.v == TMPVAR1 > && !(R.v->type & VF_NUMBER) > diff --git a/testsuite/awk.tests b/testsuite/awk.tests > index 93e25d8c1..79e80176c 100755 > --- a/testsuite/awk.tests > +++ b/testsuite/awk.tests > @@ -479,4 +479,10 @@ testing 'awk backslash+newline eaten with no trace' \ > "Hello world\n" \ > '' '' > > +testing 'awk use-after-free (CVE-2022-30065)' \ > + "awk '\$3i\$3in\$9=\$r||\$9=i6/6-9f'" \ > + "" \ > + "awk: cmd. line:1: Possible syntax error" \ > + 'foo' > + > exit $FAILCOUNT _______________________________________________ busybox mailing list [email protected] http://lists.busybox.net/mailman/listinfo/busybox
