packages/busybox
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

!30 fix CVE-2021-42374 and CVE-2021-42377

Browse Source 
From: @jackey_1024
Reviewed-by: @flyflyflypeng,@duguhaotian
Signed-off-by: @duguhaotian
This commit is contained in:
openeuler-ci-bot 2021-11-23 01:54:06 +00:00 committed by Gitee
commit 314a4bc8bb
3 changed files with 110 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

59
backport-CVE-2021-42374.patch Normal file
View File

@ -0,0 +1,59 @@
From 78bd0d8e6153da378ddc9016b42e0fe1bf89a853 Mon Sep 17 00:00:00 2001
From: jikui <jikui2@huawei.com>
Date: Mon, 22 Nov 2021 10:46:40 +0800
Subject: [PATCH] busybox: fix CVE-2021-42374
backport from upstream:
https://git.busybox.net/busybox/patch/?h=1_34_stable&id=04f052c56ded5ab6a904e3a264a73dc0412b2e78
Signed-off-by: jikui <jikui2@huawei.com>
---
archival/libarchive/decompress_unlzma.c | 5 ++++-
testsuite/unlzma.tests | 10 ++++++----
2 files changed, 10 insertions(+), 5 deletions(-)
diff --git a/archival/libarchive/decompress_unlzma.c b/archival/libarchive/decompress_unlzma.c
index 668b016..57a5c4a 100644
--- a/archival/libarchive/decompress_unlzma.c
+++ b/archival/libarchive/decompress_unlzma.c
@@ -290,8 +290,11 @@ unpack_lzma_stream(transformer_state_t *xstate)
uint32_t pos;
pos = buffer_pos - rep0;
- if ((int32_t)pos < 0)
+ if ((int32_t)pos < 0) {
pos += header.dict_size;
+ if ((int32_t)pos < 0)
+ goto bad;
+ }
match_byte = buffer[pos];
do {
int bit;
diff --git a/testsuite/unlzma.tests b/testsuite/unlzma.tests
index 0e98afe..8c120b1 100755
--- a/testsuite/unlzma.tests
+++ b/testsuite/unlzma.tests
@@ -8,14 +8,16 @@
# Damaged encrypted streams
testing "unlzma (bad archive 1)" \
- "unlzma <unlzma_issue_1.lzma >/dev/null; echo \$?" \
-"1
+ "unlzma <unlzma_issue_1.lzma 2>&1 >/dev/null; echo \$?" \
+"unlzma: corrupted data
+1
" "" ""
# Damaged encrypted streams
testing "unlzma (bad archive 2)" \
- "unlzma <unlzma_issue_2.lzma >/dev/null; echo \$?" \
-"1
+ "unlzma <unlzma_issue_2.lzma 2>&1 >/dev/null; echo \$?" \
+"unlzma: corrupted data
+1
" "" ""
exit $FAILCOUNT
--
2.25.1

42
backport-CVE-2021-42377.patch Normal file
View File

@ -0,0 +1,42 @@
From 977939c73d94cc6752192e6956e0cced3e0f2989 Mon Sep 17 00:00:00 2001
From: jikui <jikui2@huawei.com>
Date: Mon, 22 Nov 2021 16:36:26 +0800
Subject: [PATCH] busybox: fix CVE-2021-42377
backport from upstream:
https://git.busybox.net/busybox/commit/?h=1_34_stable&id=83a4967e50422867f340328d404994553e56b839
Signed-off-by: jikui <jikui2@huawei.com>
---
shell/hush.c | 6 +++++-
1 file changed, 5 insertions(+), 1 deletion(-)
diff --git a/shell/hush.c b/shell/hush.c
index 8d9ab24..08358c1 100644
--- a/shell/hush.c
+++ b/shell/hush.c
@@ -3637,9 +3637,10 @@ static void debug_print_tree(struct pipe *pi, int lvl)
pin = 0;
while (pi) {
- fdprintf(2, "%*spipe %d %sres_word=%s followup=%d %s\n",
+ fdprintf(2, "%*spipe %d #cmds:%d %sres_word=%s followup=%d %s\n",
lvl*2, "",
pin,
+ pi->num_cmds,
(IF_HAS_KEYWORDS(pi->pi_inverted ? "! " :) ""),
RES[pi->res_word],
pi->followup, PIPE[pi->followup]
@@ -3782,6 +3783,9 @@ static void done_pipe(struct parse_context *ctx, pipe_style type)
#endif
/* Replace all pipes in ctx with one newly created */
ctx->list_head = ctx->pipe = pi;
+ /* for case like "cmd && &", do not be tricked by last command
+ * being null - the entire {...} & is NOT null! */
+ not_null = 1;
} else {
no_conv:
ctx->pipe->followup = type;
--
2.25.1

10
busybox.spec
View File

@ -4,7 +4,7 @@
%endif %endif
%if "%{!?RELEASE:1}" %if "%{!?RELEASE:1}"
%define RELEASE 7 %define RELEASE 8
%endif %endif
Name: busybox Name: busybox
@ -21,6 +21,8 @@ Source3: busybox-dynamic.config
Patch6000: backport-CVE-2018-1000500.patch Patch6000: backport-CVE-2018-1000500.patch
Patch6001: backport-CVE-2021-28831.patch Patch6001: backport-CVE-2021-28831.patch
Patch6002: backport-CVE-2021-42374.patch
Patch6003: backport-CVE-2021-42377.patch
BuildRoot: %_topdir/BUILDROOT BuildRoot: %_topdir/BUILDROOT
#Dependency #Dependency
@ -96,6 +98,12 @@ install -m 644 docs/busybox.dynamic.1 $RPM_BUILD_ROOT/%{_mandir}/man1/busybox.1
%{_mandir}/man1/busybox.petitboot.1.gz %{_mandir}/man1/busybox.petitboot.1.gz
%changelog %changelog
* Mon Nov 22 2021 jikui<jikui2@huawei.com> - 1:1.31.1-8
- Type:CVE
- Id:NA
- SUG:NA
- DESC: fix CVE-2021-42374 and CVE-2021-42377
* Sat Apr 17 2021 leizhongkai<leizhongkai@huawei.com> - 1:1.31.1-7 * Sat Apr 17 2021 leizhongkai<leizhongkai@huawei.com> - 1:1.31.1-7
- Type:CVE - Type:CVE
- Id:NA - Id:NA