packages/busybox
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

!34 fix CVE-2021-42376

Browse Source 
From: @xiechengliang
Reviewed-by: @flyflyflypeng,@duguhaotian
Signed-off-by: @duguhaotian
This commit is contained in:
openeuler-ci-bot 2021-11-25 03:07:48 +00:00 committed by Gitee
commit 4fcfb41f17
2 changed files with 142 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

134
backport-CVE-2021-42376.patch Normal file
View File

@ -0,0 +1,134 @@
From 32eeace23c100a733e2b7fa980683b9939892b55 Mon Sep 17 00:00:00 2001
From: xiechengliang <xiechengliang1@huawei.com>
Date: Sat, 20 Nov 2021 10:07:35 +0800
Subject: [PATCH] hush: fix handling of \^C and "^C"
function old new delta
parse_stream 2238 2252 +14
encode_string 243 256 +13
------------------------------------------------------------------------------
(add/remove: 0/0 grow/shrink: 2/0 up/down: 27/0) Total: 27 bytes
backport from upstream:
https://git.busybox.net/busybox/commit/?id=1b7a9b68d0e9aa19147d7fda16eb9a6b54156985
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
---
shell/ash_test/ash-misc/control_char3.right | 1 +
shell/ash_test/ash-misc/control_char3.tests | 2 ++
shell/ash_test/ash-misc/control_char4.right | 1 +
shell/ash_test/ash-misc/control_char4.tests | 2 ++
shell/hush.c | 11 +++++++++++
shell/hush_test/hush-misc/control_char3.right | 1 +
shell/hush_test/hush-misc/control_char3.tests | 2 ++
shell/hush_test/hush-misc/control_char4.right | 1 +
shell/hush_test/hush-misc/control_char4.tests | 2 ++
9 files changed, 23 insertions(+)
create mode 100644 shell/ash_test/ash-misc/control_char3.right
create mode 100755 shell/ash_test/ash-misc/control_char3.tests
create mode 100644 shell/ash_test/ash-misc/control_char4.right
create mode 100755 shell/ash_test/ash-misc/control_char4.tests
create mode 100644 shell/hush_test/hush-misc/control_char3.right
create mode 100755 shell/hush_test/hush-misc/control_char3.tests
create mode 100644 shell/hush_test/hush-misc/control_char4.right
create mode 100755 shell/hush_test/hush-misc/control_char4.tests
diff --git a/shell/ash_test/ash-misc/control_char3.right b/shell/ash_test/ash-misc/control_char3.right
new file mode 100644
index 000000000..283e02cbb
--- /dev/null
+++ b/shell/ash_test/ash-misc/control_char3.right
@@ -0,0 +1 @@
+SHELL: line 1: : not found
diff --git a/shell/ash_test/ash-misc/control_char3.tests b/shell/ash_test/ash-misc/control_char3.tests
new file mode 100755
index 000000000..4359db3f3
--- /dev/null
+++ b/shell/ash_test/ash-misc/control_char3.tests
@@ -0,0 +1,2 @@
+# (set argv0 to "SHELL" to avoid "/path/to/shell: blah" in error messages)
+$THIS_SH -c '\' SHELL
diff --git a/shell/ash_test/ash-misc/control_char4.right b/shell/ash_test/ash-misc/control_char4.right
new file mode 100644
index 000000000..2bf18e684
--- /dev/null
+++ b/shell/ash_test/ash-misc/control_char4.right
@@ -0,0 +1 @@
+SHELL: line 1: -: not found
diff --git a/shell/ash_test/ash-misc/control_char4.tests b/shell/ash_test/ash-misc/control_char4.tests
new file mode 100755
index 000000000..48010f154
--- /dev/null
+++ b/shell/ash_test/ash-misc/control_char4.tests
@@ -0,0 +1,2 @@
+# (set argv0 to "SHELL" to avoid "/path/to/shell: blah" in error messages)
+$THIS_SH -c '"-"' SHELL
diff --git a/shell/hush.c b/shell/hush.c
index 8d9ab244e..f1ceb80bb 100644
--- a/shell/hush.c
+++ b/shell/hush.c
@@ -5167,6 +5167,11 @@ static int encode_string(o_string *as_string,
}
#endif
o_addQchr(dest, ch);
+ if (ch == SPECIAL_VAR_SYMBOL) {
+ /* Convert "^C" to corresponding special variable reference */
+ o_addchr(dest, SPECIAL_VAR_QUOTED_SVS);
+ o_addchr(dest, SPECIAL_VAR_SYMBOL);
+ }
goto again;
#undef as_string
}
@@ -5278,6 +5283,11 @@ static struct pipe *parse_stream(char **pstring,
if (ch == '\n')
continue; /* drop \<newline>, get next char */
nommu_addchr(&ctx.as_string, '\\');
+ if (ch == SPECIAL_VAR_SYMBOL) {
+ nommu_addchr(&ctx.as_string, ch);
+ /* Convert \^C to corresponding special variable reference */
+ goto case_SPECIAL_VAR_SYMBOL;
+ }
o_addchr(&ctx.word, '\\');
if (ch == EOF) {
/* Testcase: eval 'echo Ok\' */
@@ -5596,6 +5606,7 @@ static struct pipe *parse_stream(char **pstring,
/* Note: nommu_addchr(&ctx.as_string, ch) is already done */
switch (ch) {
+ case_SPECIAL_VAR_SYMBOL:
case SPECIAL_VAR_SYMBOL:
/* Convert raw ^C to corresponding special variable reference */
o_addchr(&ctx.word, SPECIAL_VAR_SYMBOL);
diff --git a/shell/hush_test/hush-misc/control_char3.right b/shell/hush_test/hush-misc/control_char3.right
new file mode 100644
index 000000000..94b4f8699
--- /dev/null
+++ b/shell/hush_test/hush-misc/control_char3.right
@@ -0,0 +1 @@
+hush: can't execute '': No such file or directory
diff --git a/shell/hush_test/hush-misc/control_char3.tests b/shell/hush_test/hush-misc/control_char3.tests
new file mode 100755
index 000000000..4359db3f3
--- /dev/null
+++ b/shell/hush_test/hush-misc/control_char3.tests
@@ -0,0 +1,2 @@
+# (set argv0 to "SHELL" to avoid "/path/to/shell: blah" in error messages)
+$THIS_SH -c '\' SHELL
diff --git a/shell/hush_test/hush-misc/control_char4.right b/shell/hush_test/hush-misc/control_char4.right
new file mode 100644
index 000000000..698e21427
--- /dev/null
+++ b/shell/hush_test/hush-misc/control_char4.right
@@ -0,0 +1 @@
+hush: can't execute '-': No such file or directory
diff --git a/shell/hush_test/hush-misc/control_char4.tests b/shell/hush_test/hush-misc/control_char4.tests
new file mode 100755
index 000000000..48010f154
--- /dev/null
+++ b/shell/hush_test/hush-misc/control_char4.tests
@@ -0,0 +1,2 @@
+# (set argv0 to "SHELL" to avoid "/path/to/shell: blah" in error messages)
+$THIS_SH -c '"-"' SHELL
--
2.27.0

9
busybox.spec
View File

@ -4,7 +4,7 @@
%endif %endif
%if "%{!?RELEASE:1}" %if "%{!?RELEASE:1}"
%define RELEASE 8 %define RELEASE 9
%endif %endif
Name: busybox Name: busybox
@ -23,6 +23,7 @@ Patch6000: backport-CVE-2018-1000500.patch
Patch6001: backport-CVE-2021-28831.patch Patch6001: backport-CVE-2021-28831.patch
Patch6002: backport-CVE-2021-42374.patch Patch6002: backport-CVE-2021-42374.patch
Patch6003: backport-CVE-2021-42377.patch Patch6003: backport-CVE-2021-42377.patch
Patch6004: backport-CVE-2021-42376.patch
BuildRoot: %_topdir/BUILDROOT BuildRoot: %_topdir/BUILDROOT
#Dependency #Dependency
@ -98,6 +99,12 @@ install -m 644 docs/busybox.dynamic.1 $RPM_BUILD_ROOT/%{_mandir}/man1/busybox.1
%{_mandir}/man1/busybox.petitboot.1.gz %{_mandir}/man1/busybox.petitboot.1.gz
%changelog %changelog
* Wed Nov 24 2021 xiechengliang<xiechengliang1@huawei.com> - 1:1.31.1-9
- Type:CVE
- Id:NA
- SUG:NA
- DESC: fix CVE-2021-42376
* Mon Nov 22 2021 jikui<jikui2@huawei.com> - 1:1.31.1-8 * Mon Nov 22 2021 jikui<jikui2@huawei.com> - 1:1.31.1-8
- Type:CVE - Type:CVE
- Id:NA - Id:NA