From: RISCi_ATOM <bob@bobcall.me>
Date: Tue, 12 Dec 2017 17:09:01 +0000 (-0500)
Subject: Add back cve2017-16544 busybox patch from master
X-Git-Tag: v1.4.2~20
X-Git-Url: https://git.librecmc.org/?a=commitdiff_plain;h=754b9ff208fdf35a9f1a0a3e3c2de35019206510;p=librecmc%2Flibrecmc.git

Add back cve2017-16544 busybox patch from master
---

diff --git a/package/utils/busybox/patches/900-fix_cve2017-16544.patch b/package/utils/busybox/patches/900-fix_cve2017-16544.patch
new file mode 100644
index 0000000000..4fd77e81d5
--- /dev/null
+++ b/package/utils/busybox/patches/900-fix_cve2017-16544.patch
@@ -0,0 +1,22 @@
+--- a/libbb/lineedit.c
++++ b/libbb/lineedit.c
+@@ -632,6 +632,19 @@ static void free_tab_completion_data(voi
+ 
+ static void add_match(char *matched)
+ {
++	unsigned char *p = (unsigned char*)matched;
++	while (*p) {
++		/* ESC attack fix: drop any string with control chars */
++		if (*p < ' '
++		 || (!ENABLE_UNICODE_SUPPORT && *p >= 0x7f)
++		 || (ENABLE_UNICODE_SUPPORT && *p == 0x7f)
++		) {
++			free(matched);
++			return;
++		}
++		p++;
++	}
++
+ 	matches = xrealloc_vector(matches, 4, num_matches);
+ 	matches[num_matches] = matched;
+ 	num_matches++;