From b783318d486013f41378a40563e1848b3436b905 Mon Sep 17 00:00:00 2001 From: RISCi_ATOM Date: Mon, 20 Nov 2017 11:29:36 -0500 Subject: [PATCH] Fix Busybox CVE-2017-16544 issue --- .../patches/900-fix_cve2017-7467.patch | 22 +++++++++++++++++++ 1 file changed, 22 insertions(+) create mode 100644 package/utils/busybox/patches/900-fix_cve2017-7467.patch diff --git a/package/utils/busybox/patches/900-fix_cve2017-7467.patch b/package/utils/busybox/patches/900-fix_cve2017-7467.patch new file mode 100644 index 0000000000..4fd77e81d5 --- /dev/null +++ b/package/utils/busybox/patches/900-fix_cve2017-7467.patch @@ -0,0 +1,22 @@ +--- a/libbb/lineedit.c ++++ b/libbb/lineedit.c +@@ -632,6 +632,19 @@ static void free_tab_completion_data(voi + + static void add_match(char *matched) + { ++ unsigned char *p = (unsigned char*)matched; ++ while (*p) { ++ /* ESC attack fix: drop any string with control chars */ ++ if (*p < ' ' ++ || (!ENABLE_UNICODE_SUPPORT && *p >= 0x7f) ++ || (ENABLE_UNICODE_SUPPORT && *p == 0x7f) ++ ) { ++ free(matched); ++ return; ++ } ++ p++; ++ } ++ + matches = xrealloc_vector(matches, 4, num_matches); + matches[num_matches] = matched; + num_matches++; -- 2.25.1