package/utils/busybox/patches/900-fix_cve2017-16544.patch

   1 --- a/libbb/lineedit.c
   2 +++ b/libbb/lineedit.c
   3 @@ -632,6 +632,19 @@ static void free_tab_completion_data(voi
   4
   5  static void add_match(char *matched)
   6  {
   7 +       unsigned char *p = (unsigned char*)matched;
   8 +       while (*p) {
   9 +               /* ESC attack fix: drop any string with control chars */
  10 +               if (*p < ' '
  11 +                || (!ENABLE_UNICODE_SUPPORT && *p >= 0x7f)
  12 +                || (ENABLE_UNICODE_SUPPORT && *p == 0x7f)
  13 +               ) {
  14 +                       free(matched);
  15 +                       return;
  16 +               }
  17 +               p++;
  18 +       }
  19 +
  20         matches = xrealloc_vector(matches, 4, num_matches);
  21         matches[num_matches] = matched;
  22         num_matches++;