From: RISCi_ATOM <bob@bobcall.me>
Date: Mon, 20 Nov 2017 16:41:06 +0000 (-0500)
Subject: Fix Busybox CVE-2017-16544 issue
X-Git-Tag: v1.4.2~49
X-Git-Url: https://git.librecmc.org/?p=librecmc%2Flibrecmc.git;a=commitdiff_plain;h=51331fc0030a03e59c23a085f1732a0c979084ee

Fix Busybox CVE-2017-16544 issue
---

diff --git a/package/utils/busybox/patches/900-fix_cve2017-16544.patch b/package/utils/busybox/patches/900-fix_cve2017-16544.patch
new file mode 100644
index 0000000000..4fd77e81d5
--- /dev/null
+++ b/package/utils/busybox/patches/900-fix_cve2017-16544.patch
@@ -0,0 +1,22 @@
+--- a/libbb/lineedit.c
++++ b/libbb/lineedit.c
+@@ -632,6 +632,19 @@ static void free_tab_completion_data(voi
+ 
+ static void add_match(char *matched)
+ {
++	unsigned char *p = (unsigned char*)matched;
++	while (*p) {
++		/* ESC attack fix: drop any string with control chars */
++		if (*p < ' '
++		 || (!ENABLE_UNICODE_SUPPORT && *p >= 0x7f)
++		 || (ENABLE_UNICODE_SUPPORT && *p == 0x7f)
++		) {
++			free(matched);
++			return;
++		}
++		p++;
++	}
++
+ 	matches = xrealloc_vector(matches, 4, num_matches);
+ 	matches[num_matches] = matched;
+ 	num_matches++;