--- /dev/null
+Fix use-after-free in awk.
+
+CVE: CVE-2022-30065
+Upstream-Status: Submitted [http://lists.busybox.net/pipermail/busybox/2022-June/089768.html]
+Signed-off-by: Ross Burton <ross.burton@arm.com>
+
+fixes https://bugs.busybox.net/show_bug.cgi?id=14781
+
+Signed-off-by: Natanael Copa <ncopa at alpinelinux.org>
+---
+ editors/awk.c | 3 +++
+ 1 file changed, 3 insertions(+)
+
+diff --git a/editors/awk.c b/editors/awk.c
+index 079d0bde5..728ee8685 100644
+--- a/editors/awk.c
++++ b/editors/awk.c
+@@ -3128,6 +3128,9 @@ static var *evaluate(node *op, var *res)
+
+ case XC( OC_MOVE ):
+ debug_printf_eval("MOVE\n");
++ /* make sure that we never return a temp var */
++ if (L.v == TMPVAR0)
++ L.v = res;
+ /* if source is a temporary string, jusk relink it to dest */
+ if (R.v == TMPVAR1
+ && !(R.v->type & VF_NUMBER)
+--
+2.36.1
file://0001-sysctl-ignore-EIO-of-stable_secret-below-proc-sys-ne.patch \
file://0001-libbb-sockaddr2str-ensure-only-printable-characters-.patch \
file://0002-nslookup-sanitize-all-printed-strings-with-printable.patch \
+ file://CVE-2022-30065.patch \
"
SRC_URI:append:libc-musl = " file://musl.cfg "
projects / thirdparty / openembedded / openembedded-core-contrib.git / commitdiff
