diff options
| author | Natanael Copa | 2022-06-17 17:45:34 +0200 |
|---|---|---|
| committer | Denys Vlasenko | 2022-07-11 17:18:07 +0200 |
| commit | e63d7cdfdac78c6fd27e9e63150335767592b85e (patch) | |
| tree | 739766fbef0d27275782776b94985f9775ec7934 /editors | |
| parent | 3ad3aa6441ebaf817137051de2b74cb6b4379e7f (diff) | |
| download | busybox-e63d7cdfdac78c6fd27e9e63150335767592b85e.zip busybox-e63d7cdfdac78c6fd27e9e63150335767592b85e.tar.gz | |
awk: fix use after free (CVE-2022-30065)
fixes https://bugs.busybox.net/show_bug.cgi?id=14781
function old new delta
evaluate 3343 3357 +14
Signed-off-by: Natanael Copa <ncopa@alpinelinux.org>
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
Diffstat (limited to 'editors')
| -rw-r--r-- | editors/awk.c | 3 |
1 files changed, 3 insertions, 0 deletions
diff --git a/editors/awk.c b/editors/awk.c index 079d0bd..728ee86 100644 --- a/editors/awk.c +++ b/editors/awk.c @@ -3128,6 +3128,9 @@ static var *evaluate(node *op, var *res) case XC( OC_MOVE ): debug_printf_eval("MOVE\n"); + /* make sure that we never return a temp var */ + if (L.v == TMPVAR0) + L.v = res; /* if source is a temporary string, jusk relink it to dest */ if (R.v == TMPVAR1 && !(R.v->type & VF_NUMBER) |