Gitiles
Code Review Sign In
gerrit.nordix.org / codeaurora / busybox / daa66ed62c79684219088cc0361d5b316d5d1295
commitdaa66ed62c79684219088cc0361d5b316d5d1295[log] [tgz]
authorDenys Vlasenko <vda.linux@googlemail.com>Tue Aug 02 12:41:18 2022 +0200
committerDenys Vlasenko <vda.linux@googlemail.com>Tue Aug 02 12:41:18 2022 +0200
tree45ea93d868cc86875bc4ab6998ff7a8e0e1677d0
parent1c5455284234e894dfb6086bf7f3e9a6d5d9611f [diff]
ash: fix use-after-free in pattern substituon code

Patch by soeren@soeren-tempel.net

The idx variable points to a value in the stack string (as managed
by STPUTC). STPUTC may resize this stack string via realloc(3). If
this happens, the idx pointer needs to be updated. Otherwise,
dereferencing idx may result in a use-after free.

function                                             old     new   delta
subevalvar                                          1562    1566      +4

Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
1 file changed
tree: 45ea93d868cc86875bc4ab6998ff7a8e0e1677d0
  1. applets/
  2. applets_sh/
  3. arch/
  4. archival/
  5. configs/
  6. console-tools/
  7. coreutils/
  8. debianutils/
  9. docs/
  10. e2fsprogs/
  11. editors/
  12. examples/
  13. findutils/
  14. include/
  15. init/
  16. klibc-utils/
  17. libbb/
  18. libpwdgrp/
  19. loginutils/
  20. mailutils/
  21. miscutils/
  22. modutils/
  23. networking/
  24. printutils/
  25. procps/
  26. qemu_multiarch_testing/
  27. runit/
  28. scripts/
  29. selinux/
  30. shell/
  31. sysklogd/
  32. testsuite/
  33. util-linux/
  34. .gitignore
  35. .indent.pro
  36. AUTHORS
  37. busybox_ldscript.README.txt
  38. Config.in
  39. INSTALL
  40. LICENSE
  41. make_single_applets.sh
  42. Makefile
  43. Makefile.custom
  44. Makefile.flags
  45. Makefile.help
  46. NOFORK_NOEXEC.lst
  47. NOFORK_NOEXEC.sh
  48. README
  49. size_single_applets.sh
  50. TODO
  51. TODO_unicode