diff options
Diffstat (limited to 'main/busybox/CVE-2017-16544.patch')
-rw-r--r-- | main/busybox/CVE-2017-16544.patch | 40 |
1 files changed, 40 insertions, 0 deletions
diff --git a/main/busybox/CVE-2017-16544.patch b/main/busybox/CVE-2017-16544.patch new file mode 100644 index 00000000000..27f101ccadf --- /dev/null +++ b/main/busybox/CVE-2017-16544.patch @@ -0,0 +1,40 @@ +From deece5e2f1b9a521955a8939175d28a440735c61 Mon Sep 17 00:00:00 2001 +From: Denys Vlasenko <vda.linux@googlemail.com> +Date: Tue, 7 Nov 2017 18:09:29 +0100 +Subject: [PATCH] lineedit: do not tab-complete any strings which have control + characters + +function old new delta +add_match 41 68 +27 + +Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com> +--- + libbb/lineedit.c | 12 ++++++++++++ + 1 file changed, 12 insertions(+) + +diff --git a/libbb/lineedit.c b/libbb/lineedit.c +index 31e392147..269009114 100644 +--- a/libbb/lineedit.c ++++ b/libbb/lineedit.c +@@ -633,6 +633,18 @@ static void free_tab_completion_data(void) + + static void add_match(char *matched) + { ++ unsigned char *p = (unsigned char*)matched; ++ while (*p) { ++ /* ESC attack fix: drop any string with control chars */ ++ if (*p < ' ' ++ || (!ENABLE_UNICODE_SUPPORT && *p >= 0x7f) ++ || (ENABLE_UNICODE_SUPPORT && *p == 0x7f) ++ ) { ++ free(matched); ++ return; ++ } ++ p++; ++ } + matches = xrealloc_vector(matches, 4, num_matches); + matches[num_matches] = matched; + num_matches++; +-- +2.15.0 + |