summaryrefslogtreecommitdiff
path: root/backport-CVE-2022-28391.patch
diff options
context:
space:
mode:
Diffstat (limited to 'backport-CVE-2022-28391.patch')
-rw-r--r--backport-CVE-2022-28391.patch87
1 files changed, 87 insertions, 0 deletions
diff --git a/backport-CVE-2022-28391.patch b/backport-CVE-2022-28391.patch
new file mode 100644
index 0000000..1396554
--- /dev/null
+++ b/backport-CVE-2022-28391.patch
@@ -0,0 +1,87 @@
+From 3de4e00dcc3f6223b01b418507f34e064eb437a7 Mon Sep 17 00:00:00 2001
+From: songbuhuang <544824346@qq.com>
+Date: Tue, 25 Jul 2023 15:42:43 +0800
+Subject: [PATCH] fix CVE-2022-28391
+
+backport from upstream:
+https://git.alpinelinux.org/aports/plain/main/busybox/0001-libbb-sockaddr2str-ensure-only-printable-characters-.patch
+https://git.alpinelinux.org/aports/plain/main/busybox/0002-nslookup-sanitize-all-printed-strings-with-printable.patch
+
+Signed-off-by: songbuhuang <544824346@qq.com>
+---
+ libbb/xconnect.c | 5 +++--
+ networking/nslookup.c | 10 +++++-----
+ 2 files changed, 8 insertions(+), 7 deletions(-)
+
+diff --git a/libbb/xconnect.c b/libbb/xconnect.c
+index 0e0b247..692a93b 100644
+--- a/libbb/xconnect.c
++++ b/libbb/xconnect.c
+@@ -497,12 +497,13 @@ static char* FAST_FUNC sockaddr2str(const struct sockaddr *sa, int flags)
+ );
+ if (rc)
+ return NULL;
++ /* ensure host contains only printable characters */
+ if (flags & IGNORE_PORT)
+- return xstrdup(host);
++ return xstrdup(printable_string(host));
+ #if ENABLE_FEATURE_IPV6
+ if (sa->sa_family == AF_INET6) {
+ if (strchr(host, ':')) /* heh, it's not a resolved hostname */
+- return xasprintf("[%s]:%s", host, serv);
++ return xasprintf("[%s]:%s", printable_string(host), serv);
+ /*return xasprintf("%s:%s", host, serv);*/
+ /* - fall through instead */
+ }
+diff --git a/networking/nslookup.c b/networking/nslookup.c
+index 6da97ba..4bdcde1 100644
+--- a/networking/nslookup.c
++++ b/networking/nslookup.c
+@@ -407,7 +407,7 @@ static NOINLINE int parse_reply(const unsigned char *msg, size_t len)
+ //printf("Unable to uncompress domain: %s\n", strerror(errno));
+ return -1;
+ }
+- printf(format, ns_rr_name(rr), dname);
++ printf(format, ns_rr_name(rr), printable_string(dname));
+ break;
+
+ case ns_t_mx:
+@@ -422,7 +422,7 @@ static NOINLINE int parse_reply(const unsigned char *msg, size_t len)
+ //printf("Cannot uncompress MX domain: %s\n", strerror(errno));
+ return -1;
+ }
+- printf("%s\tmail exchanger = %d %s\n", ns_rr_name(rr), n, dname);
++ printf("%s\tmail exchanger = %d %s\n", ns_rr_name(rr), n, printable_string(dname));
+ break;
+
+ case ns_t_txt:
+@@ -434,7 +434,7 @@ static NOINLINE int parse_reply(const unsigned char *msg, size_t len)
+ if (n > 0) {
+ memset(dname, 0, sizeof(dname));
+ memcpy(dname, ns_rr_rdata(rr) + 1, n);
+- printf("%s\ttext = \"%s\"\n", ns_rr_name(rr), dname);
++ printf("%s\ttext = \"%s\"\n", ns_rr_name(rr), printable_string(dname));
+ }
+ break;
+
+@@ -454,7 +454,7 @@ static NOINLINE int parse_reply(const unsigned char *msg, size_t len)
+ }
+
+ printf("%s\tservice = %u %u %u %s\n", ns_rr_name(rr),
+- ns_get16(cp), ns_get16(cp + 2), ns_get16(cp + 4), dname);
++ ns_get16(cp), ns_get16(cp + 2), ns_get16(cp + 4), printable_string(dname));
+ break;
+
+ case ns_t_soa:
+@@ -483,7 +483,7 @@ static NOINLINE int parse_reply(const unsigned char *msg, size_t len)
+ return -1;
+ }
+
+- printf("\tmail addr = %s\n", dname);
++ printf("\tmail addr = %s\n", printable_string(dname));
+ cp += n;
+
+ printf("\tserial = %lu\n", ns_get32(cp));
+--
+2.25.1
+
generated by cgit v1.2.3 (git 2.25.1) at 2025-05-02 21:46:13 +0000