Mail archive
alpine-aports

[alpine-aports] [PATCH] main/busybox: Fixed segfault in microcom

From: Marian Buschsieweke <marian.buschsieweke_at_ovgu.de>
Date: Thu, 3 Aug 2017 07:07:52 +0200

microcom does not check if required parameter "TTY" is present. Thus,
bb_basename() is called with a NULL pointer, if microcom is started without
any parameter. This in turn calls strlen() on this NULL pointer, resulting
in a segfault. The supplied patch adds a check for the missing TTY parameter
and prints usage when it is missing.
---
 main/busybox/0012-microcom-segfault.patch | 31 +++++++++++++++++++++++++++++++
 main/busybox/APKBUILD                     |  4 +++-
 2 files changed, 34 insertions(+), 1 deletion(-)
 create mode 100644 main/busybox/0012-microcom-segfault.patch
diff --git a/main/busybox/0012-microcom-segfault.patch b/main/busybox/0012-microcom-segfault.patch
new file mode 100644
index 0000000000..4789079b35
--- /dev/null
+++ b/main/busybox/0012-microcom-segfault.patch
_at_@ -0,0 +1,31 @@
+From fd8a0116a29ea4014fac7fbdba2636fc7b51ffc2 Mon Sep 17 00:00:00 2001
+From: Marian Buschsieweke <marian.buschsieweke_at_ovgu.de>
+Date: Wed, 2 Aug 2017 23:36:08 +0200
+Subject: [PATCH] miscutils/microcom: Fixed segfault
+
+microcom did not check if required parameter TTY is present. Thus,
+bb_basename() was called with a NULL pointer if TTY was missing.
+This commit adds the missing check.
+---
+ miscutils/microcom.c | 5 +++++
+ 1 file changed, 5 insertions(+)
+
+diff --git a/miscutils/microcom.c b/miscutils/microcom.c
+index 14b9f3baf..38f6425c1 100644
+--- a/miscutils/microcom.c
++++ b/miscutils/microcom.c
+_at_@ -78,6 +78,11 @@ int microcom_main(int argc UNUSED_PARAM, char **argv)
+ //	argc -= optind;
+ 	argv += optind;
+ 
++	if (*argv == NULL){
++		bb_show_usage();
++		return EXIT_FAILURE;
++	}
++
+ 	// try to create lock file in /var/lock
+ 	device_lock_file = (char *)bb_basename(argv[0]);
+ 	device_lock_file = xasprintf("/var/lock/LCK..%s", device_lock_file);
+-- 
+2.13.3
+
diff --git a/main/busybox/APKBUILD b/main/busybox/APKBUILD
index 012df29aa0..d8e68b13f0 100644
--- a/main/busybox/APKBUILD
+++ b/main/busybox/APKBUILD
_at_@ -3,7 +3,7 @@
 # Maintainer: Natanael Copa <ncopa_at_alpinelinux.org>
 pkgname=busybox
 pkgver=1.27.0
-pkgrel=3
+pkgrel=4
 pkgdesc="Size optimized toolbox of many common UNIX utilities"
 url=http://busybox.net
 arch="all"
_at_@ -30,6 +30,7 @@ source="http://busybox.net/downloads/$pkgname-$pkgver.tar.bz2
 	0010-udhcpc-Don-t-background-if-n-is-given.patch
 	0011-testsuite-fix-cpio-tests.patch
 	0001-unzip-fix-regression-on-big-endian-machines.patch
+	0012-microcom-segfault.patch
 
 	top-buffer-overflow.patch
 
_at_@ -181,6 +182,7 @@ d1c375184f806f7550bac5c82ab5471bdb8085d845172c973724b22af05ab3759b3ce982e088b4c4
 9b5143d0be615b1604d82007628d59a62721f1e61a63cca7a4ffa5e60fa8da102bfc21fa20cc35c2f5a0a24bc8013598f8eff5888f9d0f3bcfa796343b5f5a91  0010-udhcpc-Don-t-background-if-n-is-given.patch
 f4e00eb13fda752df13f300a7ed9b1320ca9f573c4309247f292c8710464d7be8740148f42e4aff16312335eadabce5a629dce4af58334b9199faf2fd658e4f9  0011-testsuite-fix-cpio-tests.patch
 daa6732a95a52a194d2031f2d5af5f658b9da3e8669fc2206000faaab7da56966a62646eed615fd1cbc5f07d42c03bf19ff183ef6f933b7daaeef1d388e21874  0001-unzip-fix-regression-on-big-endian-machines.patch
+a09a64b3bce8048c58a68dcd2dd9e63c911009c06195d6bb4e5aecfb5700e479c25b34635c60899127975fae32275ad51846ee75f840d612e00668ce9aba8322  0012-microcom-segfault.patch
 524e858b52cb31fb8d24e8c7f18606fff349aeab6a14da9cca3902641f6127980daed73c53586c6e8b41eecda06cdb29c40ff1dde2dc82a318c2649680458921  top-buffer-overflow.patch
 a9b1403c844c51934637215307dd9e2adb9458921047acff0d86dcf229b6e0027f4b2c6cdaa25a58407aad9d098fb5685d58eb5ff8d2aa3de4912cdea21fe54c  acpid.logrotate
 857dece10267a065e0e8c16dd6190656f890a5aff774e96321715673dda23e75a8e61148e81d6286b7bdfe737a0b99104f9b04deeb4f392c72b63d8e3d00e556  busyboxconfig
-- 
2.13.3
---
Unsubscribe:  alpine-aports+unsubscribe_at_lists.alpinelinux.org
Help:         alpine-aports+help_at_lists.alpinelinux.org
---
Received on Thu Aug 03 2017 - 07:07:52 UTC