X-Original-To: alpine-aports@lists.alpinelinux.org Received: from mail.ovgu.de (mail.ovgu.de [141.44.1.66]) by lists.alpinelinux.org (Postfix) with ESMTP id 3A5B95C4C2D for ; Thu, 3 Aug 2017 05:08:53 +0000 (GMT) Received: from mail.ovgu.de (localhost [127.0.0.1]) by localhost (Postfix) with SMTP id 7A0B340065 for ; Thu, 3 Aug 2017 07:08:52 +0200 (CEST) Received: from notebook-marian.fritz.box (pD9EEBA1E.dip0.t-ipconnect.de [217.238.186.30]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by mail.ovgu.de (Postfix) with ESMTPSA id 08A0540062; Thu, 3 Aug 2017 07:08:52 +0200 (CEST) From: Marian Buschsieweke To: alpine-aports@lists.alpinelinux.org Cc: Marian Buschsieweke Subject: [alpine-aports] [PATCH] main/busybox: Fixed segfault in microcom Date: Thu, 3 Aug 2017 07:07:52 +0200 Message-Id: <20170803050752.17496-1-marian.buschsieweke@ovgu.de> X-Mailer: git-send-email 2.13.3 X-PMX-Version: 6.3.3.2656215, Antispam-Engine: 2.7.2.2107409, Antispam-Data: 2017.8.3.50316, AntiVirus-Engine: 5.40.0, AntiVirus-Data: 2017.8.2.5400002 X-PMX-Spam: Gauge=IIIIIIII, Probability=8%, Report=' HTML_00_01 0.05, HTML_00_10 0.05, BODY_SIZE_3000_3999 0, BODY_SIZE_5000_LESS 0, BODY_SIZE_7000_LESS 0, LEGITIMATE_SIGNS 0, MULTIPLE_REAL_RCPTS 0, NO_URI_HTTPS 0, RDNS_POOLED 0, RDNS_SUSP 0, RDNS_SUSP_SPECIFIC 0, __ANY_URI 0, __C230066_P5 0, __CC_NAME 0, __CC_NAME_DIFF_FROM_ACC 0, __CC_REAL_NAMES 0, __CP_URI_IN_BODY 0, __FRAUD_MONEY_CURRENCY 0, __FRAUD_MONEY_CURRENCY_DOLLAR 0, __FROM_DOMAIN_IN_ANY_CC1 0, __FROM_DOMAIN_IN_RCPT 0, __HAS_CC_HDR 0, __HAS_FROM 0, __HAS_MSGID 0, __HAS_X_MAILER 0, __MIME_TEXT_ONLY 0, __MIME_TEXT_P 0, __MIME_TEXT_P1 0, __MULTIPLE_URI_TEXT 0, __NO_HTML_TAG_RAW 0, __RDNS_POOLED_10 0, __SANE_MSGID 0, __SUBJ_ALPHA_END 0, __TO_MALFORMED_2 0, __TO_NO_NAME 0, __URI_IN_BODY 0, __URI_NOT_IMG 0, __URI_NO_PATH 0, __URI_NO_WWW 0, __URI_NS , __URI_WITHOUT_PATH 0' X-Spam-Score: Gauge=IIIIIIII X-PMX-consideredAsSpam: no X-Mailinglist: alpine-aports Precedence: list List-Id: Alpine Development List-Unsubscribe: List-Post: List-Help: List-Subscribe: microcom does not check if required parameter "TTY" is present. Thus, bb_basename() is called with a NULL pointer, if microcom is started without any parameter. This in turn calls strlen() on this NULL pointer, resulting in a segfault. The supplied patch adds a check for the missing TTY parameter and prints usage when it is missing. --- main/busybox/0012-microcom-segfault.patch | 31 +++++++++++++++++++++++++++++++ main/busybox/APKBUILD | 4 +++- 2 files changed, 34 insertions(+), 1 deletion(-) create mode 100644 main/busybox/0012-microcom-segfault.patch diff --git a/main/busybox/0012-microcom-segfault.patch b/main/busybox/0012-microcom-segfault.patch new file mode 100644 index 0000000000..4789079b35 --- /dev/null +++ b/main/busybox/0012-microcom-segfault.patch @@ -0,0 +1,31 @@ +From fd8a0116a29ea4014fac7fbdba2636fc7b51ffc2 Mon Sep 17 00:00:00 2001 +From: Marian Buschsieweke +Date: Wed, 2 Aug 2017 23:36:08 +0200 +Subject: [PATCH] miscutils/microcom: Fixed segfault + +microcom did not check if required parameter TTY is present. Thus, +bb_basename() was called with a NULL pointer if TTY was missing. +This commit adds the missing check. +--- + miscutils/microcom.c | 5 +++++ + 1 file changed, 5 insertions(+) + +diff --git a/miscutils/microcom.c b/miscutils/microcom.c +index 14b9f3baf..38f6425c1 100644 +--- a/miscutils/microcom.c ++++ b/miscutils/microcom.c +@@ -78,6 +78,11 @@ int microcom_main(int argc UNUSED_PARAM, char **argv) + // argc -= optind; + argv += optind; + ++ if (*argv == NULL){ ++ bb_show_usage(); ++ return EXIT_FAILURE; ++ } ++ + // try to create lock file in /var/lock + device_lock_file = (char *)bb_basename(argv[0]); + device_lock_file = xasprintf("/var/lock/LCK..%s", device_lock_file); +-- +2.13.3 + diff --git a/main/busybox/APKBUILD b/main/busybox/APKBUILD index 012df29aa0..d8e68b13f0 100644 --- a/main/busybox/APKBUILD +++ b/main/busybox/APKBUILD @@ -3,7 +3,7 @@ # Maintainer: Natanael Copa pkgname=busybox pkgver=1.27.0 -pkgrel=3 +pkgrel=4 pkgdesc="Size optimized toolbox of many common UNIX utilities" url=http://busybox.net arch="all" @@ -30,6 +30,7 @@ source="http://busybox.net/downloads/$pkgname-$pkgver.tar.bz2 0010-udhcpc-Don-t-background-if-n-is-given.patch 0011-testsuite-fix-cpio-tests.patch 0001-unzip-fix-regression-on-big-endian-machines.patch + 0012-microcom-segfault.patch top-buffer-overflow.patch @@ -181,6 +182,7 @@ d1c375184f806f7550bac5c82ab5471bdb8085d845172c973724b22af05ab3759b3ce982e088b4c4 9b5143d0be615b1604d82007628d59a62721f1e61a63cca7a4ffa5e60fa8da102bfc21fa20cc35c2f5a0a24bc8013598f8eff5888f9d0f3bcfa796343b5f5a91 0010-udhcpc-Don-t-background-if-n-is-given.patch f4e00eb13fda752df13f300a7ed9b1320ca9f573c4309247f292c8710464d7be8740148f42e4aff16312335eadabce5a629dce4af58334b9199faf2fd658e4f9 0011-testsuite-fix-cpio-tests.patch daa6732a95a52a194d2031f2d5af5f658b9da3e8669fc2206000faaab7da56966a62646eed615fd1cbc5f07d42c03bf19ff183ef6f933b7daaeef1d388e21874 0001-unzip-fix-regression-on-big-endian-machines.patch +a09a64b3bce8048c58a68dcd2dd9e63c911009c06195d6bb4e5aecfb5700e479c25b34635c60899127975fae32275ad51846ee75f840d612e00668ce9aba8322 0012-microcom-segfault.patch 524e858b52cb31fb8d24e8c7f18606fff349aeab6a14da9cca3902641f6127980daed73c53586c6e8b41eecda06cdb29c40ff1dde2dc82a318c2649680458921 top-buffer-overflow.patch a9b1403c844c51934637215307dd9e2adb9458921047acff0d86dcf229b6e0027f4b2c6cdaa25a58407aad9d098fb5685d58eb5ff8d2aa3de4912cdea21fe54c acpid.logrotate 857dece10267a065e0e8c16dd6190656f890a5aff774e96321715673dda23e75a8e61148e81d6286b7bdfe737a0b99104f9b04deeb4f392c72b63d8e3d00e556 busyboxconfig -- 2.13.3 --- Unsubscribe: alpine-aports+unsubscribe@lists.alpinelinux.org Help: alpine-aports+help@lists.alpinelinux.org ---