awk: fix use after free (CVE-2022-30065)

fixes https://bugs.busybox.net/show_bug.cgi?id=14781

function                                             old     new   delta
evaluate                                            3343    3357     +14

Signed-off-by: Natanael Copa <ncopa@alpinelinux.org>
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
This commit is contained in:
Natanael Copa 2022-06-17 17:45:34 +02:00 committed by Denys Vlasenko
parent 3ad3aa6441
commit e63d7cdfda
2 changed files with 9 additions and 0 deletions

View File

@ -3128,6 +3128,9 @@ static var *evaluate(node *op, var *res)
case XC( OC_MOVE ): case XC( OC_MOVE ):
debug_printf_eval("MOVE\n"); debug_printf_eval("MOVE\n");
/* make sure that we never return a temp var */
if (L.v == TMPVAR0)
L.v = res;
/* if source is a temporary string, jusk relink it to dest */ /* if source is a temporary string, jusk relink it to dest */
if (R.v == TMPVAR1 if (R.v == TMPVAR1
&& !(R.v->type & VF_NUMBER) && !(R.v->type & VF_NUMBER)

View File

@ -479,4 +479,10 @@ testing 'awk backslash+newline eaten with no trace' \
"Hello world\n" \ "Hello world\n" \
'' '' '' ''
testing 'awk assign while test' \
"awk '\$1==\$1=\"foo\" {print \$1}'" \
"foo\n" \
"" \
"foo"
exit $FAILCOUNT exit $FAILCOUNT