diff options
author | Natanael Copa <ncopa@alpinelinux.org> | 2015-03-20 11:08:30 +0000 |
---|---|---|
committer | Natanael Copa <ncopa@alpinelinux.org> | 2015-03-20 11:08:56 +0000 |
commit | 124a4339b2e307db023572e5c771b425b7aebe86 (patch) | |
tree | 8418d91d07f0e73d47d98b739bb0185ad5d3014f | |
parent | 4a321833b7471a885bde7c6edeb027d98dac5a06 (diff) | |
download | aports-124a4339b2e307db023572e5c771b425b7aebe86.tar.bz2 aports-124a4339b2e307db023572e5c771b425b7aebe86.tar.xz |
main/busybox: security fix for CVE-2014-9645
fixes #3877
-rw-r--r-- | main/busybox/APKBUILD | 6 | ||||
-rw-r--r-- | main/busybox/CVE-2014-9645.patch | 206 |
2 files changed, 211 insertions, 1 deletions
diff --git a/main/busybox/APKBUILD b/main/busybox/APKBUILD index dd21d7af6..10a8392ed 100644 --- a/main/busybox/APKBUILD +++ b/main/busybox/APKBUILD @@ -1,7 +1,7 @@ # Maintainer: Natanael Copa <ncopa@alpinelinux.org> pkgname=busybox pkgver=1.22.1 -pkgrel=14 +pkgrel=15 pkgdesc="Size optimized toolbox of many common UNIX utilities" url=http://busybox.net arch="all" @@ -40,6 +40,7 @@ source="http://busybox.net/downloads/$pkgname-$pkgver.tar.bz2 1000-fbsplash-use-virtual-y-size-in-mmap-size-calculation.patch 1001-fbsplash-support-console-switching.patch 1002-fbsplash-support-image-and-bar-alignment-and-positio.patch + CVE-2014-9645.patch busyboxconfig glibc.patch" @@ -143,6 +144,7 @@ f2821edec523aadb36c3973d14386c1c fix-top.patch 699ce5aa1095ba4419cd595cec8a8f75 1000-fbsplash-use-virtual-y-size-in-mmap-size-calculation.patch b56d306ccba574da78dff060b7330806 1001-fbsplash-support-console-switching.patch 4fe5f9e973674c7db3d07f295c363a7c 1002-fbsplash-support-image-and-bar-alignment-and-positio.patch +be99c5fc740231791797681a997f8667 CVE-2014-9645.patch 2fe6e74affe7d4e5e112035cead59432 busyboxconfig befaac2c59c380e36a452b3f1c1d4a3a glibc.patch" sha256sums="ae0b029d0a9e4dd71a077a790840e496dd838998e4571b87b60fed7462b6678b busybox-1.22.1.tar.bz2 @@ -169,6 +171,7 @@ d4673907d58ce80e78a3bfe3c2414b15e7a2b072cfea0c87c2ae9f709744b9ec fix-top.patch 043963183cad556bdae5d5608180f0cb76cf7eede175cd97aa002a787780500f 1000-fbsplash-use-virtual-y-size-in-mmap-size-calculation.patch b8b0b16ed67b0159256193b1d2108b8ef9aa8a334ab81e463bb970c71257da9a 1001-fbsplash-support-console-switching.patch e1f3fad8e21dfd72cfcae7ab3ba31d7938e964e0f9ec08b2da0b14d462435424 1002-fbsplash-support-image-and-bar-alignment-and-positio.patch +106594ae7780edd08c44edb61f57384b6b988c6e5566cc5567a9347e1eee5c09 CVE-2014-9645.patch 9bfb197fb57f9b3ac5b7a8800dfda6e5f7bee10db5e892d58176fa3733fe5229 busyboxconfig c604ef791c31d35a8c5ee4558d21428a46f37a6d762c4a7e29864f4037fc44a0 glibc.patch" sha512sums="3e99fe373d638f714c3a61e1b02493d85ca532f472df038f7557db518ded38347072882ed568852941be7aac46fc34007257b4287375335ff5a09b60b295ce80 busybox-1.22.1.tar.bz2 @@ -195,5 +198,6 @@ a35b66cd28b79ccc14b47315ac94677fdf8c14d8a6e8956707e71fb50d453dfc5b4b822832cd1fae 2a8e9360e1cedd26bdb70d8cc036ef0abc7588bf2eee147c1c7436d7a40763f8e31d346b980145a36649130a2f811d299e4f46f7e1b60a8165a60ae9e79727d5 1000-fbsplash-use-virtual-y-size-in-mmap-size-calculation.patch a181dd54e8e11cf1199edb1b1fcd4b7402bbf142593b6014f32c6815bb7093b56899ad0fcc9f73c382f56203ac5274fb3d51fa070feb541436f23c31680f1a69 1001-fbsplash-support-console-switching.patch c33073416f7da2805a20f3f456f869217171c8fbfdef85f4ae481307aeb1e1b5717084bbbc619010fa5500c3f3f49b6468d5c122024fcc49d637c82427a3f553 1002-fbsplash-support-image-and-bar-alignment-and-positio.patch +b2df8bca8705fcb48135e6e3e83a0705f3474dc904852a623d641a7d78ea5403e329e457147eed2fc76c7730d682a0b12bc005841357ba118ce71f2c2f5ae2f8 CVE-2014-9645.patch 35ab915e729e73c4909793f58530edcfc10f10d750df0d41913892137f799f773a7bb476e29ed742c86d0f279603f85ed9bf5c660714571bc5f5179ea852aade busyboxconfig 1d2739379dab1deb3eae7cffd4845300eb7d30f7343b4a1209b21a5680860d55080ad45fdefe098b249ce3040c01951fa7f0a79cd447b2d7b260eb000099d9dc glibc.patch" diff --git a/main/busybox/CVE-2014-9645.patch b/main/busybox/CVE-2014-9645.patch new file mode 100644 index 000000000..5661a960a --- /dev/null +++ b/main/busybox/CVE-2014-9645.patch @@ -0,0 +1,206 @@ +diff --git a/modutils/depmod.c b/modutils/depmod.c +index aa228ec..37a8482 100644 +--- a/modutils/depmod.c ++++ b/modutils/depmod.c +@@ -33,7 +33,6 @@ typedef struct module_info { + static int FAST_FUNC parse_module(const char *fname, struct stat *sb UNUSED_PARAM, + void *data, int depth UNUSED_PARAM) + { +- char modname[MODULE_NAME_LEN]; + module_info **first = (module_info **) data; + char *image, *ptr; + module_info *info; +@@ -51,7 +50,10 @@ static int FAST_FUNC parse_module(const char *fname, struct stat *sb UNUSED_PARA + + info->dnext = info->dprev = info; + info->name = xstrdup(fname + 2); /* skip "./" */ +- info->modname = xstrdup(filename2modname(fname, modname)); ++ info->modname = filename2modname( ++ bb_get_last_path_component_nostrip(fname), ++ NULL ++ ); + for (ptr = image; ptr < image + len - 10; ptr++) { + if (strncmp(ptr, "depends=", 8) == 0) { + char *u; +@@ -242,17 +244,19 @@ int depmod_main(int argc UNUSED_PARAM, char **argv) + if (!(option_mask32 & OPT_n)) + xfreopen_write("modules.alias", stdout); + for (m = modules; m != NULL; m = m->next) { ++ char modname[MODULE_NAME_LEN]; + const char *fname = bb_basename(m->name); +- int fnlen = strchrnul(fname, '.') - fname; ++ filename2modname(fname, modname); + while (m->aliases) { +- /* Last word can well be m->modname instead, +- * but depmod from module-init-tools 3.4 +- * uses module basename, i.e., no s/-/_/g. +- * (pathname and .ko.* are still stripped) +- * Mimicking that... */ +- printf("alias %s %.*s\n", ++ /* ++ * Last word used to be a basename ++ * (filename with path and .ko.* stripped) ++ * at the time of module-init-tools 3.4. ++ * kmod v.12 uses module name, i.e., s/-/_/g. ++ */ ++ printf("alias %s %s\n", + (char*)llist_pop(&m->aliases), +- fnlen, fname); ++ modname); + } + } + #endif +@@ -260,12 +264,13 @@ int depmod_main(int argc UNUSED_PARAM, char **argv) + if (!(option_mask32 & OPT_n)) + xfreopen_write("modules.symbols", stdout); + for (m = modules; m != NULL; m = m->next) { ++ char modname[MODULE_NAME_LEN]; + const char *fname = bb_basename(m->name); +- int fnlen = strchrnul(fname, '.') - fname; ++ filename2modname(fname, modname); + while (m->symbols) { +- printf("alias symbol:%s %.*s\n", ++ printf("alias symbol:%s %s\n", + (char*)llist_pop(&m->symbols), +- fnlen, fname); ++ modname); + } + } + #endif +diff --git a/modutils/modinfo.c b/modutils/modinfo.c +index 7c978d1..ee37930 100644 +--- a/modutils/modinfo.c ++++ b/modutils/modinfo.c +@@ -34,14 +34,14 @@ struct modinfo_env { + int tags; + }; + +-static int display(const char *data, const char *pattern, int flag) ++static void display(const char *data, const char *pattern, int flag) + { + if (flag) { + int n = printf("%s:", pattern); + while (n++ < 16) + bb_putchar(' '); + } +- return printf("%s%c", data, (option_mask32 & OPT_0) ? '\0' : '\n'); ++ printf("%s%c", data, (option_mask32 & OPT_0) ? '\0' : '\n'); + } + + static void modinfo(const char *path, const char *version, +@@ -104,7 +104,8 @@ static void modinfo(const char *path, const char *version, + /* field prefixes are 0x80 or 0x00 */ + if ((ptr[-1] & 0x7F) == '\0') { + ptr += length + 1; +- ptr += display(ptr, pattern, (1<<j) != tags); ++ display(ptr, pattern, (1<<j) != tags); ++ ptr += strlen(ptr); + } + } + ++ptr; +@@ -153,7 +154,7 @@ int modinfo_main(int argc UNUSED_PARAM, char **argv) + if (colon == NULL) + continue; + *colon = '\0'; +- filename2modname(tokens[0], name); ++ filename2modname(bb_basename(tokens[0]), name); + for (i = 0; argv[i]; i++) { + if (fnmatch(argv[i], name, 0) == 0) { + modinfo(tokens[0], uts.release, &env); +diff --git a/modutils/modprobe.c b/modutils/modprobe.c +index 7f7446d..0e8aa9e 100644 +--- a/modutils/modprobe.c ++++ b/modutils/modprobe.c +@@ -229,9 +232,14 @@ static ALWAYS_INLINE struct module_entry *get_or_add_modentry(const char *module + { + return helper_get_module(module, 1); + } +-static ALWAYS_INLINE struct module_entry *get_modentry(const char *module) ++/* So far this function always gets a module pathname, never an alias name. ++ * The crucial difference is that pathname needs dirname stripping, ++ * while alias name must NOT do it! ++ * Testcase where dirname stripping is likely to go wrong: "modprobe devname:snd/timer" ++ */ ++static ALWAYS_INLINE struct module_entry *get_modentry(const char *pathname) + { +- return helper_get_module(module, 0); ++ return helper_get_module(bb_get_last_path_component_nostrip(pathname), 0); + } + + static void add_probe(const char *name) +@@ -417,7 +425,7 @@ static int do_modprobe(struct module_entry *m) + + rc = 0; + fn = llist_pop(&m->deps); /* we leak it */ +- m2 = get_or_add_modentry(fn); ++ m2 = get_or_add_modentry(bb_get_last_path_component_nostrip(fn)); + + if (option_mask32 & OPT_REMOVE) { + /* modprobe -r */ +@@ -499,7 +507,7 @@ static void load_modules_dep(void) + colon = last_char_is(tokens[0], ':'); + if (colon == NULL) + continue; +- *colon = 0; ++ *colon = '\0'; + + m = get_modentry(tokens[0]); + if (m == NULL) +@@ -546,7 +554,6 @@ int modprobe_main(int argc UNUSED_PARAM, char **argv) + + if (opt & OPT_LIST_ONLY) { + int i; +- char name[MODULE_NAME_LEN]; + char *colon, *tokens[2]; + parser_t *p = config_open2(CONFIG_DEFAULT_DEPMOD_FILE, xfopen_for_read); + +@@ -558,10 +565,14 @@ int modprobe_main(int argc UNUSED_PARAM, char **argv) + if (!colon) + continue; + *colon = '\0'; +- filename2modname(tokens[0], name); + if (!argv[0]) + puts(tokens[0]); + else { ++ char name[MODULE_NAME_LEN]; ++ filename2modname( ++ bb_get_last_path_component_nostrip(tokens[0]), ++ name ++ ); + for (i = 0; argv[i]; i++) { + if (fnmatch(argv[i], name, 0) == 0) { + puts(tokens[0]); +diff --git a/modutils/modutils.c b/modutils/modutils.c +index 6187ca7..84300d9 100644 +--- a/modutils/modutils.c ++++ b/modutils/modutils.c +@@ -47,18 +47,26 @@ int FAST_FUNC string_to_llist(char *string, llist_t **llist, const char *delim) + + char* FAST_FUNC filename2modname(const char *filename, char *modname) + { ++ char local_modname[MODULE_NAME_LEN]; + int i; +- char *from; ++ const char *from; + + if (filename == NULL) + return NULL; + if (modname == NULL) +- modname = xmalloc(MODULE_NAME_LEN); +- from = bb_get_last_path_component_nostrip(filename); ++ modname = local_modname; ++ // Disabled since otherwise "modprobe dir/name" would work ++ // as if it is "modprobe name". It is unclear why ++ // 'basenamization' was here in the first place. ++ //from = bb_get_last_path_component_nostrip(filename); ++ from = filename; + for (i = 0; i < (MODULE_NAME_LEN-1) && from[i] != '\0' && from[i] != '.'; i++) + modname[i] = (from[i] == '-') ? '_' : from[i]; + modname[i] = '\0'; + ++ if (modname == local_modname) ++ return xstrdup(modname); ++ + return modname; + } + |