From 3c284dcb726ff6599d3b87fb366fb04411cf5595 Mon Sep 17 00:00:00 2001 From: Natanael Copa Date: Fri, 17 Jun 2022 09:52:11 +0000 Subject: [PATCH 1/2] awk: fix use after free (CVE-2022-30065) fixes https://bugs.busybox.net/show_bug.cgi?id=14781 Signed-off-by: Natanael Copa --- editors/awk.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/editors/awk.c b/editors/awk.c index 079d0bde5..728ee8685 100644 --- a/editors/awk.c +++ b/editors/awk.c @@ -3128,6 +3128,9 @@ static var *evaluate(node *op, var *res) case XC( OC_MOVE ): debug_printf_eval("MOVE\n"); + /* make sure that we never return a temp var */ + if (L.v == TMPVAR0) + L.v = res; /* if source is a temporary string, jusk relink it to dest */ if (R.v == TMPVAR1 && !(R.v->type & VF_NUMBER) -- 2.36.1