From a9c29b85148402f1a7abbd6b10cbb981861daa11 Mon Sep 17 00:00:00 2001
From: Owen Rafferty <owen@owenrafferty.com>
Date: Thu, 12 May 2022 23:01:50 -0500
Subject: [PATCH] busybox: CVE-2022-28391 patch

---
 core/busybox/checksums                    |  1 +
 core/busybox/patches/CVE-2022-28391.patch | 74 +++++++++++++++++++++++
 core/busybox/sources                      |  1 +
 core/busybox/version                      |  2 +-
 4 files changed, 77 insertions(+), 1 deletion(-)
 create mode 100644 core/busybox/patches/CVE-2022-28391.patch

diff --git a/core/busybox/checksums b/core/busybox/checksums
index 1b177d48..c5a6fc91 100644
--- a/core/busybox/checksums
+++ b/core/busybox/checksums
@@ -1,4 +1,5 @@
 611344ae01258592e84f6d85c917394dec1f21cd03a5075a62c3c012a368d15c
+1939646eddbd250c295aafc125ef19d5f916a143482bbb07764888ecbfa0ba26
 09c2f601fec4e5c10664c22f787dafb9424efe219bf826727c356da90dfd60d5
 8d84b1719dca2a751c09072c20cd782a3c47f119a68d35316f89d851daf67b88
 0f54301a73af461e8066bc805b48d991cfed513d08a2f036e015b19f97cb424a
diff --git a/core/busybox/patches/CVE-2022-28391.patch b/core/busybox/patches/CVE-2022-28391.patch
new file mode 100644
index 00000000..b8b59223
--- /dev/null
+++ b/core/busybox/patches/CVE-2022-28391.patch
@@ -0,0 +1,74 @@
+diff --git a/libbb/xconnect.c b/libbb/xconnect.c
+index 0e0b247b8..02c061e67 100644
+--- a/libbb/xconnect.c
++++ b/libbb/xconnect.c
+@@ -497,8 +497,9 @@ static char* FAST_FUNC sockaddr2str(const struct sockaddr *sa, int flags)
+ 	);
+ 	if (rc)
+ 		return NULL;
++	/* ensure host contains only printable characters */
+ 	if (flags & IGNORE_PORT)
+-		return xstrdup(host);
++		return xstrdup(printable_string(host));
+ #if ENABLE_FEATURE_IPV6
+ 	if (sa->sa_family == AF_INET6) {
+ 		if (strchr(host, ':')) /* heh, it's not a resolved hostname */
+@@ -509,7 +510,7 @@ static char* FAST_FUNC sockaddr2str(const struct sockaddr *sa, int flags)
+ #endif
+ 	/* For now we don't support anything else, so it has to be INET */
+ 	/*if (sa->sa_family == AF_INET)*/
+-		return xasprintf("%s:%s", host, serv);
++		return xasprintf("%s:%s", printable_string(host), serv);
+ 	/*return xstrdup(host);*/
+ }
+ 
+diff --git a/networking/nslookup.c b/networking/nslookup.c
+index 6da97baf4..4bdcde1b8 100644
+--- a/networking/nslookup.c
++++ b/networking/nslookup.c
+@@ -407,7 +407,7 @@ static NOINLINE int parse_reply(const unsigned char *msg, size_t len)
+ 				//printf("Unable to uncompress domain: %s\n", strerror(errno));
+ 				return -1;
+ 			}
+-			printf(format, ns_rr_name(rr), dname);
++			printf(format, ns_rr_name(rr), printable_string(dname));
+ 			break;
+ 
+ 		case ns_t_mx:
+@@ -422,7 +422,7 @@ static NOINLINE int parse_reply(const unsigned char *msg, size_t len)
+ 				//printf("Cannot uncompress MX domain: %s\n", strerror(errno));
+ 				return -1;
+ 			}
+-			printf("%s\tmail exchanger = %d %s\n", ns_rr_name(rr), n, dname);
++			printf("%s\tmail exchanger = %d %s\n", ns_rr_name(rr), n, printable_string(dname));
+ 			break;
+ 
+ 		case ns_t_txt:
+@@ -434,7 +434,7 @@ static NOINLINE int parse_reply(const unsigned char *msg, size_t len)
+ 			if (n > 0) {
+ 				memset(dname, 0, sizeof(dname));
+ 				memcpy(dname, ns_rr_rdata(rr) + 1, n);
+-				printf("%s\ttext = \"%s\"\n", ns_rr_name(rr), dname);
++				printf("%s\ttext = \"%s\"\n", ns_rr_name(rr), printable_string(dname));
+ 			}
+ 			break;
+ 
+@@ -454,7 +454,7 @@ static NOINLINE int parse_reply(const unsigned char *msg, size_t len)
+ 			}
+ 
+ 			printf("%s\tservice = %u %u %u %s\n", ns_rr_name(rr),
+-				ns_get16(cp), ns_get16(cp + 2), ns_get16(cp + 4), dname);
++				ns_get16(cp), ns_get16(cp + 2), ns_get16(cp + 4), printable_string(dname));
+ 			break;
+ 
+ 		case ns_t_soa:
+@@ -483,7 +483,7 @@ static NOINLINE int parse_reply(const unsigned char *msg, size_t len)
+ 				return -1;
+ 			}
+ 
+-			printf("\tmail addr = %s\n", dname);
++			printf("\tmail addr = %s\n", printable_string(dname));
+ 			cp += n;
+ 
+ 			printf("\tserial = %lu\n", ns_get32(cp));
+
diff --git a/core/busybox/sources b/core/busybox/sources
index 32664c5e..39cfeaac 100644
--- a/core/busybox/sources
+++ b/core/busybox/sources
@@ -1,4 +1,5 @@
 https://git.busybox.net/busybox/snapshot/busybox-MAJOR_MINOR_PATCH.tar.bz2
+patches/CVE-2022-28391.patch patch
 patches/adduser-no-setgid.patch patch
 patches/fsck-resolve-uuid.patch patch
 patches/modprobe-kernel-version.patch patch
diff --git a/core/busybox/version b/core/busybox/version
index 5f2b3d1e..cbdd11af 100644
--- a/core/busybox/version
+++ b/core/busybox/version
@@ -1 +1 @@
-1.35.0 2
+1.35.0 3