[PATCH] awk: fix use after free (CVE-2022-30065)

Natanael Copa ncopa at alpinelinux.org
Thu Jun 16 10:54:56 UTC 2022


On Tue, 14 Jun 2022 18:24:54 +0200
Denys Vlasenko <vda.linux at googlemail.com> wrote:

> On Tue, Jun 14, 2022 at 8:55 AM Natanael Copa <ncopa at alpinelinux.org> wrote:
> > Hi!
> >
> > Is there anything else I can do to help fix CVE-2022-30065? I have
> > created a testcase for the testsuite and proposed a fix, but I'm not
> > that familiar with awk code so I would appreciate some help with this
> > before pushing it to thousands (millions?) of users.  
> 
> cd testsuite && ./runtest awk
> 
> fails a lot with this change.

Indeed, sorry! I thought I ran it locally but I must have done something wrong when running them here.

Need to go back to the drawing board...

Valgrind also show that those (at least one of those) does not touches
memory it shouldn't. Maybe we should set it to null together with free?

The comment says:
>  //TODO: L.v may be invalid now, set L.v to NULL to catch bugs?
But apparently L.v is not always invalid. How do we know when it is invalid and when it is not?

Other ideas how to fix this?

-nc


More information about the busybox mailing list