[PATCH] awk: fix use after free (CVE-2023-42363)

Natanael Copa ncopa at alpinelinux.org
Tue May 21 06:46:46 UTC 2024


On Tue, 21 May 2024 07:43:03 +0200
Natanael Copa <ncopa at alpinelinux.org> wrote:

> Hi again,
> 
> On Mon, 20 May 2024 22:52:44 +0200
> Natanael Copa <ncopa at alpinelinux.org> wrote:
> 
> > On Mon, 20 May 2024 17:55:28 +0200
> > Natanael Copa <ncopa at alpinelinux.org> wrote:
> >   
> > > Fixes https://bugs.busybox.net/show_bug.cgi?id=15865    
> > 
> > I also found out that CVE-2023-42364 and CVE-2023-42365 are fixed with
> > commit 0256e00a9d07 (awk: fix precedence of = relative to ==).  
> 
> We discovered that this specific commit also breaks autotools test TAP output.
> https://www.gnu.org/software/automake/manual/html_node/Use-TAP-with-the-Automake-test-harness.html
> 
> This was discovered when building https://lttng.org/files/lttng-ust/lttng-ust-2.13.8.tar.bz2
> run: ./configure && make -j$(nproc) && make AWK="/path/to/busybox awk" check
> 
> Current git master awk is also broken.

A reproducer:

busybox awk 'BEGIN { a = 0 ? "yes": "no"; print a}'

Prints 0 instead of "no".

Looks like awk treats it as: (a = 0) ? "yes": "no"

-nc


More information about the busybox mailing list