6 роки тому · 51331fc003
--- a/package/utils/busybox/patches/900-fix_cve2017-16544.patch
+++ b/package/utils/busybox/patches/900-fix_cve2017-16544.patch
@@ -0,0 +1,22 @@
 
				+--- a/libbb/lineedit.c
			
 
				++++ b/libbb/lineedit.c
			
 
				+@@ -632,6 +632,19 @@ static void free_tab_completion_data(voi
			
 
				+ 
			
 
				+ static void add_match(char *matched)
			
 
				+ {
			
 
				++	unsigned char *p = (unsigned char*)matched;
			
 
				++	while (*p) {
			
 
				++		/* ESC attack fix: drop any string with control chars */
			
 
				++		if (*p < ' '
			
 
				++		 || (!ENABLE_UNICODE_SUPPORT && *p >= 0x7f)
			
 
				++		 || (ENABLE_UNICODE_SUPPORT && *p == 0x7f)
			
 
				++		) {
			
 
				++			free(matched);
			
 
				++			return;
			
 
				++		}
			
 
				++		p++;
			
 
				++	}
			
 
				++
			
 
				+ 	matches = xrealloc_vector(matches, 4, num_matches);
			
 
				+ 	matches[num_matches] = matched;
			
 
				+ 	num_matches++;