Fix use-after-free in awk. CVE: CVE-2022-30065 Upstream-Status: Submitted [http://lists.busybox.net/pipermail/busybox/2022-June/089768.html] Signed-off-by: Ross Burton fixes https://bugs.busybox.net/show_bug.cgi?id=14781 Signed-off-by: Natanael Copa --- editors/awk.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/editors/awk.c b/editors/awk.c index 079d0bde5..728ee8685 100644 --- a/editors/awk.c +++ b/editors/awk.c @@ -3128,6 +3128,9 @@ static var *evaluate(node *op, var *res) case XC( OC_MOVE ): debug_printf_eval("MOVE\n"); + /* make sure that we never return a temp var */ + if (L.v == TMPVAR0) + L.v = res; /* if source is a temporary string, jusk relink it to dest */ if (R.v == TMPVAR1 && !(R.v->type & VF_NUMBER) -- 2.36.1