From: Valery Ushakov <valery.ushakov@bell-sw.com>
Date: Thu, 21 Aug 2025 12:31:53 +0000
Subject: netstat: CVE-2024-58251 - sanitize argv0 for -p
Bug-Debian: https://bugs.debian.org/1104009

Signed-off-by: Valery Ushakov <valery.ushakov@bell-sw.com>

CVE: CVE-2024-58251
Upstream-Status: Pending
Signed-off-by: Peter Marko <peter.marko@siemens.com>
---
 networking/netstat.c | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/networking/netstat.c b/networking/netstat.c
index 807800a62..d979f6079 100644
--- a/networking/netstat.c
+++ b/networking/netstat.c
@@ -41,6 +41,7 @@
 
 #include "libbb.h"
 #include "inet_common.h"
+#include "unicode.h"
 
 //usage:#define netstat_trivial_usage
 //usage:       "[-"IF_ROUTE("r")"al] [-tuwx] [-en"IF_FEATURE_NETSTAT_WIDE("W")IF_FEATURE_NETSTAT_PRG("p")"]"
@@ -314,9 +315,12 @@ static int FAST_FUNC dir_act(struct recursive_state *state,
 		return FALSE;
 	cmdline_buf[n] = '\0';
 
+	/* don't write process-controlled argv[0] to the user's terminal as-is */
+	const char *argv0base = printable_string(bb_basename(cmdline_buf));
+
 	/* go through all files in /proc/PID/fd and check whether they are sockets */
 	strcpy(proc_pid_fname + len - (sizeof("cmdline")-1), "fd");
-	pid_slash_progname = concat_path_file(pid, bb_basename(cmdline_buf)); /* "PID/argv0" */
+	pid_slash_progname = concat_path_file(pid, argv0base); /* "PID/argv0" */
 	n = recursive_action(proc_pid_fname,
 			ACTION_RECURSE | ACTION_QUIET,
 			add_to_prg_cache_if_socket,
@@ -686,6 +690,7 @@ int netstat_main(int argc UNUSED_PARAM, char **argv)
 	unsigned opt;
 
 	INIT_G();
+	init_unicode();
 
 	/* Option string must match NETSTAT_xxx constants */
 	opt = getopt32(argv, NETSTAT_OPTS);
-- 
2.34.1

