Attachment 624842 Details for Bug 862413 – Upstream fix for perl-5.12 and 5.14

[patch] Upstream fix for perl-5.12 and 5.14

0001-avoid-calling-memset-with-a-negative-count.patch (text/plain), 1.05 KB, created by Petr Pisar on 2012-10-10 12:33:48 UTC

(hide)

Description:

Filename:

MIME Type:

Creator: Petr Pisar

Created: 2012-10-10 12:33:48 UTC

Size: 1.05 KB

patch

obsolete

>From 5ee2604e72cdd836101f279f8f9e89243c7f0097 Mon Sep 17 00:00:00 2001
>From: Andy Dougherty <doughera@lafayette.edu>
>Date: Thu, 27 Sep 2012 09:52:18 -0400
>Subject: [PATCH] avoid calling memset with a negative count
>
>Poorly written perl code that allows an attacker to specify the count to
>perl's 'x' string repeat operator can already cause a memory exhaustion
>denial-of-service attack. A flaw in versions of perl before 5.15.5 can
>escalate that into a heap buffer overrun; coupled with versions of glibc
>before 2.16, it possibly allows the execution of arbitrary code.
>
>The flaw addressed to this commit has been assigned identifier
>CVE-2012-5195.
>---
> util.c | 3 +++
> 1 file changed, 3 insertions(+)
>
>diff --git a/util.c b/util.c
>index 60225b4..5566bac 100644
>--- a/util.c
>+++ b/util.c
>@@ -3033,6 +3033,9 @@ Perl_repeatcpy(register char *to, register const char *from, I32 len, register I
> {
>     PERL_ARGS_ASSERT_REPEATCPY;
> 
>+    if (count < 0)
>+	Perl_croak_nocontext("%s",PL_memory_wrap);
>+
>     if (len == 1)
> 	memset(to, *from, count);
>     else if (count) {
>-- 
>1.7.11.7
>

Actions: View | Diff

Attachments on bug 862413: 624012 | 624190 | 624842 | 704824