Bug 694166 - (CVE-2010-4777) CVE-2010-4777 perl: assertion failure with certain regular expressions
CVE-2010-4777 perl: assertion failure with certain regular expressions
Product: Security Response
Classification: Other
Component: vulnerability (Show other bugs)
All Linux
medium Severity medium
: ---
: ---
Assigned To: Red Hat Product Security
: Security
Depends On:
  Show dependency treegraph
Reported: 2011-04-06 12:22 EDT by Vincent Danen
Modified: 2011-04-07 14:17 EDT (History)
10 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2011-04-07 14:17:35 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

  None (edit)
Description Vincent Danen 2011-04-06 12:22:58 EDT
It was reported [1] that perl suffers from an assertion failure in certain regular expressions.  This could cause crashes in certain programs, such as OCSInventory [2] and SpamAssassin [3].

[1] http://rt.perl.org/rt3/Public/Bug/Display.html?id=76538
[2] http://forums.ocsinventory-ng.org/viewtopic.php?id=7215
[3] https://listi.jpberlin.de/pipermail/postfixbuch-users/2011-February/055885.html
Comment 1 Vincent Danen 2011-04-06 12:29:14 EDT
I am unable to reproduce this on Fedora 14, RHEL6, RHEL5, or RHEL4.  Using the reproducer from http://rt.perl.org/rt3/Ticket/Attachment/548804/260938/ I get no crashes:

% perl sample3.pl
XML::Twig ok

Our versions look like they _should_ be affected, but for some reason we're not seeing the assertion failures at all.  I've tried with all three samples.

We do not build perl with -g, so I do not believe assertion checks are enabled.  Can someone comment as to why we are not seeing these assertion failures?  I do believe this is a non-issue for us, but would like to understand why.
Comment 2 Petr Pisar 2011-04-07 04:43:38 EDT
We do not see assertions because they are disabled. The Configure -DDEBUGGING=-g option switches compiler debugging data generation on but does not define DEBUGGING symbol needed to enable asserts (perl.h:3880).

If you want to enable asserts, you need to Configure -DDEBUGGING=both (Configure:5080). Then I get assertion abort with second case from [1]:

$ LANG=en_US.UTF-8 LD_LIBRARY_PATH=$PWD ./perl ~petr/perl/assertion_bug-CVE-2010-4777/case1 
perl: regcomp.c:5199: Perl_reg_numbered_buff_fetch: Assertion `rx->sublen >= (s - rx->subbeg) + i' failed.
Neúspěšně ukončen (SIGABRT) (core dumped [obraz paměti uložen])

Asserts are not enabled because of performance penalty.
Comment 3 Vincent Danen 2011-04-07 14:17:35 EDT
Thanks for that explanation, Petr.


Not vulnerable.  This issue did not affect the versions of perl as shipped with Red Hat Enterprise Linux 4, 5, or 6 as they did not have asserts enabled.

Note You need to log in before you can comment on or make changes to this bug.