Bug 694166 (CVE-2010-4777) - CVE-2010-4777 perl: assertion failure with certain regular expressions
Summary: CVE-2010-4777 perl: assertion failure with certain regular expressions
Alias: CVE-2010-4777
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
Depends On:
TreeView+ depends on / blocked
Reported: 2011-04-06 16:22 UTC by Vincent Danen
Modified: 2021-02-24 16:11 UTC (History)
10 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Last Closed: 2011-04-07 18:17:35 UTC

Attachments (Terms of Use)

Description Vincent Danen 2011-04-06 16:22:58 UTC
It was reported [1] that perl suffers from an assertion failure in certain regular expressions.  This could cause crashes in certain programs, such as OCSInventory [2] and SpamAssassin [3].

[1] http://rt.perl.org/rt3/Public/Bug/Display.html?id=76538
[2] http://forums.ocsinventory-ng.org/viewtopic.php?id=7215
[3] https://listi.jpberlin.de/pipermail/postfixbuch-users/2011-February/055885.html

Comment 1 Vincent Danen 2011-04-06 16:29:14 UTC
I am unable to reproduce this on Fedora 14, RHEL6, RHEL5, or RHEL4.  Using the reproducer from http://rt.perl.org/rt3/Ticket/Attachment/548804/260938/ I get no crashes:

% perl sample3.pl
XML::Twig ok

Our versions look like they _should_ be affected, but for some reason we're not seeing the assertion failures at all.  I've tried with all three samples.

We do not build perl with -g, so I do not believe assertion checks are enabled.  Can someone comment as to why we are not seeing these assertion failures?  I do believe this is a non-issue for us, but would like to understand why.

Comment 2 Petr Pisar 2011-04-07 08:43:38 UTC
We do not see assertions because they are disabled. The Configure -DDEBUGGING=-g option switches compiler debugging data generation on but does not define DEBUGGING symbol needed to enable asserts (perl.h:3880).

If you want to enable asserts, you need to Configure -DDEBUGGING=both (Configure:5080). Then I get assertion abort with second case from [1]:

$ LANG=en_US.UTF-8 LD_LIBRARY_PATH=$PWD ./perl ~petr/perl/assertion_bug-CVE-2010-4777/case1 
perl: regcomp.c:5199: Perl_reg_numbered_buff_fetch: Assertion `rx->sublen >= (s - rx->subbeg) + i' failed.
Neúspěšně ukončen (SIGABRT) (core dumped [obraz paměti uložen])

Asserts are not enabled because of performance penalty.

Comment 3 Vincent Danen 2011-04-07 18:17:35 UTC
Thanks for that explanation, Petr.


Not vulnerable.  This issue did not affect the versions of perl as shipped with Red Hat Enterprise Linux 4, 5, or 6 as they did not have asserts enabled.

Note You need to log in before you can comment on or make changes to this bug.