[PATCH 1/1] perl: fix security issue

public inbox for openembedded-core@lists.openembedded.org
 help / color / mirror / Atom feed

From: Kang Kai <kai.kang@windriver.com>
To: <ross.burton@intel.com>
Cc: Zhenfeng.Zhao@windriver.com, openembedded-core@lists.openembedded.org
Subject: [PATCH 1/1] perl: fix security issue
Date: Thu, 24 Jan 2013 16:58:15 +0800	[thread overview]
Message-ID: <2edf2d7df4c5b61bd99ccb58fdc1e2ae7bfcdf87.1359016228.git.kai.kang@windriver.com> (raw)
In-Reply-To: <cover.1359016228.git.kai.kang@windriver.com>

Add perl-fix-CVE-2012-5195.patch to fix perl memory exhaustion
denial-of-service attack issue.

And patch is from perl 5.14.3 branch:
http://perl5.git.perl.org/perl.git/commit/b675304e3fdbcce3ef853b06b6ebe870d99faa7e

[Yocto 3701]

Signed-off-by: Kang Kai <kai.kang@windriver.com>
---
 .../perl/perl-5.14.2/perl-fix-CVE-2012-5195.patch  |   41 ++++++++++++++++++++
 meta/recipes-devtools/perl/perl_5.14.2.bb          |    3 +-
 2 files changed, 43 insertions(+), 1 deletions(-)
 create mode 100644 meta/recipes-devtools/perl/perl-5.14.2/perl-fix-CVE-2012-5195.patch

diff --git a/meta/recipes-devtools/perl/perl-5.14.2/perl-fix-CVE-2012-5195.patch b/meta/recipes-devtools/perl/perl-5.14.2/perl-fix-CVE-2012-5195.patch
new file mode 100644
index 0000000..da96f9c
--- /dev/null
+++ b/meta/recipes-devtools/perl/perl-5.14.2/perl-fix-CVE-2012-5195.patch
@@ -0,0 +1,41 @@
+Upstream-Status: Backport
+
+This patch is from perl mainline:
+http://perl5.git.perl.org/perl.git/commit/b675304e3fdbcce3ef853b06b6ebe870d99faa7e
+
+Signed-off-by: Kang Kai <kai.kang@windriver.com>
+
+---
+From b675304e3fdbcce3ef853b06b6ebe870d99faa7e Mon Sep 17 00:00:00 2001
+From: Andy Dougherty <doughera@lafayette.edu>
+Date: Thu, 27 Sep 2012 09:52:18 -0400
+Subject: [PATCH] avoid calling memset with a negative count
+
+Poorly written perl code that allows an attacker to specify the count to
+perl's 'x' string repeat operator can already cause a memory exhaustion
+denial-of-service attack. A flaw in versions of perl before 5.15.5 can
+escalate that into a heap buffer overrun; coupled with versions of glibc
+before 2.16, it possibly allows the execution of arbitrary code.
+
+The flaw addressed to this commit has been assigned identifier
+CVE-2012-5195.
+---
+ util.c |    3 +++
+ 1 files changed, 3 insertions(+), 0 deletions(-)
+
+diff --git a/util.c b/util.c
+index 0ea39c6..230211e 100644
+--- a/util.c
++++ b/util.c
+@@ -3319,6 +3319,9 @@ Perl_repeatcpy(register char *to, register const char *from, I32 len, register I
+ {
+     PERL_ARGS_ASSERT_REPEATCPY;
+ 
++    if (count < 0)
++	Perl_croak_nocontext("%s",PL_memory_wrap);
++
+     if (len == 1)
+ 	memset(to, *from, count);
+     else if (count) {
+-- 
+1.7.4.1
diff --git a/meta/recipes-devtools/perl/perl_5.14.2.bb b/meta/recipes-devtools/perl/perl_5.14.2.bb
index d9206d8..d3f6ffd 100644
--- a/meta/recipes-devtools/perl/perl_5.14.2.bb
+++ b/meta/recipes-devtools/perl/perl_5.14.2.bb
@@ -7,7 +7,7 @@ LIC_FILES_CHKSUM = "file://Copying;md5=2b4c6ffbcfcbdee469f02565f253d81a \
 # We need gnugrep (for -I)
 DEPENDS = "virtual/db grep-native"
 DEPENDS += "gdbm zlib"
-PR = "r11"
+PR = "r12"
 
 # 5.10.1 has Module::Build built-in
 PROVIDES += "libmodule-build-perl"
@@ -67,6 +67,7 @@ SRC_URI = "http://www.cpan.org/src/5.0/perl-${PV}.tar.gz \
 	file://fix_bad_rpath.patch \
 	file://perl-build-in-t-dir.patch \
 	file://perl-archlib-exp.patch \
+	file://perl-fix-CVE-2012-5195.patch \
 	\
         file://config.sh \
         file://config.sh-32 \
-- 
1.7.5.4

     prev parent reply	other threads:[~2013-01-24  9:12 UTC|newest]

Thread overview: 2+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2013-01-24  8:58 [PATCH 0/1] [danny] fix perl security issue Kang Kai
2013-01-24  8:58 ` Kang Kai [this message]

find likely ancestor, descendant, or conflicting patches for this message:
( dfblob:da96f9c dfblob:d9206d8 dfblob:d3f6ffd )
 OR (
bs:"[PATCH 1/1] perl: fix security issue" )
	(help)

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=2edf2d7df4c5b61bd99ccb58fdc1e2ae7bfcdf87.1359016228.git.kai.kang@windriver.com \
    --to=kai.kang@windriver.com \
    --cc=Zhenfeng.Zhao@windriver.com \
    --cc=openembedded-core@lists.openembedded.org \
    --cc=ross.burton@intel.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox