4.043 bump; Fixed CVE-2017-10788 (bug #1467600)

This commit is contained in:
Jitka Plesnikova 2017-07-04 15:09:39 +02:00
parent ea95ad3db0
commit 2fb65c0eb5
4 changed files with 64 additions and 5 deletions

1
.gitignore vendored
View File

@ -24,3 +24,4 @@ DBD-mysql-4.017.tar.gz
/DBD-mysql-4.040.tar.gz
/DBD-mysql-4.041.tar.gz
/DBD-mysql-4.042.tar.gz
/DBD-mysql-4.043.tar.gz

View File

@ -0,0 +1,52 @@
From 9ce10cfae7138c37c3a0cb2ba2a1d682482943d0 Mon Sep 17 00:00:00 2001
From: Pali <pali@cpan.org>
Date: Sun, 25 Jun 2017 10:07:39 +0200
Subject: [PATCH] Fix use-after-free after calling mysql_stmt_close()
Ignore return value from mysql_stmt_close() and also its error message
because it points to freed memory after mysql_stmt_close() was called.
---
dbdimp.c | 8 ++------
mysql.xs | 7 ++-----
2 files changed, 4 insertions(+), 11 deletions(-)
diff --git a/dbdimp.c b/dbdimp.c
index c60a5f6..a6410e5 100644
--- a/dbdimp.c
+++ b/dbdimp.c
@@ -4894,12 +4894,8 @@ void dbd_st_destroy(SV *sth, imp_sth_t *imp_sth) {
if (imp_sth->stmt)
{
- if (mysql_stmt_close(imp_sth->stmt))
- {
- do_error(DBIc_PARENT_H(imp_sth), mysql_stmt_errno(imp_sth->stmt),
- mysql_stmt_error(imp_sth->stmt),
- mysql_stmt_sqlstate(imp_sth->stmt));
- }
+ mysql_stmt_close(imp_sth->stmt);
+ imp_sth->stmt= NULL;
}
#endif
diff --git a/mysql.xs b/mysql.xs
index 55376e1..affde59 100644
--- a/mysql.xs
+++ b/mysql.xs
@@ -434,11 +434,8 @@ do(dbh, statement, attr=Nullsv, ...)
if (bind)
Safefree(bind);
- if(mysql_stmt_close(stmt))
- {
- fprintf(stderr, "\n failed while closing the statement");
- fprintf(stderr, "\n %s", mysql_stmt_error(stmt));
- }
+ mysql_stmt_close(stmt);
+ stmt= NULL;
if (retval == -2) /* -2 means error */
{
--
1.7.9.5

View File

@ -1,15 +1,17 @@
Name: perl-DBD-MySQL
Version: 4.042
Release: 2%{?dist}
Version: 4.043
Release: 1%{?dist}
Summary: A MySQL interface for Perl
Group: Development/Libraries
License: GPL+ or Artistic
URL: http://search.cpan.org/dist/DBD-mysql/
Source0: http://www.cpan.org/authors/id/M/MI/MICHIELB/DBD-mysql-%{version}.tar.gz
# Fix for CVE-2017-10788
Patch0: DBD-mysql-4.043-Fix-use-after-free-after-calling-mysql_stmt_close.patch.txt
BuildRequires: mariadb, mariadb-devel, zlib-devel
BuildRequires: coreutils
BuildRequires: findutils
BuildRequires: perl
BuildRequires: perl-interpreter
BuildRequires: perl-devel
BuildRequires: perl-generators
BuildRequires: perl(Carp)
@ -17,7 +19,6 @@ BuildRequires: perl(Config)
BuildRequires: perl(Data::Dumper)
BuildRequires: perl(DBI) >= 1.609
BuildRequires: perl(DBI::DBD)
BuildRequires: perl(Devel::CheckLib)
BuildRequires: perl(DynaLoader)
BuildRequires: perl(ExtUtils::MakeMaker)
BuildRequires: perl(File::Basename)
@ -41,6 +42,7 @@ management system.
%prep
%setup -q -n DBD-mysql-%{version}
%patch0 -p1
# Correct file permissions
find . -type f | xargs chmod -x
@ -68,6 +70,10 @@ find %{buildroot} -type f -name '*.bs' -empty -delete
%{_mandir}/man3/*.3*
%changelog
* Fri Jun 30 2017 Jitka Plesnikova <jplesnik@redhat.com> - 4.043-1
- 4.043 bump
- Fixed CVE-2017-10788 (bug #1467600)
* Mon Jun 05 2017 Jitka Plesnikova <jplesnik@redhat.com> - 4.042-2
- Perl 5.26 rebuild

View File

@ -1 +1 @@
SHA512 (DBD-mysql-4.042.tar.gz) = fe3c9e1e325f7056da783e0ea33f9a7810f25f3d9cd2c9a4bf4037b20a2148f2291b2f90d44730e63c7902b45e26993a7f9fcf1b3bf8d1bc5d3fca99893a019e
SHA512 (DBD-mysql-4.043.tar.gz) = ef845052caabba7060e2e21d81f0791003509ec56741d92ff3a82196b528f81245ce1562539d89bc6e12584769739012325046b5e1c4e56febef108a7d2ae9ba