fix bug 174684 / CVE-2005-3962
This commit is contained in:
		
							parent
							
								
									bd681d6e5e
								
							
						
					
					
						commit
						59c48485b7
					
				
							
								
								
									
										48
									
								
								perl-5.8.7-CVE-2005-3962-bz174684.patch
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										48
									
								
								perl-5.8.7-CVE-2005-3962-bz174684.patch
									
									
									
									
									
										Normal file
									
								
							| @ -0,0 +1,48 @@ | ||||
| --- perl-5.8.7/t/op/sprintf2.t.CVE-2005-3962-bz174684	2004-02-09 16:37:13.000000000 -0500
 | ||||
| +++ perl-5.8.7/t/op/sprintf2.t	2005-12-01 13:11:34.000000000 -0500
 | ||||
| @@ -6,7 +6,7 @@
 | ||||
|      require './test.pl'; | ||||
|  }    | ||||
|   | ||||
| -plan tests => 3;
 | ||||
| +plan tests => 6;
 | ||||
|   | ||||
|  is( | ||||
|      sprintf("%.40g ",0.01), | ||||
| @@ -26,3 +26,20 @@
 | ||||
|  		q(width calculation under utf8 upgrade) | ||||
|  	); | ||||
|  } | ||||
| +# check %NNN$ for range bounds, especially negative 2's complement
 | ||||
| +{
 | ||||
| +    my ($warn, $bad) = (0,0);
 | ||||
| +    local $SIG{__WARN__} = sub {
 | ||||
| +       if ($_[0] =~ /uninitialized/) {
 | ||||
| +           $warn++
 | ||||
| +       }
 | ||||
| +       else {
 | ||||
| +           $bad++
 | ||||
| +       }
 | ||||
| +    };
 | ||||
| +    my $result = sprintf join('', map("%$_\$s%" . ~$_ . '$s', 1..20)),
 | ||||
| +       qw(a b c d);
 | ||||
| +    is($result, "abcd", "only four valid values");
 | ||||
| +    is($warn, 36, "expected warnings");
 | ||||
| +    is($bad,   0, "unexpected warnings");
 | ||||
| +}
 | ||||
| --- perl-5.8.7/sv.c.CVE-2005-3962-bz174684	2005-05-27 06:38:11.000000000 -0400
 | ||||
| +++ perl-5.8.7/sv.c	2005-12-01 13:11:14.000000000 -0500
 | ||||
| @@ -8707,9 +8707,10 @@
 | ||||
|   | ||||
|  	if (vectorize) | ||||
|  	    argsv = vecsv; | ||||
| -	else if (!args)
 | ||||
| -	    argsv = (efix ? efix <= svmax : svix < svmax) ?
 | ||||
| -		    svargs[efix ? efix-1 : svix++] : &PL_sv_undef;
 | ||||
| +	else if (!args) {
 | ||||
| +	    I32 i = efix ? efix-1 : svix++;
 | ||||
| +	    argsv = (i >= 0 && i < svmax) ? svargs[i] : &PL_sv_undef;
 | ||||
| +	}
 | ||||
|   | ||||
|  	switch (c = *q++) { | ||||
|   | ||||
							
								
								
									
										10
									
								
								perl.spec
									
									
									
									
									
								
							
							
						
						
									
										10
									
								
								perl.spec
									
									
									
									
									
								
							| @ -5,7 +5,7 @@ | ||||
| %define multilib_64_archs x86_64 s390x ppc64 sparc64 | ||||
| 
 | ||||
| %define perlver 5.8.7 | ||||
| %define perlrel 0.7.fc5 | ||||
| %define perlrel 0.8.fc5 | ||||
| %define perlepoch 3 | ||||
| 
 | ||||
| %{?!perl_debugging:    %define perl_debugging 0} | ||||
| @ -130,6 +130,8 @@ Patch172739:    perl-5.8.7-bz172739_obz36521.patch | ||||
| 
 | ||||
| Patch136009:    perl-5.8.7-MM_Unix-rpath-136009.patch | ||||
| 
 | ||||
| Patch174684:	perl-5.8.7-CVE-2005-3962-bz174684.patch | ||||
| 
 | ||||
| # module updatesd | ||||
| # Patch202:       perl-5.8.0-Safe2.09.patch | ||||
| 
 | ||||
| @ -294,6 +296,8 @@ more secure running of setuid perl scripts. | ||||
| 
 | ||||
| %patch136009 -p1 | ||||
| 
 | ||||
| %patch174684 -p1 | ||||
| 
 | ||||
| # Candidates for doc recoding (need case by case review): | ||||
| # find . -name "*.pod" -o -name "README*" -o -name "*.pm" | xargs file -i | grep charset= | grep -v '\(us-ascii\|utf-8\)' | ||||
| recode() | ||||
| @ -503,6 +507,10 @@ rm -rf $RPM_BUILD_ROOT | ||||
| 
 | ||||
| 
 | ||||
| %changelog | ||||
| * Thu Dec 01 2005 Jason Vas Dias <jvdias@redhat.com> - 3:5.8.7-0.8 | ||||
| - fix bug 174684 / CVE-2005-3962: sprintf integer overflow vulnerability | ||||
|   backport upstream patch #26240 | ||||
| 
 | ||||
| * Wed Nov 09 2005 Jason Vas Dias <jvdias@redhat.com> - 3:5.8.7-0.7 | ||||
| - fix bug 136009: restore MakeMaker support for LD_RUN_PATH,  | ||||
|   while removing empty LD_RUN_PATH | ||||
|  | ||||
		Loading…
	
		Reference in New Issue
	
	Block a user