Fix an out-of-buffer read while parsing a Unicode property name
This commit is contained in:
parent
5cb5cda25d
commit
6684b08b37
@ -0,0 +1,41 @@
|
|||||||
|
From 2d26cf4aed90a77ac5e93ddec29770756027b788 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Karl Williamson <khw@cpan.org>
|
||||||
|
Date: Fri, 24 May 2019 09:15:59 -0600
|
||||||
|
Subject: [PATCH] PATCH: [perl #134134] read beyond end of buffer
|
||||||
|
MIME-Version: 1.0
|
||||||
|
Content-Type: text/plain; charset=UTF-8
|
||||||
|
Content-Transfer-Encoding: 8bit
|
||||||
|
|
||||||
|
This turns out to be because of a special input case in myatof3(),
|
||||||
|
wherein if the input length is 0, it call strlen to find the length.
|
||||||
|
|
||||||
|
The solution is to add a test and not call the function unless the
|
||||||
|
length is positive.
|
||||||
|
|
||||||
|
Signed-off-by: Petr Písař <ppisar@redhat.com>
|
||||||
|
---
|
||||||
|
regcomp.c | 6 ++++--
|
||||||
|
1 file changed, 4 insertions(+), 2 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/regcomp.c b/regcomp.c
|
||||||
|
index 9bd6dd3739..3ad09c52b2 100644
|
||||||
|
--- a/regcomp.c
|
||||||
|
+++ b/regcomp.c
|
||||||
|
@@ -23428,10 +23428,12 @@ Perl_parse_uniprop_string(pTHX_
|
||||||
|
* NV. */
|
||||||
|
|
||||||
|
NV value;
|
||||||
|
+ SSize_t value_len = lookup_len - equals_pos;
|
||||||
|
|
||||||
|
/* Get the value */
|
||||||
|
- if (my_atof3(lookup_name + equals_pos, &value,
|
||||||
|
- lookup_len - equals_pos)
|
||||||
|
+ if ( value_len <= 0
|
||||||
|
+ || my_atof3(lookup_name + equals_pos, &value,
|
||||||
|
+ value_len)
|
||||||
|
!= lookup_name + lookup_len)
|
||||||
|
{
|
||||||
|
goto failed;
|
||||||
|
--
|
||||||
|
2.20.1
|
||||||
|
|
11
perl.spec
11
perl.spec
@ -83,7 +83,7 @@ License: GPL+ or Artistic
|
|||||||
Epoch: %{perl_epoch}
|
Epoch: %{perl_epoch}
|
||||||
Version: %{perl_version}
|
Version: %{perl_version}
|
||||||
# release number must be even higher, because dual-lived modules will be broken otherwise
|
# release number must be even higher, because dual-lived modules will be broken otherwise
|
||||||
Release: 439%{?dist}
|
Release: 440%{?dist}
|
||||||
Summary: Practical Extraction and Report Language
|
Summary: Practical Extraction and Report Language
|
||||||
Url: https://www.perl.org/
|
Url: https://www.perl.org/
|
||||||
Source0: https://www.cpan.org/src/5.0/perl-%{perl_version}.tar.xz
|
Source0: https://www.cpan.org/src/5.0/perl-%{perl_version}.tar.xz
|
||||||
@ -147,6 +147,10 @@ Patch12: perl-5.27.8-hints-linux-Add-lphtread-to-lddlflags.patch
|
|||||||
# Pass the correct CFLAGS to dtrace
|
# Pass the correct CFLAGS to dtrace
|
||||||
Patch13: perl-5.28.0-Pass-CFLAGS-to-dtrace.patch
|
Patch13: perl-5.28.0-Pass-CFLAGS-to-dtrace.patch
|
||||||
|
|
||||||
|
# Fix an out-of-buffer read while parsing a Unicode property name, RT#134134,
|
||||||
|
# fixed after 5.31.0
|
||||||
|
Patch14: perl-5.31.0-PATCH-perl-134134-read-beyond-end-of-buffer.patch
|
||||||
|
|
||||||
# Link XS modules to libperl.so with EU::CBuilder on Linux, bug #960048
|
# Link XS modules to libperl.so with EU::CBuilder on Linux, bug #960048
|
||||||
Patch200: perl-5.16.3-Link-XS-modules-to-libperl.so-with-EU-CBuilder-on-Li.patch
|
Patch200: perl-5.16.3-Link-XS-modules-to-libperl.so-with-EU-CBuilder-on-Li.patch
|
||||||
|
|
||||||
@ -2678,6 +2682,7 @@ Perl extension for Version Objects
|
|||||||
%patch11 -p1
|
%patch11 -p1
|
||||||
%patch12 -p1
|
%patch12 -p1
|
||||||
%patch13 -p1
|
%patch13 -p1
|
||||||
|
%patch14 -p1
|
||||||
%patch200 -p1
|
%patch200 -p1
|
||||||
%patch201 -p1
|
%patch201 -p1
|
||||||
|
|
||||||
@ -2698,6 +2703,7 @@ perl -x patchlevel.h \
|
|||||||
'Fedora Patch11: Replace EU::MakeMaker dependency with EU::MM::Utils in IPC::Cmd (bug #1129443)' \
|
'Fedora Patch11: Replace EU::MakeMaker dependency with EU::MM::Utils in IPC::Cmd (bug #1129443)' \
|
||||||
'Fedora Patch12: Link XS modules to pthread library to fix linking with -z defs' \
|
'Fedora Patch12: Link XS modules to pthread library to fix linking with -z defs' \
|
||||||
'Fedora Patch13: Pass the correct CFLAGS to dtrace' \
|
'Fedora Patch13: Pass the correct CFLAGS to dtrace' \
|
||||||
|
'Fedora Patch14: Fix an out-of-buffer read while parsing a Unicode property name (RT#134134)' \
|
||||||
'Fedora Patch200: Link XS modules to libperl.so with EU::CBuilder on Linux' \
|
'Fedora Patch200: Link XS modules to libperl.so with EU::CBuilder on Linux' \
|
||||||
'Fedora Patch201: Link XS modules to libperl.so with EU::MM on Linux' \
|
'Fedora Patch201: Link XS modules to libperl.so with EU::MM on Linux' \
|
||||||
%{nil}
|
%{nil}
|
||||||
@ -4943,6 +4949,9 @@ popd
|
|||||||
|
|
||||||
# Old changelog entries are preserved in CVS.
|
# Old changelog entries are preserved in CVS.
|
||||||
%changelog
|
%changelog
|
||||||
|
* Tue Jun 25 2019 Petr Pisar <ppisar@redhat.com> - 4:5.30.0-440
|
||||||
|
- Fix an out-of-buffer read while parsing a Unicode property name (RT#134134)
|
||||||
|
|
||||||
* Tue Jun 11 2019 Jitka Plesnikova <jplesnik@redhat.com> - 4:5.30.0-439
|
* Tue Jun 11 2019 Jitka Plesnikova <jplesnik@redhat.com> - 4:5.30.0-439
|
||||||
- Define %%perl_vendor*, %%perl_archlib, %%perl_privlib, because in rpm
|
- Define %%perl_vendor*, %%perl_archlib, %%perl_privlib, because in rpm
|
||||||
4.15 those are no longer defined
|
4.15 those are no longer defined
|
||||||
|
Loading…
Reference in New Issue
Block a user