rpms/perl
5
0
Fork 0
Code Issues Pull Requests Releases Activity

Fix upack "u" of invalid data

Browse Source
This commit is contained in:
Petr Písař 2018-09-24 11:18:00 +02:00
parent 28506e03c6
commit 8cf9a28c2e
2 changed files with 69 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

61
perl-5.29.2-perl-132655-nul-terminate-result-of-unpack-u-of-inva.patch Normal file
View File

@ -0,0 +1,61 @@
From 12cad9bd99725bba72029e2651b2b7f0cab2e0b0 Mon Sep 17 00:00:00 2001
From: Tony Cook <tony@develop-help.com>
Date: Mon, 20 Aug 2018 16:31:45 +1000
Subject: [PATCH] (perl #132655) nul terminate result of unpack "u" of invalid
data
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
In the given test case, Perl_atof2() would run off the end of the PV,
producing an error from ASAN.
Signed-off-by: Petr Písař <ppisar@redhat.com>
---
pp_pack.c | 5 ++++-
t/op/pack.t | 9 ++++++++-
2 files changed, 12 insertions(+), 2 deletions(-)
diff --git a/pp_pack.c b/pp_pack.c
index 5e9cc64301..f8be9d48ae 100644
--- a/pp_pack.c
+++ b/pp_pack.c
@@ -1727,7 +1727,10 @@ S_unpack_rec(pTHX_ tempsym_t* symptr, const char *s, const char *strbeg, const c
if (!checksum) {
const STRLEN l = (STRLEN) (strend - s) * 3 / 4;
sv = sv_2mortal(newSV(l));
- if (l) SvPOK_on(sv);
+ if (l) {
+ SvPOK_on(sv);
+ *SvEND(sv) = '\0';
+ }
}
/* Note that all legal uuencoded strings are ASCII printables, so
diff --git a/t/op/pack.t b/t/op/pack.t
index cf0e286509..bb9f865091 100644
--- a/t/op/pack.t
+++ b/t/op/pack.t
@@ -12,7 +12,7 @@ my $no_endianness = $] > 5.009 ? '' :
my $no_signedness = $] > 5.009 ? '' :
"Signed/unsigned pack modifiers not available on this perl";
-plan tests => 14717;
+plan tests => 14718;
use strict;
use warnings qw(FATAL all);
@@ -2081,3 +2081,10 @@ SKIP:
fresh_perl_like('pack "c10f1073741824"', qr/Out of memory during pack/, { stderr => 1 },
"integer overflow calculating allocation (multiply)");
}
+
+{
+ # [perl #132655] heap-buffer-overflow READ of size 11
+ # only expect failure under ASAN (and maybe valgrind)
+ fresh_perl_is('0.0 + unpack("u", "ab")', "", { stderr => 1 },
+ "ensure unpack u of invalid data nul terminates result");
+}
--
2.17.1

9
perl.spec
View File

@ -81,7 +81,7 @@ License: GPL+ or Artistic
Epoch: %{perl_epoch}
Version: %{perl_version}
# release number must be even higher, because dual-lived modules will be broken otherwise
Release: 422%{?dist}
Release: 423%{?dist}
Summary: Practical Extraction and Report Language
Url: https://www.perl.org/
Source0: https://www.cpan.org/src/5.0/perl-%{perl_version}.tar.xz
@ -200,6 +200,9 @@ Patch27: perl-5.29.2-multiconcat-mutator-not-seen-in-lex.patch
# in upstream after 5.29.2
Patch28: perl-5.29.2-perl-132683-don-t-try-to-convert-PL_sv_placeholder-i.patch
# Fix upack "u" of invalid data, RT#132655, in upstream after 5.29.2
Patch29: perl-5.29.2-perl-132655-nul-terminate-result-of-unpack-u-of-inva.patch
# Link XS modules to libperl.so with EU::CBuilder on Linux, bug #960048
Patch200: perl-5.16.3-Link-XS-modules-to-libperl.so-with-EU-CBuilder-on-Li.patch
@ -2781,6 +2784,7 @@ Perl extension for Version Objects
%patch26 -p1
%patch27 -p1
%patch28 -p1
%patch29 -p1
%patch200 -p1
%patch201 -p1
@ -5104,6 +5108,9 @@ popd
# Old changelog entries are preserved in CVS.
%changelog
* Mon Sep 24 2018 Petr Pisar <ppisar@redhat.com> - 4:5.28.0-423
- Fix upack "u" of invalid data (RT#132655)
* Mon Sep 10 2018 Petr Pisar <ppisar@redhat.com> - 4:5.28.0-422
- Revert a fix for a buffer overrun in deprecated S_is_utf8_common()
(bug #1627091)