diff options
Diffstat (limited to 'meta/recipes-devtools/perl/perl-5.20.0/perl-5.14.3-fix-CVE-2010-4777.patch')
-rw-r--r-- | meta/recipes-devtools/perl/perl-5.20.0/perl-5.14.3-fix-CVE-2010-4777.patch | 45 |
1 files changed, 0 insertions, 45 deletions
diff --git a/meta/recipes-devtools/perl/perl-5.20.0/perl-5.14.3-fix-CVE-2010-4777.patch b/meta/recipes-devtools/perl/perl-5.20.0/perl-5.14.3-fix-CVE-2010-4777.patch deleted file mode 100644 index e0dcf412bb..0000000000 --- a/meta/recipes-devtools/perl/perl-5.20.0/perl-5.14.3-fix-CVE-2010-4777.patch +++ /dev/null @@ -1,45 +0,0 @@ -perl:fix for CVE-2010-4777 - -Upstream-Status: Backport - -The Perl_reg_numbered_buff_fetch function in Perl 5.10.0, 5.12.0, -5.14.0, and other versions, when running with debugging enabled, -allows context-dependent attackers to cause a denial of service -(assertion failure and application exit) via crafted input that -is not properly handled when using certain regular expressions, -as demonstrated by causing SpamAssassin and OCSInventory to -crash. - -http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-4777 - -Signed-off-by: yanjun.zhu <yanjun.zhu@windriver.com> ---- a/regcomp.c -+++ b/regcomp.c -@@ -11868,8 +11868,25 @@ Perl_save_re_context(pTHX) - - if (gvp) { - GV * const gv = *gvp; -- if (SvTYPE(gv) == SVt_PVGV && GvSV(gv)) -- save_scalar(gv); -+ if (SvTYPE(gv) == SVt_PVGV && GvSV(gv)) { -+ /* this is a copy of save_scalar() without the GETMAGIC call, RT#76538 */ -+ SV ** const sptr = &GvSVn(gv); -+ SV * osv = *sptr; -+ SV * nsv = newSV(0); -+ save_pushptrptr(SvREFCNT_inc_simple(gv), -+ SvREFCNT_inc(osv), SAVEt_SV); -+ if (SvTYPE(osv) >= SVt_PVMG && SvMAGIC(osv) && -+ SvTYPE(osv) != SVt_PVGV) { -+ if (SvGMAGICAL(osv)) { -+ const bool oldtainted = PL_tainted; -+ SvFLAGS(osv) |= (SvFLAGS(osv) & -+ (SVp_IOK|SVp_NOK|SVp_POK)) >> PRIVSHIFT; -+ PL_tainted = oldtainted; -+ } -+ mg_localize(osv, nsv, 1); -+ } -+ *sptr = nsv; -+ } - } - } - } |