diff options
Diffstat (limited to 'meta/recipes-devtools/perl/perl-5.14.2/perl-fix-CVE-2012-5195.patch')
| -rw-r--r-- | meta/recipes-devtools/perl/perl-5.14.2/perl-fix-CVE-2012-5195.patch | 41 |
1 files changed, 41 insertions, 0 deletions
diff --git a/meta/recipes-devtools/perl/perl-5.14.2/perl-fix-CVE-2012-5195.patch b/meta/recipes-devtools/perl/perl-5.14.2/perl-fix-CVE-2012-5195.patch new file mode 100644 index 0000000000..da96f9c494 --- /dev/null +++ b/meta/recipes-devtools/perl/perl-5.14.2/perl-fix-CVE-2012-5195.patch @@ -0,0 +1,41 @@ +Upstream-Status: Backport + +This patch is from perl mainline: +http://perl5.git.perl.org/perl.git/commit/b675304e3fdbcce3ef853b06b6ebe870d99faa7e + +Signed-off-by: Kang Kai <kai.kang@windriver.com> + +--- +From b675304e3fdbcce3ef853b06b6ebe870d99faa7e Mon Sep 17 00:00:00 2001 +From: Andy Dougherty <doughera@lafayette.edu> +Date: Thu, 27 Sep 2012 09:52:18 -0400 +Subject: [PATCH] avoid calling memset with a negative count + +Poorly written perl code that allows an attacker to specify the count to +perl's 'x' string repeat operator can already cause a memory exhaustion +denial-of-service attack. A flaw in versions of perl before 5.15.5 can +escalate that into a heap buffer overrun; coupled with versions of glibc +before 2.16, it possibly allows the execution of arbitrary code. + +The flaw addressed to this commit has been assigned identifier +CVE-2012-5195. +--- + util.c | 3 +++ + 1 files changed, 3 insertions(+), 0 deletions(-) + +diff --git a/util.c b/util.c +index 0ea39c6..230211e 100644 +--- a/util.c ++++ b/util.c +@@ -3319,6 +3319,9 @@ Perl_repeatcpy(register char *to, register const char *from, I32 len, register I + { + PERL_ARGS_ASSERT_REPEATCPY; + ++ if (count < 0) ++ Perl_croak_nocontext("%s",PL_memory_wrap); ++ + if (len == 1) + memset(to, *from, count); + else if (count) { +-- +1.7.4.1 |