diff options
author | Lee Chee Yang <chee.yang.lee@intel.com> | 2020-07-09 00:08:00 +0300 |
---|---|---|
committer | Richard Purdie <richard.purdie@linuxfoundation.org> | 2020-08-04 23:17:37 +0100 |
commit | 0e3b8415cfc6bfcb16cc63d6ec7a43927fd752bf (patch) | |
tree | 6060f97e640fb80fcf2a7f42090b61dd78e6dfcc /meta/recipes-devtools/perl/files/CVE-2020-10878_2.patch | |
parent | 6cb526d6a949b9124fb1e7ee1c9ae0396f63f95f (diff) | |
download | poky-0e3b8415cfc6bfcb16cc63d6ec7a43927fd752bf.tar.gz |
perl: fix CVE-2020-10543 & CVE-2020-10878
(From OE-Core rev: d9c5d9c52eb1f03ff9c907a76dda31042fb26edb)
(From OE-Core rev: de3fe84fcfe3f1c3c2ad963b1fe459ccca9472a0)
Signed-off-by: Lee Chee Yang <chee.yang.lee@intel.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Adrian Bunk <bunk@stusta.de>
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Diffstat (limited to 'meta/recipes-devtools/perl/files/CVE-2020-10878_2.patch')
-rw-r--r-- | meta/recipes-devtools/perl/files/CVE-2020-10878_2.patch | 36 |
1 files changed, 36 insertions, 0 deletions
diff --git a/meta/recipes-devtools/perl/files/CVE-2020-10878_2.patch b/meta/recipes-devtools/perl/files/CVE-2020-10878_2.patch new file mode 100644 index 0000000000..0bacd6b192 --- /dev/null +++ b/meta/recipes-devtools/perl/files/CVE-2020-10878_2.patch | |||
@@ -0,0 +1,36 @@ | |||
1 | From 3295b48defa0f8570114877b063fe546dd348b3c Mon Sep 17 00:00:00 2001 | ||
2 | From: Karl Williamson <khw@cpan.org> | ||
3 | Date: Thu, 20 Feb 2020 17:49:36 +0000 | ||
4 | Subject: [PATCH] regcomp: use long jumps if there is any possibility of | ||
5 | overflow | ||
6 | |||
7 | (CVE-2020-10878) Be conservative for backporting, we'll aim to do | ||
8 | something more aggressive for bleadperl. | ||
9 | |||
10 | (cherry picked from commit 9d7759db46f3b31b1d3f79c44266b6ba42a47fc6) | ||
11 | |||
12 | Upstream-Status: Backport [https://github.com/perl/perl5/commit/3295b48defa0f8570114877b063fe546dd348b3c] | ||
13 | CVE: CVE-2020-10878 | ||
14 | Signed-off-by: Lee Chee Yang <chee.yang.lee@intel.com> | ||
15 | --- | ||
16 | regcomp.c | 7 +++++++ | ||
17 | 1 file changed, 7 insertions(+) | ||
18 | |||
19 | diff --git a/regcomp.c b/regcomp.c | ||
20 | index 4ba2980db66..73c35a67020 100644 | ||
21 | --- a/regcomp.c | ||
22 | +++ b/regcomp.c | ||
23 | @@ -7762,6 +7762,13 @@ Perl_re_op_compile(pTHX_ SV ** const patternp, int pat_count, | ||
24 | |||
25 | /* We have that number in RExC_npar */ | ||
26 | RExC_total_parens = RExC_npar; | ||
27 | + | ||
28 | + /* XXX For backporting, use long jumps if there is any possibility of | ||
29 | + * overflow */ | ||
30 | + if (RExC_size > U16_MAX && ! RExC_use_BRANCHJ) { | ||
31 | + RExC_use_BRANCHJ = TRUE; | ||
32 | + flags |= RESTART_PARSE; | ||
33 | + } | ||
34 | } | ||
35 | else if (! MUST_RESTART(flags)) { | ||
36 | ReREFCNT_dec(Rx); | ||