summaryrefslogtreecommitdiffstats
path: root/meta/recipes-devtools
diff options
context:
space:
mode:
authorKai Kang <kai.kang@windriver.com>2016-07-14 16:53:08 +0800
committerRichard Purdie <richard.purdie@linuxfoundation.org>2016-07-20 10:28:49 +0100
commit604778091e948db76f2b4476f90a6066a29789ae (patch)
treea2acbb5d41fc316150eb545e2cffd69534c5f222 /meta/recipes-devtools
parentac0910efcce8186990908316d1be5d36c6b5e18c (diff)
downloadpoky-604778091e948db76f2b4476f90a6066a29789ae.tar.gz
perl: fix CVE-2016-2381
Backport patch to fix CVE-2016-2381 from perl upstream: http://perl5.git.perl.org/perl.git/commitdiff/ae37b791a73a9e78dedb89fb2429d2628cf58076 (From OE-Core rev: 07ca8a0131f43e9cc2f720e1cdbcb7ba7c074886) Signed-off-by: Kai Kang <kai.kang@windriver.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Diffstat (limited to 'meta/recipes-devtools')
-rw-r--r--meta/recipes-devtools/perl/perl/perl-fix-CVE-2016-2381.patch113
-rw-r--r--meta/recipes-devtools/perl/perl_5.22.1.bb1
2 files changed, 114 insertions, 0 deletions
diff --git a/meta/recipes-devtools/perl/perl/perl-fix-CVE-2016-2381.patch b/meta/recipes-devtools/perl/perl/perl-fix-CVE-2016-2381.patch
new file mode 100644
index 0000000000..0033ae0f63
--- /dev/null
+++ b/meta/recipes-devtools/perl/perl/perl-fix-CVE-2016-2381.patch
@@ -0,0 +1,113 @@
1Upstream-Status: Backport
2
3Backport patch to fix CVE-2016-2381 from
4
5http://perl5.git.perl.org/perl.git/commitdiff/ae37b791a73a9e78dedb89fb2429d2628cf58076
6
7Signed-off-by: Kai Kang <kai.kang@windriver.com>
8---
9From: Tony Cook <tony@develop-help.com>
10Date: Wed, 27 Jan 2016 00:52:15 +0000 (+1100)
11Subject: remove duplicate environment variables from environ
12X-Git-Tag: v5.23.9~170
13X-Git-Url: http://perl5.git.perl.org/perl.git/commitdiff_plain/ae37b791a73a9e78dedb89fb2429d2628cf58076
14
15remove duplicate environment variables from environ
16
17If we see duplicate environment variables while iterating over
18environ[]:
19
20a) make sure we use the same value in %ENV that getenv() returns.
21
22Previously on a duplicate, %ENV would have the last entry for the name
23from environ[], but a typical getenv() would return the first entry.
24
25Rather than assuming all getenv() implementations return the first entry
26explicitly call getenv() to ensure they agree.
27
28b) remove duplicate entries from environ
29
30Previously if there was a duplicate definition for a name in environ[]
31setting that name in %ENV could result in an unsafe value being passed
32to a child process, so ensure environ[] has no duplicates.
33
34CVE-2016-2381
35---
36
37diff --git a/perl.c b/perl.c
38index 4a324c6..5c71fd0 100644
39--- a/perl.c
40+++ b/perl.c
41@@ -4329,23 +4329,70 @@ S_init_postdump_symbols(pTHX_ int argc, char **argv, char **env)
42 }
43 if (env) {
44 char *s, *old_var;
45+ STRLEN nlen;
46 SV *sv;
47+ HV *dups = newHV();
48+
49 for (; *env; env++) {
50 old_var = *env;
51
52 if (!(s = strchr(old_var,'=')) || s == old_var)
53 continue;
54+ nlen = s - old_var;
55
56 #if defined(MSDOS) && !defined(DJGPP)
57 *s = '\0';
58 (void)strupr(old_var);
59 *s = '=';
60 #endif
61- sv = newSVpv(s+1, 0);
62- (void)hv_store(hv, old_var, s - old_var, sv, 0);
63+ if (hv_exists(hv, old_var, nlen)) {
64+ const char *name = savepvn(old_var, nlen);
65+
66+ /* make sure we use the same value as getenv(), otherwise code that
67+ uses getenv() (like setlocale()) might see a different value to %ENV
68+ */
69+ sv = newSVpv(PerlEnv_getenv(name), 0);
70+
71+ /* keep a count of the dups of this name so we can de-dup environ later */
72+ if (hv_exists(dups, name, nlen))
73+ ++SvIVX(*hv_fetch(dups, name, nlen, 0));
74+ else
75+ (void)hv_store(dups, name, nlen, newSViv(1), 0);
76+
77+ Safefree(name);
78+ }
79+ else {
80+ sv = newSVpv(s+1, 0);
81+ }
82+ (void)hv_store(hv, old_var, nlen, sv, 0);
83 if (env_is_not_environ)
84 mg_set(sv);
85 }
86+ if (HvKEYS(dups)) {
87+ /* environ has some duplicate definitions, remove them */
88+ HE *entry;
89+ hv_iterinit(dups);
90+ while ((entry = hv_iternext_flags(dups, 0))) {
91+ STRLEN nlen;
92+ const char *name = HePV(entry, nlen);
93+ IV count = SvIV(HeVAL(entry));
94+ IV i;
95+ SV **valp = hv_fetch(hv, name, nlen, 0);
96+
97+ assert(valp);
98+
99+ /* try to remove any duplicate names, depending on the
100+ * implementation used in my_setenv() the iteration might
101+ * not be necessary, but let's be safe.
102+ */
103+ for (i = 0; i < count; ++i)
104+ my_setenv(name, 0);
105+
106+ /* and set it back to the value we set $ENV{name} to */
107+ my_setenv(name, SvPV_nolen(*valp));
108+ }
109+ }
110+ SvREFCNT_dec_NN(dups);
111 }
112 #endif /* USE_ENVIRON_ARRAY */
113 #endif /* !PERL_MICRO */
diff --git a/meta/recipes-devtools/perl/perl_5.22.1.bb b/meta/recipes-devtools/perl/perl_5.22.1.bb
index 3bd0a6debc..04a2b6f481 100644
--- a/meta/recipes-devtools/perl/perl_5.22.1.bb
+++ b/meta/recipes-devtools/perl/perl_5.22.1.bb
@@ -65,6 +65,7 @@ SRC_URI += " \
65 file://perl-errno-generation-gcc5.patch \ 65 file://perl-errno-generation-gcc5.patch \
66 file://perl-fix-conflict-between-skip_all-and-END.patch \ 66 file://perl-fix-conflict-between-skip_all-and-END.patch \
67 file://perl-test-customized.patch \ 67 file://perl-test-customized.patch \
68 file://perl-fix-CVE-2016-2381.patch \
68" 69"
69 70
70# Fix test case issues 71# Fix test case issues