diff options
Diffstat (limited to 'meta/recipes-devtools/perl/files/CVE-2020-10878_1.patch')
-rw-r--r-- | meta/recipes-devtools/perl/files/CVE-2020-10878_1.patch | 152 |
1 files changed, 152 insertions, 0 deletions
diff --git a/meta/recipes-devtools/perl/files/CVE-2020-10878_1.patch b/meta/recipes-devtools/perl/files/CVE-2020-10878_1.patch new file mode 100644 index 0000000000..b86085a551 --- /dev/null +++ b/meta/recipes-devtools/perl/files/CVE-2020-10878_1.patch | |||
@@ -0,0 +1,152 @@ | |||
1 | From 0a320d753fe7fca03df259a4dfd8e641e51edaa8 Mon Sep 17 00:00:00 2001 | ||
2 | From: Hugo van der Sanden <hv@crypt.org> | ||
3 | Date: Tue, 18 Feb 2020 13:51:16 +0000 | ||
4 | Subject: [PATCH] study_chunk: extract rck_elide_nothing | ||
5 | |||
6 | (CVE-2020-10878) | ||
7 | |||
8 | (cherry picked from commit 93dee06613d4e1428fb10905ce1c3c96f53113dc) | ||
9 | |||
10 | Upstream-Status: Backport [https://github.com/perl/perl5/commit/0a320d753fe7fca03df259a4dfd8e641e51edaa8] | ||
11 | CVE: CVE-2020-10878 | ||
12 | Signed-off-by: Lee Chee Yang <chee.yang.lee@intel.com> | ||
13 | --- | ||
14 | embed.fnc | 1 + | ||
15 | embed.h | 1 + | ||
16 | proto.h | 3 +++ | ||
17 | regcomp.c | 70 ++++++++++++++++++++++++++++++++++--------------------- | ||
18 | 4 files changed, 48 insertions(+), 27 deletions(-) | ||
19 | |||
20 | diff --git a/embed.fnc b/embed.fnc | ||
21 | index aedb4baef19..d7cd04d3fc3 100644 | ||
22 | --- a/embed.fnc | ||
23 | +++ b/embed.fnc | ||
24 | @@ -2481,6 +2481,7 @@ Es |SSize_t|study_chunk |NN RExC_state_t *pRExC_state \ | ||
25 | |I32 stopparen|U32 recursed_depth \ | ||
26 | |NULLOK regnode_ssc *and_withp \ | ||
27 | |U32 flags|U32 depth | ||
28 | +Es |void |rck_elide_nothing|NN regnode *node | ||
29 | EsR |SV * |get_ANYOFM_contents|NN const regnode * n | ||
30 | EsRn |U32 |add_data |NN RExC_state_t* const pRExC_state \ | ||
31 | |NN const char* const s|const U32 n | ||
32 | diff --git a/embed.h b/embed.h | ||
33 | index 75c91f77f45..356a8b98d96 100644 | ||
34 | --- a/embed.h | ||
35 | +++ b/embed.h | ||
36 | @@ -1208,6 +1208,7 @@ | ||
37 | #define parse_lparen_question_flags(a) S_parse_lparen_question_flags(aTHX_ a) | ||
38 | #define parse_uniprop_string(a,b,c,d,e,f,g,h,i) Perl_parse_uniprop_string(aTHX_ a,b,c,d,e,f,g,h,i) | ||
39 | #define populate_ANYOF_from_invlist(a,b) S_populate_ANYOF_from_invlist(aTHX_ a,b) | ||
40 | +#define rck_elide_nothing(a) S_rck_elide_nothing(aTHX_ a) | ||
41 | #define reg(a,b,c,d) S_reg(aTHX_ a,b,c,d) | ||
42 | #define reg2Lanode(a,b,c,d) S_reg2Lanode(aTHX_ a,b,c,d) | ||
43 | #define reg_node(a,b) S_reg_node(aTHX_ a,b) | ||
44 | diff --git a/proto.h b/proto.h | ||
45 | index 141ddbaee6d..f316fe134e1 100644 | ||
46 | --- a/proto.h | ||
47 | +++ b/proto.h | ||
48 | @@ -5543,6 +5543,9 @@ PERL_CALLCONV SV * Perl_parse_uniprop_string(pTHX_ const char * const name, cons | ||
49 | STATIC void S_populate_ANYOF_from_invlist(pTHX_ regnode *node, SV** invlist_ptr); | ||
50 | #define PERL_ARGS_ASSERT_POPULATE_ANYOF_FROM_INVLIST \ | ||
51 | assert(node); assert(invlist_ptr) | ||
52 | +STATIC void S_rck_elide_nothing(pTHX_ regnode *node); | ||
53 | +#define PERL_ARGS_ASSERT_RCK_ELIDE_NOTHING \ | ||
54 | + assert(node) | ||
55 | PERL_STATIC_NO_RET void S_re_croak2(pTHX_ bool utf8, const char* pat1, const char* pat2, ...) | ||
56 | __attribute__noreturn__; | ||
57 | #define PERL_ARGS_ASSERT_RE_CROAK2 \ | ||
58 | diff --git a/regcomp.c b/regcomp.c | ||
59 | index 5f86be8086d..4ba2980db66 100644 | ||
60 | --- a/regcomp.c | ||
61 | +++ b/regcomp.c | ||
62 | @@ -4450,6 +4450,44 @@ S_unwind_scan_frames(pTHX_ const void *p) | ||
63 | } while (f); | ||
64 | } | ||
65 | |||
66 | +/* Follow the next-chain of the current node and optimize away | ||
67 | + all the NOTHINGs from it. | ||
68 | + */ | ||
69 | +STATIC void | ||
70 | +S_rck_elide_nothing(pTHX_ regnode *node) | ||
71 | +{ | ||
72 | + dVAR; | ||
73 | + | ||
74 | + PERL_ARGS_ASSERT_RCK_ELIDE_NOTHING; | ||
75 | + | ||
76 | + if (OP(node) != CURLYX) { | ||
77 | + const int max = (reg_off_by_arg[OP(node)] | ||
78 | + ? I32_MAX | ||
79 | + /* I32 may be smaller than U16 on CRAYs! */ | ||
80 | + : (I32_MAX < U16_MAX ? I32_MAX : U16_MAX)); | ||
81 | + int off = (reg_off_by_arg[OP(node)] ? ARG(node) : NEXT_OFF(node)); | ||
82 | + int noff; | ||
83 | + regnode *n = node; | ||
84 | + | ||
85 | + /* Skip NOTHING and LONGJMP. */ | ||
86 | + while ( | ||
87 | + (n = regnext(n)) | ||
88 | + && ( | ||
89 | + (PL_regkind[OP(n)] == NOTHING && (noff = NEXT_OFF(n))) | ||
90 | + || ((OP(n) == LONGJMP) && (noff = ARG(n))) | ||
91 | + ) | ||
92 | + && off + noff < max | ||
93 | + ) { | ||
94 | + off += noff; | ||
95 | + } | ||
96 | + if (reg_off_by_arg[OP(node)]) | ||
97 | + ARG(node) = off; | ||
98 | + else | ||
99 | + NEXT_OFF(node) = off; | ||
100 | + } | ||
101 | + return; | ||
102 | +} | ||
103 | + | ||
104 | /* the return from this sub is the minimum length that could possibly match */ | ||
105 | STATIC SSize_t | ||
106 | S_study_chunk(pTHX_ RExC_state_t *pRExC_state, regnode **scanp, | ||
107 | @@ -4550,28 +4588,10 @@ S_study_chunk(pTHX_ RExC_state_t *pRExC_state, regnode **scanp, | ||
108 | */ | ||
109 | JOIN_EXACT(scan,&min_subtract, &unfolded_multi_char, 0); | ||
110 | |||
111 | - /* Follow the next-chain of the current node and optimize | ||
112 | - away all the NOTHINGs from it. */ | ||
113 | - if (OP(scan) != CURLYX) { | ||
114 | - const int max = (reg_off_by_arg[OP(scan)] | ||
115 | - ? I32_MAX | ||
116 | - /* I32 may be smaller than U16 on CRAYs! */ | ||
117 | - : (I32_MAX < U16_MAX ? I32_MAX : U16_MAX)); | ||
118 | - int off = (reg_off_by_arg[OP(scan)] ? ARG(scan) : NEXT_OFF(scan)); | ||
119 | - int noff; | ||
120 | - regnode *n = scan; | ||
121 | - | ||
122 | - /* Skip NOTHING and LONGJMP. */ | ||
123 | - while ((n = regnext(n)) | ||
124 | - && ((PL_regkind[OP(n)] == NOTHING && (noff = NEXT_OFF(n))) | ||
125 | - || ((OP(n) == LONGJMP) && (noff = ARG(n)))) | ||
126 | - && off + noff < max) | ||
127 | - off += noff; | ||
128 | - if (reg_off_by_arg[OP(scan)]) | ||
129 | - ARG(scan) = off; | ||
130 | - else | ||
131 | - NEXT_OFF(scan) = off; | ||
132 | - } | ||
133 | + /* Follow the next-chain of the current node and optimize | ||
134 | + away all the NOTHINGs from it. | ||
135 | + */ | ||
136 | + rck_elide_nothing(scan); | ||
137 | |||
138 | /* The principal pseudo-switch. Cannot be a switch, since we | ||
139 | look into several different things. */ | ||
140 | @@ -5745,11 +5765,7 @@ Perl_re_printf( aTHX_ "LHS=%" UVuf " RHS=%" UVuf "\n", | ||
141 | if (data && (fl & SF_HAS_EVAL)) | ||
142 | data->flags |= SF_HAS_EVAL; | ||
143 | optimize_curly_tail: | ||
144 | - if (OP(oscan) != CURLYX) { | ||
145 | - while (PL_regkind[OP(next = regnext(oscan))] == NOTHING | ||
146 | - && NEXT_OFF(next)) | ||
147 | - NEXT_OFF(oscan) += NEXT_OFF(next); | ||
148 | - } | ||
149 | + rck_elide_nothing(oscan); | ||
150 | continue; | ||
151 | |||
152 | default: | ||