diff options
Diffstat (limited to 'meta/recipes-devtools/perl/perl/CVE-2018-18313.patch')
-rw-r--r-- | meta/recipes-devtools/perl/perl/CVE-2018-18313.patch | 60 |
1 files changed, 60 insertions, 0 deletions
diff --git a/meta/recipes-devtools/perl/perl/CVE-2018-18313.patch b/meta/recipes-devtools/perl/perl/CVE-2018-18313.patch new file mode 100644 index 0000000000..540aa073fb --- /dev/null +++ b/meta/recipes-devtools/perl/perl/CVE-2018-18313.patch | |||
@@ -0,0 +1,60 @@ | |||
1 | From 3458f6115ca8e8d11779948c12b7e1cc5803358c Mon Sep 17 00:00:00 2001 | ||
2 | From: Karl Williamson <khw@cpan.org> | ||
3 | Date: Sat, 25 Mar 2017 15:00:22 -0600 | ||
4 | Subject: [PATCH 2/3] regcomp.c: Convert some strchr to memchr | ||
5 | |||
6 | This allows things to work properly in the face of embedded NULs. | ||
7 | See the branch merge message for more information. | ||
8 | |||
9 | (cherry picked from commit 43b2f4ef399e2fd7240b4eeb0658686ad95f8e62) | ||
10 | |||
11 | CVE: CVE-2018-18313 | ||
12 | Upstream-Status: Backport | ||
13 | [https://perl5.git.perl.org/perl.git/commit/c1c28ce6ba90ee05aa96b11ad551a6063680f3b9] | ||
14 | |||
15 | Signed-off-by: Dan Tran <dantran@microsoft.com> | ||
16 | --- | ||
17 | regcomp.c | 13 ++++++++----- | ||
18 | 1 file changed, 8 insertions(+), 5 deletions(-) | ||
19 | |||
20 | diff --git a/regcomp.c b/regcomp.c | ||
21 | index 00d26d9290..2688979882 100644 | ||
22 | --- a/regcomp.c | ||
23 | +++ b/regcomp.c | ||
24 | @@ -11783,8 +11783,9 @@ S_grok_bslash_N(pTHX_ RExC_state_t *pRExC_state, | ||
25 | |||
26 | RExC_parse++; /* Skip past the '{' */ | ||
27 | |||
28 | - if (! (endbrace = strchr(RExC_parse, '}')) /* no trailing brace */ | ||
29 | - || ! (endbrace == RExC_parse /* nothing between the {} */ | ||
30 | + endbrace = (char *) memchr(RExC_parse, '}', RExC_end - RExC_parse); | ||
31 | + if ((! endbrace) /* no trailing brace */ | ||
32 | + || ! (endbrace == RExC_parse /* nothing between the {} */ | ||
33 | || (endbrace - RExC_parse >= 2 /* U+ (bad hex is checked... */ | ||
34 | && strnEQ(RExC_parse, "U+", 2)))) /* ... below for a better | ||
35 | error msg) */ | ||
36 | @@ -12483,9 +12484,11 @@ S_regatom(pTHX_ RExC_state_t *pRExC_state, I32 *flagp, U32 depth) | ||
37 | else { | ||
38 | STRLEN length; | ||
39 | char name = *RExC_parse; | ||
40 | - char * endbrace; | ||
41 | + char * endbrace = NULL; | ||
42 | RExC_parse += 2; | ||
43 | - endbrace = strchr(RExC_parse, '}'); | ||
44 | + if (RExC_parse < RExC_end) { | ||
45 | + endbrace = (char *) memchr(RExC_parse, '}', RExC_end - RExC_parse); | ||
46 | + } | ||
47 | |||
48 | if (! endbrace) { | ||
49 | vFAIL2("Missing right brace on \\%c{}", name); | ||
50 | @@ -15939,7 +15942,7 @@ S_regclass(pTHX_ RExC_state_t *pRExC_state, I32 *flagp, U32 depth, | ||
51 | vFAIL2("Empty \\%c", (U8)value); | ||
52 | if (*RExC_parse == '{') { | ||
53 | const U8 c = (U8)value; | ||
54 | - e = strchr(RExC_parse, '}'); | ||
55 | + e = (char *) memchr(RExC_parse, '}', RExC_end - RExC_parse); | ||
56 | if (!e) { | ||
57 | RExC_parse++; | ||
58 | vFAIL2("Missing right brace on \\%c{}", c); | ||
59 | -- | ||
60 | 2.22.0.vfs.1.1.57.gbaf16c8 | ||