1 files changed, 60 insertions, 0 deletions
diff --git a/meta/recipes-devtools/perl/perl/CVE-2018-18313.patch b/meta/recipes-devtools/perl/perl/CVE-2018-18313.patch
new file mode 100644
index 0000000000..540aa073fb
--- /dev/null
+++ b/meta/recipes-devtools/perl/perl/CVE-2018-18313.patch
@@ -0,0 +1,60 @@
+From 3458f6115ca8e8d11779948c12b7e1cc5803358c Mon Sep 17 00:00:00 2001
+From: Karl Williamson <khw@cpan.org>
+Date: Sat, 25 Mar 2017 15:00:22 -0600
+Subject: [PATCH 2/3] regcomp.c: Convert some strchr to memchr
+This allows things to work properly in the face of embedded NULs.
+See the branch merge message for more information.
+(cherry picked from commit 43b2f4ef399e2fd7240b4eeb0658686ad95f8e62)
+CVE: CVE-2018-18313
+Upstream-Status: Backport
+[https://perl5.git.perl.org/perl.git/commit/c1c28ce6ba90ee05aa96b11ad551a6063680f3b9]
+Signed-off-by: Dan Tran <dantran@microsoft.com>
+---
+ regcomp.c | 13 ++++++++-----
+ 1 file changed, 8 insertions(+), 5 deletions(-)
+diff --git a/regcomp.c b/regcomp.c
+index 00d26d9290..2688979882 100644
+--- a/regcomp.c
+++ b/regcomp.c
+@@ -11783,8 +11783,9 @@ S_grok_bslash_N(pTHX_ RExC_state_t *pRExC_state,
+ 
+     RExC_parse++;      /* Skip past the '{' */
+ 
+-    if (! (endbrace = strchr(RExC_parse, '}'))  /* no trailing brace */
+-       || ! (endbrace == RExC_parse            /* nothing between the {} */
+    endbrace = (char *) memchr(RExC_parse, '}', RExC_end - RExC_parse);
+    if ((! endbrace) /* no trailing brace */
+           || ! (endbrace == RExC_parse                /* nothing between the {} */
+               || (endbrace - RExC_parse >= 2   /* U+ (bad hex is checked... */
+                   && strnEQ(RExC_parse, "U+", 2)))) /* ... below for a better
+                                                        error msg) */
+@@ -12483,9 +12484,11 @@ S_regatom(pTHX_ RExC_state_t *pRExC_state, I32 *flagp, U32 depth)
+             else {
+                 STRLEN length;
+                 char name = *RExC_parse;
+-                char * endbrace;
+                char * endbrace = NULL;
+                 RExC_parse += 2;
+-                endbrace = strchr(RExC_parse, '}');
+                if (RExC_parse < RExC_end) {
+                    endbrace = (char *) memchr(RExC_parse, '}', RExC_end - RExC_parse);
+                }
+ 
+                 if (! endbrace) {
+                     vFAIL2("Missing right brace on \\%c{}", name);
+@@ -15939,7 +15942,7 @@ S_regclass(pTHX_ RExC_state_t *pRExC_state, I32 *flagp, U32 depth,
+                    vFAIL2("Empty \\%c", (U8)value);
+                if (*RExC_parse == '{') {
+                    const U8 c = (U8)value;
+-                   e = strchr(RExC_parse, '}');
+                   e = (char *) memchr(RExC_parse, '}', RExC_end - RExC_parse);
+                     if (!e) {
+                         RExC_parse++;
+                         vFAIL2("Missing right brace on \\%c{}", c);
+-- 
+2.22.0.vfs.1.1.57.gbaf16c8

diff --git a/meta/recipes-devtools/perl/perl/CVE-2018-18313.patch b/meta/recipes-devtools/perl/perl/CVE-2018-18313.patch new file mode 100644 index 0000000000..540aa073fb --- /dev/null +++ b/meta/recipes-devtools/perl/perl/CVE-2018-18313.patch
@@ -0,0 +1,60 @@
	1	From 3458f6115ca8e8d11779948c12b7e1cc5803358c Mon Sep 17 00:00:00 2001
	2	From: Karl Williamson <khw@cpan.org>
	3	Date: Sat, 25 Mar 2017 15:00:22 -0600
	4	Subject: [PATCH 2/3] regcomp.c: Convert some strchr to memchr
	5
	6	This allows things to work properly in the face of embedded NULs.
	7	See the branch merge message for more information.
	8
	9	(cherry picked from commit 43b2f4ef399e2fd7240b4eeb0658686ad95f8e62)
	10
	11	CVE: CVE-2018-18313
	12	Upstream-Status: Backport
	13	[https://perl5.git.perl.org/perl.git/commit/c1c28ce6ba90ee05aa96b11ad551a6063680f3b9]
	14
	15	Signed-off-by: Dan Tran <dantran@microsoft.com>
	16	---
	17	regcomp.c \| 13 ++++++++-----
	18	1 file changed, 8 insertions(+), 5 deletions(-)
	19
	20	diff --git a/regcomp.c b/regcomp.c
	21	index 00d26d9290..2688979882 100644
	22	--- a/regcomp.c
	23	+++ b/regcomp.c
	24	@@ -11783,8 +11783,9 @@ S_grok_bslash_N(pTHX_ RExC_state_t *pRExC_state,
	25
	26	RExC_parse++; /* Skip past the '{' */
	27
	28	- if (! (endbrace = strchr(RExC_parse, '}')) /* no trailing brace */
	29	- \|\| ! (endbrace == RExC_parse /* nothing between the {} */
	30	+ endbrace = (char *) memchr(RExC_parse, '}', RExC_end - RExC_parse);
	31	+ if ((! endbrace) /* no trailing brace */
	32	+ \|\| ! (endbrace == RExC_parse /* nothing between the {} */
	33	\|\| (endbrace - RExC_parse >= 2 /* U+ (bad hex is checked... */
	34	&& strnEQ(RExC_parse, "U+", 2)))) /* ... below for a better
	35	error msg) */
	36	@@ -12483,9 +12484,11 @@ S_regatom(pTHX_ RExC_state_t pRExC_state, I32 flagp, U32 depth)
	37	else {
	38	STRLEN length;
	39	char name = *RExC_parse;
	40	- char * endbrace;
	41	+ char * endbrace = NULL;
	42	RExC_parse += 2;
	43	- endbrace = strchr(RExC_parse, '}');
	44	+ if (RExC_parse < RExC_end) {
	45	+ endbrace = (char *) memchr(RExC_parse, '}', RExC_end - RExC_parse);
	46	+ }
	47
	48	if (! endbrace) {
	49	vFAIL2("Missing right brace on \\%c{}", name);
	50	@@ -15939,7 +15942,7 @@ S_regclass(pTHX_ RExC_state_t pRExC_state, I32 flagp, U32 depth,
	51	vFAIL2("Empty \\%c", (U8)value);
	52	if (*RExC_parse == '{') {
	53	const U8 c = (U8)value;
	54	- e = strchr(RExC_parse, '}');
	55	+ e = (char *) memchr(RExC_parse, '}', RExC_end - RExC_parse);
	56	if (!e) {
	57	RExC_parse++;
	58	vFAIL2("Missing right brace on \\%c{}", c);
	59	--
	60	2.22.0.vfs.1.1.57.gbaf16c8