diff options
Diffstat (limited to 'meta/recipes-devtools/perl/perl/perl-fix-CVE-2016-2381.patch')
-rw-r--r-- | meta/recipes-devtools/perl/perl/perl-fix-CVE-2016-2381.patch | 114 |
1 files changed, 0 insertions, 114 deletions
diff --git a/meta/recipes-devtools/perl/perl/perl-fix-CVE-2016-2381.patch b/meta/recipes-devtools/perl/perl/perl-fix-CVE-2016-2381.patch deleted file mode 100644 index 99fa8d9a6a..0000000000 --- a/meta/recipes-devtools/perl/perl/perl-fix-CVE-2016-2381.patch +++ /dev/null | |||
@@ -1,114 +0,0 @@ | |||
1 | CVE: CVE-2016-2381 | ||
2 | Upstream-Status: Backport | ||
3 | |||
4 | Backport patch to fix CVE-2016-2381 from | ||
5 | |||
6 | http://perl5.git.perl.org/perl.git/commitdiff/ae37b791a73a9e78dedb89fb2429d2628cf58076 | ||
7 | |||
8 | Signed-off-by: Kai Kang <kai.kang@windriver.com> | ||
9 | --- | ||
10 | From: Tony Cook <tony@develop-help.com> | ||
11 | Date: Wed, 27 Jan 2016 00:52:15 +0000 (+1100) | ||
12 | Subject: remove duplicate environment variables from environ | ||
13 | X-Git-Tag: v5.23.9~170 | ||
14 | X-Git-Url: http://perl5.git.perl.org/perl.git/commitdiff_plain/ae37b791a73a9e78dedb89fb2429d2628cf58076 | ||
15 | |||
16 | remove duplicate environment variables from environ | ||
17 | |||
18 | If we see duplicate environment variables while iterating over | ||
19 | environ[]: | ||
20 | |||
21 | a) make sure we use the same value in %ENV that getenv() returns. | ||
22 | |||
23 | Previously on a duplicate, %ENV would have the last entry for the name | ||
24 | from environ[], but a typical getenv() would return the first entry. | ||
25 | |||
26 | Rather than assuming all getenv() implementations return the first entry | ||
27 | explicitly call getenv() to ensure they agree. | ||
28 | |||
29 | b) remove duplicate entries from environ | ||
30 | |||
31 | Previously if there was a duplicate definition for a name in environ[] | ||
32 | setting that name in %ENV could result in an unsafe value being passed | ||
33 | to a child process, so ensure environ[] has no duplicates. | ||
34 | |||
35 | CVE-2016-2381 | ||
36 | --- | ||
37 | |||
38 | diff --git a/perl.c b/perl.c | ||
39 | index 4a324c6..5c71fd0 100644 | ||
40 | --- a/perl.c | ||
41 | +++ b/perl.c | ||
42 | @@ -4329,23 +4329,70 @@ S_init_postdump_symbols(pTHX_ int argc, char **argv, char **env) | ||
43 | } | ||
44 | if (env) { | ||
45 | char *s, *old_var; | ||
46 | + STRLEN nlen; | ||
47 | SV *sv; | ||
48 | + HV *dups = newHV(); | ||
49 | + | ||
50 | for (; *env; env++) { | ||
51 | old_var = *env; | ||
52 | |||
53 | if (!(s = strchr(old_var,'=')) || s == old_var) | ||
54 | continue; | ||
55 | + nlen = s - old_var; | ||
56 | |||
57 | #if defined(MSDOS) && !defined(DJGPP) | ||
58 | *s = '\0'; | ||
59 | (void)strupr(old_var); | ||
60 | *s = '='; | ||
61 | #endif | ||
62 | - sv = newSVpv(s+1, 0); | ||
63 | - (void)hv_store(hv, old_var, s - old_var, sv, 0); | ||
64 | + if (hv_exists(hv, old_var, nlen)) { | ||
65 | + const char *name = savepvn(old_var, nlen); | ||
66 | + | ||
67 | + /* make sure we use the same value as getenv(), otherwise code that | ||
68 | + uses getenv() (like setlocale()) might see a different value to %ENV | ||
69 | + */ | ||
70 | + sv = newSVpv(PerlEnv_getenv(name), 0); | ||
71 | + | ||
72 | + /* keep a count of the dups of this name so we can de-dup environ later */ | ||
73 | + if (hv_exists(dups, name, nlen)) | ||
74 | + ++SvIVX(*hv_fetch(dups, name, nlen, 0)); | ||
75 | + else | ||
76 | + (void)hv_store(dups, name, nlen, newSViv(1), 0); | ||
77 | + | ||
78 | + Safefree(name); | ||
79 | + } | ||
80 | + else { | ||
81 | + sv = newSVpv(s+1, 0); | ||
82 | + } | ||
83 | + (void)hv_store(hv, old_var, nlen, sv, 0); | ||
84 | if (env_is_not_environ) | ||
85 | mg_set(sv); | ||
86 | } | ||
87 | + if (HvKEYS(dups)) { | ||
88 | + /* environ has some duplicate definitions, remove them */ | ||
89 | + HE *entry; | ||
90 | + hv_iterinit(dups); | ||
91 | + while ((entry = hv_iternext_flags(dups, 0))) { | ||
92 | + STRLEN nlen; | ||
93 | + const char *name = HePV(entry, nlen); | ||
94 | + IV count = SvIV(HeVAL(entry)); | ||
95 | + IV i; | ||
96 | + SV **valp = hv_fetch(hv, name, nlen, 0); | ||
97 | + | ||
98 | + assert(valp); | ||
99 | + | ||
100 | + /* try to remove any duplicate names, depending on the | ||
101 | + * implementation used in my_setenv() the iteration might | ||
102 | + * not be necessary, but let's be safe. | ||
103 | + */ | ||
104 | + for (i = 0; i < count; ++i) | ||
105 | + my_setenv(name, 0); | ||
106 | + | ||
107 | + /* and set it back to the value we set $ENV{name} to */ | ||
108 | + my_setenv(name, SvPV_nolen(*valp)); | ||
109 | + } | ||
110 | + } | ||
111 | + SvREFCNT_dec_NN(dups); | ||
112 | } | ||
113 | #endif /* USE_ENVIRON_ARRAY */ | ||
114 | #endif /* !PERL_MICRO */ | ||