diff options
Diffstat (limited to 'meta/recipes-devtools/perl/perl/CVE-2018-18313.patch')
| -rw-r--r-- | meta/recipes-devtools/perl/perl/CVE-2018-18313.patch | 60 |
1 files changed, 60 insertions, 0 deletions
diff --git a/meta/recipes-devtools/perl/perl/CVE-2018-18313.patch b/meta/recipes-devtools/perl/perl/CVE-2018-18313.patch new file mode 100644 index 0000000000..540aa073fb --- /dev/null +++ b/meta/recipes-devtools/perl/perl/CVE-2018-18313.patch @@ -0,0 +1,60 @@ +From 3458f6115ca8e8d11779948c12b7e1cc5803358c Mon Sep 17 00:00:00 2001 +From: Karl Williamson <khw@cpan.org> +Date: Sat, 25 Mar 2017 15:00:22 -0600 +Subject: [PATCH 2/3] regcomp.c: Convert some strchr to memchr + +This allows things to work properly in the face of embedded NULs. +See the branch merge message for more information. + +(cherry picked from commit 43b2f4ef399e2fd7240b4eeb0658686ad95f8e62) + +CVE: CVE-2018-18313 +Upstream-Status: Backport +[https://perl5.git.perl.org/perl.git/commit/c1c28ce6ba90ee05aa96b11ad551a6063680f3b9] + +Signed-off-by: Dan Tran <dantran@microsoft.com> +--- + regcomp.c | 13 ++++++++----- + 1 file changed, 8 insertions(+), 5 deletions(-) + +diff --git a/regcomp.c b/regcomp.c +index 00d26d9290..2688979882 100644 +--- a/regcomp.c ++++ b/regcomp.c +@@ -11783,8 +11783,9 @@ S_grok_bslash_N(pTHX_ RExC_state_t *pRExC_state, + + RExC_parse++; /* Skip past the '{' */ + +- if (! (endbrace = strchr(RExC_parse, '}')) /* no trailing brace */ +- || ! (endbrace == RExC_parse /* nothing between the {} */ ++ endbrace = (char *) memchr(RExC_parse, '}', RExC_end - RExC_parse); ++ if ((! endbrace) /* no trailing brace */ ++ || ! (endbrace == RExC_parse /* nothing between the {} */ + || (endbrace - RExC_parse >= 2 /* U+ (bad hex is checked... */ + && strnEQ(RExC_parse, "U+", 2)))) /* ... below for a better + error msg) */ +@@ -12483,9 +12484,11 @@ S_regatom(pTHX_ RExC_state_t *pRExC_state, I32 *flagp, U32 depth) + else { + STRLEN length; + char name = *RExC_parse; +- char * endbrace; ++ char * endbrace = NULL; + RExC_parse += 2; +- endbrace = strchr(RExC_parse, '}'); ++ if (RExC_parse < RExC_end) { ++ endbrace = (char *) memchr(RExC_parse, '}', RExC_end - RExC_parse); ++ } + + if (! endbrace) { + vFAIL2("Missing right brace on \\%c{}", name); +@@ -15939,7 +15942,7 @@ S_regclass(pTHX_ RExC_state_t *pRExC_state, I32 *flagp, U32 depth, + vFAIL2("Empty \\%c", (U8)value); + if (*RExC_parse == '{') { + const U8 c = (U8)value; +- e = strchr(RExC_parse, '}'); ++ e = (char *) memchr(RExC_parse, '}', RExC_end - RExC_parse); + if (!e) { + RExC_parse++; + vFAIL2("Missing right brace on \\%c{}", c); +-- +2.22.0.vfs.1.1.57.gbaf16c8 |