perl-devel November 2005

perl-devel@lists.fedoraproject.org

7 participants
70 discussions

Start a nNew thread

[Bug 172792] New: use of study() with utf8 support enabled breaks regexps
by Red Hat Bugzilla 06 Mar '08

06 Mar '08

1 3

[Bug 173563] New: filelist cleanup: drop unnecessary files, eliminate duplicates
by Red Hat Bugzilla 27 Feb '08

27 Feb '08

1 8

[Bug 173646] New: Selinux denials for spamd
by Red Hat Bugzilla 14 Dec '06

14 Dec '06

1 1

[Bug 172739] New: Deep recursion in CGI::Carp::warn
by Red Hat Bugzilla 01 Oct '06

01 Oct '06

1 4

[Bug 172336] New: getgrnam() crashes with "Out of memory" if /etc/group contains long lines
by Red Hat Bugzilla 21 Sep '06

21 Sep '06

Please do not reply directly to this email. All additional comments should be made in the comments box of this bug report. https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=172336 Summary: getgrnam() crashes with "Out of memory" if /etc/group contains long lines Product: Fedora Core Version: fc4 Platform: i386 URL: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=227621 OS/Version: Linux Status: NEW Severity: security Priority: normal Component: perl AssignedTo: jvdias(a)redhat.com ReportedBy: jvdias(a)redhat.com QAContact: dkl(a)redhat.com CC: fedora-perl-devel-list@redhat.com,prockai@redhat.com +++ This bug was initially created as a clone of Bug #163958 +++ >From Bugzilla Helper: User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.10) Gecko/20050720 Firefox/1.0.6 Description of problem: This bug has been fixed in Debian and in newest Perl. I'm just wondering does this concern RHEL 3 too, because we are rather close having "too much" users in one group and I would rather see this bug fixed before that we are going to have problems. * Fix test of reenterant function return values which was causing perl to malloc itself to death if ERANGE was encountered before ENOENT (such as a long line in /etc/group; closes: #227621). Version-Release number of selected component (if applicable): How reproducible: Didn't try Additional info: -- Additional comment from jvdias(a)redhat.com on 2005-11-02 16:23 EST -- This is PERL bug 37056, fixed with patch 25084 in bleadperl (5.9.x): ( http://rt.perl.org/rt3/Ticket/Display.html?id=37056 ) Subject: getgrent fails if a line in /etc/groups gets too long Date: Fri, 02 Sep 2005 15:53:08 +0200 To: perlbug(a)perl.org From: Michiel Blotwijk <michiel(a)blotwijk.com> This is a bug report for perl from michiel(a)altiplano.be, generated with the help of perlbug 1.35 running under perl v5.8.5. ----------------------------------------------------------------- [Please enter your report here] The function getgrent throws an error if a line in /etc/groups gets too long (> 3000 characters). This error can be reproduced as follows: 1/ Manually add a large number of users to a group in /etc/group. It doesn't really matter if these are real users or not, as long as the line exceeds 3000 characters. 2/ perl -e 'use User::grent; while (my $gr = getgrent() ) { print $gr->name."\n"; }' This will return an "Out of memory!" message. This thread seems to be related: http://lists.debian.org/debian-security/2005/06/msg00041.html Originally reported at Debian: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=227621 As said in the Debian bug report: From: "Steinar H. Gunderson" <sgunderson(a)bigfoot.com> To: Peter Palúch <peterp(a)frix.fri.utc.sk> Cc: control(a)bugs.debian.org, 227621(a)bugs.debian.org, debian-security(a)lists.debian.org Subject: Re: perl: getgrnam() crashes with "Out of memory" if /etc/group contains long lines Date: Fri, 10 Jun 2005 15:03:02 +0200 It's about the same bug in perl as it was in glibc. reentr.pl line 698 reads: $call = qq[((PL_REENTRANT_RETINT = $call)$test ? $true : (((PL_REENTRANT_RETINT == ERANGE) || (errno == ERANGE)) ? ($seenm{$func}{$seenr{$func}})Perl_reentrant_retry("$func"$rv) : 0))]; The problem here is "errno == ERANGE". If, at any time, there's a line longer than the initial buffer, getgrent() (or any in the same family) will get ERANGE back (and errno will be set to ERANGE). However, this is never reset. Thus, when getgrent_r() hits EOF, it returns ENOENT, _but errno is still ERANGE_. Perl figures the buffer was too small, doubles it and tries again, but still gets ENOENT, of course (and errno is still ERANGE). This goes on forever and ever until you run out of memory (which happens quite fast). The solution is simply to remove "errno == ERANGE" AFAICS; getgrent_r() does not define what happens to errno, and the return message will always be ERANGE if the buffer is too small. I'm a bit tempted to tag this "security"; if a user can (say) change his or her own GECOS field to make it long enough, Perl programs using getpwent() will crash, for instance. I can't find any direct way to exploit it (chfn limits the length of the fields, for instance), but I'm still slightly concerned over the possibilities of a DoS; Cc-ing debian-security. /* Steinar */ I agree this bug has security implications . This problem affects all {get,set}* nss perl wrapper functions, not only getgrent . This problem affects all previous releases of PERL in all current Red Hat releases. The patch is very straightforward - replace all occurences of ((PL_REENTRANT_RETINT == ERANGE) || (errno == ERANGE)) with (PL_REENTRANT_RETINT == ERANGE) in reentr.inc and reentr.pl. This bug is now being fixed in these perl versions: Rawhide / FC-5 : perl-5.8.7-0.7.fc5 FC-4 : perl-5.8.6-16 RHEL-4 : perl-5.8.5-17.RHEL4 RHEL-3 : perl-5.8.0-90.2 -- Configure bugmail: https://bugzilla.redhat.com/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.

1 3

[Bug 169236] New: New version of SpamAssassin available (3.1.0)
by Red Hat Bugzilla 07 Jun '06

07 Jun '06

Please do not reply directly to this email. All additional comments should be made in the comments box of this bug report. https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=169236 Summary: New version of SpamAssassin available (3.1.0) Product: Fedora Core Version: fc4 Platform: All URL: http://svn.apache.org/repos/asf/spamassassin/branches/3. 1/UPGRADE OS/Version: Linux Status: NEW Severity: normal Priority: normal Component: spamassassin AssignedTo: wtogami(a)redhat.com ReportedBy: milan.kerslager(a)pslib.cz CC: fedora-perl-devel- list@redhat.com,felicity@kluge.net,jm@jmason.org,parkerm @pobox.com,reg+redhat@sidney.com,wtogami@redhat.com New SpamAssassin 3.1.0 introduces a lot of changes (mostly move to plugins). Will be there a new fersion for FC4 or 3.1.x is supposed to be in FC5 only? Are there some issues for FC4? -- Configure bugmail: https://bugzilla.redhat.com/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.

1 11

[Bug 174373] New: Perl program crashes on end if prepared statements are used
by Red Hat Bugzilla 20 Feb '06

20 Feb '06

Please do not reply directly to this email. All additional comments should be made in the comments box of this bug report. https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=174373 Summary: Perl program crashes on end if prepared statements are used Product: Fedora Core Version: fc4 Platform: i386 OS/Version: Linux Status: NEW Severity: normal Priority: normal Component: perl-DBD-Pg AssignedTo: wtogami(a)redhat.com ReportedBy: pb(a)bieringer.de CC: fedora-perl-devel-list(a)redhat.com >From Bugzilla Helper: User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; de-DE; rv:1.7.12) Gecko/20050919 Firefox/1.0.7 Description of problem: A specific (not so big) Perl program crashes crashes on a special scenario Version-Release number of selected component (if applicable): perl-DBD-Pg-1.41-2 perl-5.8.6-16.fc4 postgresql-8.0.4-2.FC4.1 How reproducible: Always Steps to Reproduce: 1. create a Perl program 2. use DBD::Pg 3. connect to database 4. create some prepare statements like my $statement = "SELECT * FROM table WHERE number = ?"; my $sth_test_select = $dbh->prepare($statement) || die $DBI::errstr; 5. use statements 6. disconnect from database 7. exit Actual Results: Crash: rt_sigprocmask(SIG_BLOCK, [PIPE], [], 8) = 0 send(3, "Q\0\0\0\rrollback\0", 14, 0) = 14 rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 poll([{fd=3, events=POLLIN|POLLERR, revents=POLLIN}], 1, -1) = 1 recv(3, "C\0\0\0\rROLLBACK\0Z\0\0\0\5I", 16384, 0) = 20 rt_sigprocmask(SIG_BLOCK, [PIPE], [], 8) = 0 send(3, "X\0\0\0\4", 5, 0) = 5 rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 close(3) = 0 stat64("/usr/lib/perl5/vendor_perl/5.8.6/i386-linux-thread-multi/auto/DBI/DESTROY.al", 0x94ce0c8) = -1 ENOENT (No such file or directory) open("/usr/share/locale/locale.alias", O_RDONLY) = 3 fstat64(3, {st_mode=S_IFREG|0644, st_size=2528, ...}) = 0 mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb7d6c000 read(3, "# Locale name alias data base.\n#"..., 4096) = 2528 read(3, "", 4096) = 0 close(3) = 0 munmap(0xb7d6c000, 4096) = 0 open("/usr/share/locale/en_US.UTF-8/LC_MESSAGES/libc.mo", O_RDONLY) = -1 ENOENT (No such file or directory) open("/usr/share/locale/en_US.utf8/LC_MESSAGES/libc.mo", O_RDONLY) = -1 ENOENT (No such file or directory) open("/usr/share/locale/en_US/LC_MESSAGES/libc.mo", O_RDONLY) = -1 ENOENT (No such file or directory) open("/usr/share/locale/en.UTF-8/LC_MESSAGES/libc.mo", O_RDONLY) = -1 ENOENT (No such file or directory) open("/usr/share/locale/en.utf8/LC_MESSAGES/libc.mo", O_RDONLY) = -1 ENOENT (No such file or directory) open("/usr/share/locale/en/LC_MESSAGES/libc.mo", O_RDONLY) = -1 ENOENT (No such file or directory) open("/usr/lib/perl5/site_perl/5.8.6/i386-linux-thread-multi/auto/DBI/DESTROY.al", O_RDONLY|O_LARGEFILE) = -1 ENOENT (No such file or directory) open("/usr/lib/perl5/site_perl/5.8.5/i386-linux-thread-multi/auto/DBI/DESTROY.al", O_RDONLY|O_LARGEFILE) = -1 ENOENT (No such file or directory) open("/usr/lib/perl5/site_perl/5.8.4/i386-linux-thread-multi/auto/DBI/DESTROY.al", O_RDONLY|O_LARGEFILE) = -1 ENOENT (No such file or directory) open("/usr/lib/perl5/site_perl/5.8.3/i386-linux-thread-multi/auto/DBI/DESTROY.al", O_RDONLY|O_LARGEFILE) = -1 ENOENT (No such file or directory) open("/usr/lib/perl5/site_perl/5.8.6/auto/DBI/DESTROY.al", O_RDONLY|O_LARGEFILE) = -1 ENOENT (No such file or directory) open("/usr/lib/perl5/site_perl/5.8.5/auto/DBI/DESTROY.al", O_RDONLY|O_LARGEFILE) = -1 ENOENT (No such file or directory) open("/usr/lib/perl5/site_perl/5.8.4/auto/DBI/DESTROY.al", O_RDONLY|O_LARGEFILE) = -1 ENOENT (No such file or directory) open("/usr/lib/perl5/site_perl/5.8.3/auto/DBI/DESTROY.al", O_RDONLY|O_LARGEFILE) = -1 ENOENT (No such file or directory) open("/usr/lib/perl5/site_perl/auto/DBI/DESTROY.al", O_RDONLY|O_LARGEFILE) = -1 ENOENT (No such file or directory) open("/usr/lib/perl5/vendor_perl/5.8.6/i386-linux-thread-multi/auto/DBI/DESTROY.al", O_RDONLY|O_LARGEFILE) = -1 ENOENT (No such file or directory) open("/usr/lib/perl5/vendor_perl/5.8.5/i386-linux-thread-multi/auto/DBI/DESTROY.al", O_RDONLY|O_LARGEFILE) = -1 ENOENT (No such file or directory) open("/usr/lib/perl5/vendor_perl/5.8.4/i386-linux-thread-multi/auto/DBI/DESTROY.al", O_RDONLY|O_LARGEFILE) = -1 ENOENT (No such file or directory) open("/usr/lib/perl5/vendor_perl/5.8.3/i386-linux-thread-multi/auto/DBI/DESTROY.al", O_RDONLY|O_LARGEFILE) = -1 ENOENT (No such file or directory) open("/usr/lib/perl5/vendor_perl/5.8.6/auto/DBI/DESTROY.al", O_RDONLY|O_LARGEFILE) = -1 ENOENT (No such file or directory) open("/usr/lib/perl5/vendor_perl/5.8.5/auto/DBI/DESTROY.al", O_RDONLY|O_LARGEFILE) = -1 ENOENT (No such file or directory) open("/usr/lib/perl5/vendor_perl/5.8.4/auto/DBI/DESTROY.al", O_RDONLY|O_LARGEFILE) = -1 ENOENT (No such file or directory) open("/usr/lib/perl5/vendor_perl/5.8.3/auto/DBI/DESTROY.al", O_RDONLY|O_LARGEFILE) = -1 ENOENT (No such file or directory) open("/usr/lib/perl5/vendor_perl/auto/DBI/DESTROY.al", O_RDONLY|O_LARGEFILE) = -1 ENOENT (No such file or directory) open("/usr/lib/perl5/5.8.6/i386-linux-thread-multi/auto/DBI/DESTROY.al", O_RDONLY|O_LARGEFILE) = -1 ENOENT (No such file or directory) open("/usr/lib/perl5/5.8.6/auto/DBI/DESTROY.al", O_RDONLY|O_LARGEFILE) = -1 ENOENT (No such file or directory) open("./auto/DBI/DESTROY.al", O_RDONLY|O_LARGEFILE) = -1 ENOENT (No such file or directory) exit_group(0) = ? Expected Results: If prepare variable would be undef'ed before exit (before oder after disconnect), the crash would no longer occur. Additional info: -- Configure bugmail: https://bugzilla.redhat.com/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.

1 6

[Bug 173793] New: CAN-2005-0448 perl File::Path.pm rmtree race condition
by Red Hat Bugzilla 09 Jan '06

09 Jan '06

1 2

Remove perl-RPM2 from FC
by Warren Togami 02 Jan '06

02 Jan '06

Can we remove perl-RPM2 from FC? AFAICT nothing depends on it and I haven't seen anyone actually rely on it. Any objections from the Fedora Perl Devel team? Warren Togami wtogami(a)redhat.com

3 3

[Bug 171903] New: spamassassin startup fails on boot
by Red Hat Bugzilla 17 Dec '05

17 Dec '05

1 20

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

2005

perl-devel November 2005