From e0832acf79987dfcfbde84694c5c391f4de1755c Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Petr=20P=C3=ADsa=C5=99?= <ppisar(a)redhat.com>
Date: Tue, 20 Dec 2016 13:24:36 +0100
Subject: Fix crash in Storable when deserializing malformed code reference
---
perl-5.25.7-Fix-Storable-segfaults.patch | 61 ++++++++++++++++++++++++++++++++
perl-Storable.spec | 10 +++++-
2 files changed, 70 insertions(+), 1 deletion(-)
create mode 100644 perl-5.25.7-Fix-Storable-segfaults.patch
diff --git a/perl-5.25.7-Fix-Storable-segfaults.patch
b/perl-5.25.7-Fix-Storable-segfaults.patch
new file mode 100644
index 0000000..8934a13
--- /dev/null
+++ b/perl-5.25.7-Fix-Storable-segfaults.patch
@@ -0,0 +1,61 @@
+From fecd3be8dbdb747b9cbf4cbb9299ce40faabc8e6 Mon Sep 17 00:00:00 2001
+From: John Lightsey <lightsey(a)debian.org>
+Date: Mon, 14 Nov 2016 11:56:15 +0100
+Subject: [PATCH] Fix Storable segfaults.
+
+Fix a null pointed dereference segfault in storable when the
+retrieve_code logic was unable to read the string that contained
+the code.
+
+Also fix several locations where retrieve_other was called with a
+null context pointer. This also resulted in a null pointer
+dereference.
+---
+ dist/Storable/Storable.xs | 10 +++++++---
+ 1 file changed, 7 insertions(+), 3 deletions(-)
+
+diff --git a/dist/Storable/Storable.xs b/dist/Storable/Storable.xs
+index 053951c..caa489c 100644
+--- a/dist/Storable/Storable.xs
++++ b/dist/Storable/Storable.xs
+@@ -5647,6 +5647,10 @@ static SV *retrieve_code(pTHX_ stcxt_t *cxt, const char *cname)
+ CROAK(("Unexpected type %d in retrieve_code\n", type));
+ }
+
++ if (!text) {
++ CROAK(("Unable to retrieve code\n"));
++ }
++
+ /*
+ * prepend "sub " to the source
+ */
+@@ -5767,7 +5771,7 @@ static SV *old_retrieve_array(pTHX_ stcxt_t *cxt, const char
*cname)
+ continue; /* av_extend() already filled us with undef */
+ }
+ if (c != SX_ITEM)
+- (void) retrieve_other(aTHX_ (stcxt_t *) 0, 0); /* Will croak out */
++ (void) retrieve_other(aTHX_ cxt, 0); /* Will croak out */
+ TRACEME(("(#%d) item", i));
+ sv = retrieve(aTHX_ cxt, 0); /* Retrieve item */
+ if (!sv)
+@@ -5844,7 +5848,7 @@ static SV *old_retrieve_hash(pTHX_ stcxt_t *cxt, const char
*cname)
+ if (!sv)
+ return (SV *) 0;
+ } else
+- (void) retrieve_other(aTHX_ (stcxt_t *) 0, 0); /* Will croak out */
++ (void) retrieve_other(aTHX_ cxt, 0); /* Will croak out */
+
+ /*
+ * Get key.
+@@ -5855,7 +5859,7 @@ static SV *old_retrieve_hash(pTHX_ stcxt_t *cxt, const char
*cname)
+
+ GETMARK(c);
+ if (c != SX_KEY)
+- (void) retrieve_other(aTHX_ (stcxt_t *) 0, 0); /* Will croak out */
++ (void) retrieve_other(aTHX_ cxt, 0); /* Will croak out */
+ RLEN(size); /* Get key size */
+ KBUFCHK((STRLEN)size); /* Grow hash key read pool if needed */
+ if (size)
+--
+2.10.2
+
diff --git a/perl-Storable.spec b/perl-Storable.spec
index e8bd48f..114efee 100644
--- a/perl-Storable.spec
+++ b/perl-Storable.spec
@@ -3,7 +3,7 @@
Name: perl-Storable
Epoch: 1
Version: 2.53
-Release: 348%{?dist}
+Release: 349%{?dist}
Summary: Persistence for Perl data structures
License: GPL+ or Artistic
Group: Development/Libraries
@@ -13,6 +13,9 @@ Source0:
http://www.cpan.org/authors/id/A/AM/AMS/Storable-%{base_version}
Patch0: Storable-2.51-Upgrade-to-2.53.patch
# Avoid loading optional modules from default . (CVE-2016-1238)
Patch1: Storable-2.53-CVE-2016-1238-avoid-loading-optional-modules-from.patch
+# Fix crash in Storable when deserializing malformed code reference, RT#68348,
+# RT130098
+Patch2: perl-5.25.7-Fix-Storable-segfaults.patch
BuildRequires: perl
BuildRequires: perl(Config)
BuildRequires: perl(ExtUtils::MakeMaker)
@@ -64,6 +67,7 @@ can be conveniently stored to disk and retrieved at a later time.
%setup -q -n Storable-%{base_version}
%patch0 -p1
%patch1 -p1
+%patch2 -p3
# Remove bundled modules
rm -rf t/compat
sed -i -e '/^t\/compat\//d' MANIFEST
@@ -90,6 +94,10 @@ make test
%{_mandir}/man3/*
%changelog
+* Tue Dec 20 2016 Petr Pisar <ppisar(a)redhat.com> - 1:2.53-349
+- Fix crash in Storable when deserializing malformed code reference
+ (RT#68348, RT#130098)
+
* Wed Aug 03 2016 Jitka Plesnikova <jplesnik(a)redhat.com> - 1:2.53-348
- Avoid loading optional modules from default . (CVE-2016-1238)
--
cgit v0.12
http://pkgs.fedoraproject.org/cgit/perl-Storable.git/commit/?h=f24&id...