[perl/f16] Fix CVE-2011-2939
Petr Pisar
ppisar at fedoraproject.org
Wed Oct 5 15:36:35 UTC 2011
commit 7fc88b6fe92b86bc680979e107a6d84a3a04502e
Author: Petr Písař <ppisar at redhat.com>
Date: Wed Oct 5 17:06:55 2011 +0200
Fix CVE-2011-2939
perl-5.14.1-CVE-2011-2939.patch | 31 +++++++++++++++++++++++++++++++
perl.spec | 6 ++++++
2 files changed, 37 insertions(+), 0 deletions(-)
---
diff --git a/perl-5.14.1-CVE-2011-2939.patch b/perl-5.14.1-CVE-2011-2939.patch
new file mode 100644
index 0000000..d6e9309
--- /dev/null
+++ b/perl-5.14.1-CVE-2011-2939.patch
@@ -0,0 +1,31 @@
+From c28861b92c21957858b840da14b9734f4436b3be Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Petr=20P=C3=ADsa=C5=99?= <ppisar at redhat.com>
+Date: Wed, 5 Oct 2011 16:45:43 +0200
+Subject: [PATCH] Fix CVE-2011-2939
+
+Fixes heap overflow while decoding Unicode string. See
+<https://bugzilla.redhat.com/show_bug.cgi?id=731246> for more
+details. Original patch by Robert Zacek <zacek at avast.com>.
+---
+ cpan/Encode/Unicode/Unicode.xs | 5 ++++-
+ 1 files changed, 4 insertions(+), 1 deletions(-)
+
+diff --git a/cpan/Encode/Unicode/Unicode.xs b/cpan/Encode/Unicode/Unicode.xs
+index 07d7e25..af5965d 100644
+--- a/cpan/Encode/Unicode/Unicode.xs
++++ b/cpan/Encode/Unicode/Unicode.xs
+@@ -256,7 +256,10 @@ CODE:
+ This prevents allocating too much in the rogue case of a large
+ input consisting initially of long sequence uft8-byte unicode
+ chars followed by single utf8-byte chars. */
+- STRLEN remaining = (e - s)/usize;
++ /* +1
++ fixes Unicode.xs!decode_xs n-byte heap-overflow
++ */
++ STRLEN remaining = (e - s)/usize + 1; /* +1 to avoid the leak */
+ STRLEN max_alloc = remaining + (8*1024*1024);
+ STRLEN est_alloc = remaining * UTF8_MAXLEN;
+ STRLEN newlen = SvLEN(result) + /* min(max_alloc, est_alloc) */
+--
+1.7.6.4
+
diff --git a/perl.spec b/perl.spec
index f68474a..bcf624f 100644
--- a/perl.spec
+++ b/perl.spec
@@ -66,6 +66,9 @@ Patch8: perl-5.14.1-offtest.patch
# Fix code injection in Digest, rhbz #743010, RT#71390, fixed in Digest-1.17.
Patch9: perl-5.14.2-digest_eval.patch
+# Fix CVE-2011-2939, rhbz #731246, fixed in perl-5.14.2.
+Patch10: perl-5.14.1-CVE-2011-2939.patch
+
# Update some of the bundled modules
# see http://fedoraproject.org/wiki/Perl/perl.spec for instructions
@@ -1073,6 +1076,7 @@ tarball from perl.org.
%patch7 -p1
%patch8 -p1
%patch9 -p1
+%patch10 -p1
#copy the example script
cp -a %{SOURCE5} .
@@ -1260,6 +1264,7 @@ pushd %{build_archlib}/CORE/
'Fedora Patch6: Skip hostname tests, due to builders not being network capable' \
'Fedora Patch7: Dont run one io test due to random builder failures' \
'Fedora Patch9: Fix code injection in Digest->new()' \
+ 'Fedora Patch10: Fix CVE-2011-2939' \
%{nil}
rm patchlevel.bak
@@ -2149,6 +2154,7 @@ sed \
%changelog
* Wed Oct 05 2011 Petr Pisar <ppisar at redhat.com> - 4:5.14.1-188
- Fix CVE-2011-3597 (code injection in Digest) (bug #743010)
+- Fix CVE-2011-2939 (heap overflow while decoding Unicode string) (bug #731246)
* Tue Aug 30 2011 Petr Pisar <ppisar at redhat.com> - 4:5.14.1-187
- Split Locale::Codes into standalone sub-package to dual-live with newer
More information about the scm-commits
mailing list