[perl/f15] Fix CVE-2011-2939
Petr Pisar
ppisar at fedoraproject.org
Wed Oct 5 16:13:55 UTC 2011
commit 63130052504f959d64965a0c0460628e31bc8dff
Author: Petr Písař <ppisar at redhat.com>
Date: Wed Oct 5 17:06:55 2011 +0200
Fix CVE-2011-2939
perl-5.14.1-CVE-2011-2939.patch | 31 +++++++++++++++++++++++++++++++
perl.spec | 6 ++++++
2 files changed, 37 insertions(+), 0 deletions(-)
---
diff --git a/perl-5.14.1-CVE-2011-2939.patch b/perl-5.14.1-CVE-2011-2939.patch
new file mode 100644
index 0000000..d6e9309
--- /dev/null
+++ b/perl-5.14.1-CVE-2011-2939.patch
@@ -0,0 +1,31 @@
+From c28861b92c21957858b840da14b9734f4436b3be Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Petr=20P=C3=ADsa=C5=99?= <ppisar at redhat.com>
+Date: Wed, 5 Oct 2011 16:45:43 +0200
+Subject: [PATCH] Fix CVE-2011-2939
+
+Fixes heap overflow while decoding Unicode string. See
+<https://bugzilla.redhat.com/show_bug.cgi?id=731246> for more
+details. Original patch by Robert Zacek <zacek at avast.com>.
+---
+ cpan/Encode/Unicode/Unicode.xs | 5 ++++-
+ 1 files changed, 4 insertions(+), 1 deletions(-)
+
+diff --git a/cpan/Encode/Unicode/Unicode.xs b/cpan/Encode/Unicode/Unicode.xs
+index 07d7e25..af5965d 100644
+--- a/cpan/Encode/Unicode/Unicode.xs
++++ b/cpan/Encode/Unicode/Unicode.xs
+@@ -256,7 +256,10 @@ CODE:
+ This prevents allocating too much in the rogue case of a large
+ input consisting initially of long sequence uft8-byte unicode
+ chars followed by single utf8-byte chars. */
+- STRLEN remaining = (e - s)/usize;
++ /* +1
++ fixes Unicode.xs!decode_xs n-byte heap-overflow
++ */
++ STRLEN remaining = (e - s)/usize + 1; /* +1 to avoid the leak */
+ STRLEN max_alloc = remaining + (8*1024*1024);
+ STRLEN est_alloc = remaining * UTF8_MAXLEN;
+ STRLEN newlen = SvLEN(result) + /* min(max_alloc, est_alloc) */
+--
+1.7.6.4
+
diff --git a/perl.spec b/perl.spec
index 622b95f..6591a96 100644
--- a/perl.spec
+++ b/perl.spec
@@ -83,6 +83,9 @@ Patch10: perl-ExtUtils-ParseXS-2.2206.patch
# Fix code injection in Digest, rhbz #743010, RT#71390, fixed in Digest-1.17.
Patch11: perl-5.14.2-digest_eval.patch
+# Fix CVE-2011-2939, rhbz #731246, fixed in perl-5.14.2.
+Patch12: perl-5.14.1-CVE-2011-2939.patch
+
# Update some of the bundled modules
# see http://fedoraproject.org/wiki/Perl/perl.spec for instructions
@@ -959,6 +962,7 @@ tarball from perl.org.
%patch9 -p1
%patch10 -p1
%patch11 -p1
+%patch12 -p1
#copy the example script
cp -a %{SOURCE5} .
@@ -1172,6 +1176,7 @@ pushd %{build_archlib}/CORE/
'Fedora Patch9: h2ph produces incorrect code in preamble, based mainly on RT #74614 ' \
'Fedora Patch10: Update ExtUtils::ParseXS to 2.2206' \
'Fedora Patch11: Fix code injection in Digest->new()' \
+ 'Fedora Patch12: Fix CVE-2011-2939' \
%{nil}
rm patchlevel.bak
@@ -1975,6 +1980,7 @@ rm -rf $RPM_BUILD_ROOT
%changelog
* Wed Oct 05 2011 Petr Pisar <ppisar at redhat.com> - 4:5.12.4-161
- Fix CVE-2011-3597 (code injection in Digest) (bug #743010)
+- Fix CVE-2011-2939 (heap overflow while decoding Unicode string) (bug #731246)
* Sun Aug 14 2011 Iain Arnell <iarnell at gmail.com> 4:5.12.4-161
- perl needs to own vendorarch/auto directory
More information about the scm-commits
mailing list