rpms / perl

Clone
Source Code
GIT

Blame perl-5.8.7-CVE-2005-3962-bz174684.patch

f10 f11 f12 f13 f14 f15 f16 f17 f18 f19 f20 f21 f22 f23 f24 f25 f26 f27 f28 f29 f30 f31 f32 f33 f34 f35 f36 f37 f38 f39 f40 f7 f8 f9 main master-topic/site-customize perl-5_8_8-0_RC1 rawhide rc/master
  1.   152af83cecbeb335bc215e53115eb5be1739cae1
  2.   perl-5.8.7-CVE-2005-3962-bz174684.patch
Blob History Raw
jvdias ae5aa7a 
--- perl-5.8.7/t/lib/warnings/sv.CVE-2005-3962-bz174684	2004-03-18 07:51:14.000000000 -0500
jvdias c74188f 
+++ perl-5.8.7/t/lib/warnings/sv	2005-12-14 12:40:55.000000000 -0500
jvdias ae5aa7a 
@@ -301,12 +301,12 @@
jvdias ae5aa7a 
 printf F "%\x02" ;
jvdias ae5aa7a 
 $a = sprintf "%\x02" ;
jvdias ae5aa7a 
 EXPECT
jvdias ae5aa7a 
-Invalid conversion in sprintf: "%z" at - line 5.
jvdias ae5aa7a 
-Invalid conversion in sprintf: end of string at - line 7.
jvdias ae5aa7a 
-Invalid conversion in sprintf: "%\002" at - line 9.
jvdias ae5aa7a 
 Invalid conversion in printf: "%z" at - line 4.
jvdias ae5aa7a 
+Invalid conversion in sprintf: "%z" at - line 5.
jvdias ae5aa7a 
 Invalid conversion in printf: end of string at - line 6.
jvdias ae5aa7a 
+Invalid conversion in sprintf: end of string at - line 7.
jvdias ae5aa7a 
 Invalid conversion in printf: "%\002" at - line 8.
jvdias ae5aa7a 
+Invalid conversion in sprintf: "%\002" at - line 9.
jvdias ae5aa7a 
 ########
jvdias ae5aa7a 
 # sv.c
jvdias ae5aa7a 
 use warnings 'misc' ;
jvdias ae5aa7a 
--- perl-5.8.7/t/op/sprintf.t.CVE-2005-3962-bz174684	2003-09-01 03:41:07.000000000 -0400
jvdias c74188f 
+++ perl-5.8.7/t/op/sprintf.t	2005-12-14 12:53:09.000000000 -0500
jvdias c74188f 
@@ -385,3 +385,8 @@
jvdias ae5aa7a 
 >%4$K %d<	>[45, 67]<	>%4$K 45 INVALID<
jvdias ae5aa7a 
 >%d %K %d<	>[23, 45]<	>23 %K 45 INVALID<
jvdias ae5aa7a 
 >%*v*999\$d %d %d<	>[11, 22, 33]<	>%*v*999\$d 11 22 INVALID<
jvdias ae5aa7a 
+>%#b<		>0<	>0<
jvdias ae5aa7a 
+>%#o<		>0<	>0<
jvdias ae5aa7a 
+>%#x<		>0<	>0<
jvdias c74188f 
+>%2918905856$v2d<	>''<	><
jvdias c74188f 
+>%*2918905856$v2d<	>''<	> UNINIT<
jvdias 59c4848 
--- perl-5.8.7/t/op/sprintf2.t.CVE-2005-3962-bz174684	2004-02-09 16:37:13.000000000 -0500
jvdias c74188f 
+++ perl-5.8.7/t/op/sprintf2.t	2005-12-14 12:50:39.000000000 -0500
jvdias 59c4848 
@@ -6,7 +6,7 @@
jvdias 59c4848 
     require './test.pl';
jvdias 59c4848 
 }
jvdias 59c4848
jvdias 59c4848 
-plan tests => 3;
jvdias c74188f 
+plan tests => 7 + 256;
jvdias 59c4848
jvdias 59c4848 
 is(
jvdias 59c4848 
     sprintf("%.40g ",0.01),
jvdias c74188f 
@@ -26,3 +26,43 @@
jvdias 59c4848 
 		q(width calculation under utf8 upgrade)
jvdias 59c4848 
 	);
jvdias 59c4848 
 }
jvdias ae5aa7a 
+
jvdias ae5aa7a 
+# Used to mangle PL_sv_undef
jvdias ae5aa7a 
+fresh_perl_is(
jvdias ae5aa7a 
+    'print sprintf "xxx%n\n"; print undef',
jvdias ae5aa7a 
+    'Modification of a read-only value attempted at - line 1.',
jvdias ae5aa7a 
+    { switches => [ '-w' ] },
jvdias ae5aa7a 
+    q(%n should not be able to modify read-only constants),
jvdias ae5aa7a 
+);
jvdias ae5aa7a 
+
jvdias 59c4848 
+# check %NNN$ for range bounds, especially negative 2's complement
jvdias 59c4848 
+{
jvdias 59c4848 
+    my ($warn, $bad) = (0,0);
jvdias 59c4848 
+    local $SIG{__WARN__} = sub {
jvdias 59c4848 
+       if ($_[0] =~ /uninitialized/) {
jvdias 59c4848 
+           $warn++
jvdias 59c4848 
+       }
jvdias 59c4848 
+       else {
jvdias 59c4848 
+           $bad++
jvdias 59c4848 
+       }
jvdias 59c4848 
+    };
jvdias 59c4848 
+    my $result = sprintf join('', map("%$_\$s%" . ~$_ . '$s', 1..20)),
jvdias 59c4848 
+       qw(a b c d);
jvdias 59c4848 
+    is($result, "abcd", "only four valid values");
jvdias 59c4848 
+    is($warn, 36, "expected warnings");
jvdias 59c4848 
+    is($bad,   0, "unexpected warnings");
jvdias 59c4848 
+}
jvdias c74188f 
+{
jvdias c74188f 
+    foreach my $ord (0 .. 255) {
jvdias c74188f 
+	my $bad = 0;
jvdias c74188f 
+	local $SIG{__WARN__} = sub {
jvdias c74188f 
+	    unless ($_[0] =~ /^Invalid conversion in sprintf/ ||
jvdias c74188f 
+		    $_[0] =~ /^Use of uninitialized value in sprintf/) {
jvdias c74188f 
+		warn $_[0];
jvdias c74188f 
+		$bad++;
jvdias c74188f 
+	    }
jvdias c74188f 
+	};
jvdias c74188f 
+	my $r = eval {sprintf '%v' . chr $ord};
jvdias c74188f 
+	is ($bad, 0, "pattern '%v' . chr $ord");
jvdias c74188f 
+    }
jvdias c74188f 
+}
jvdias ae5aa7a 
--- perl-5.8.7/opcode.h.CVE-2005-3962-bz174684	2005-05-27 12:29:50.000000000 -0400
jvdias c74188f 
+++ perl-5.8.7/opcode.h	2005-12-14 12:40:55.000000000 -0500
jvdias ae5aa7a 
@@ -1585,7 +1585,7 @@
jvdias ae5aa7a 
 	0x0022281c,	/* vec */
jvdias ae5aa7a 
 	0x0122291c,	/* index */
jvdias ae5aa7a 
 	0x0122291c,	/* rindex */
jvdias ae5aa7a 
-	0x0004280f,	/* sprintf */
jvdias ae5aa7a 
+	0x0004280d,	/* sprintf - WAS 0x0004280f before patch #26283 */
jvdias ae5aa7a 
 	0x00042805,	/* formline */
jvdias ae5aa7a 
 	0x0001379e,	/* ord */
jvdias ae5aa7a 
 	0x0001378e,	/* chr */
jvdias ae5aa7a 
--- perl-5.8.7/op.c.CVE-2005-3962-bz174684	2005-04-22 10:12:32.000000000 -0400
jvdias c74188f 
+++ perl-5.8.7/op.c	2005-12-14 12:40:55.000000000 -0500
jvdias ae5aa7a 
@@ -2076,7 +2076,9 @@
jvdias ae5aa7a 
 	/* XXX might want a ck_negate() for this */
jvdias ae5aa7a 
 	cUNOPo->op_first->op_private &= ~OPpCONST_STRICT;
jvdias ae5aa7a 
 	break;
jvdias ae5aa7a 
-    case OP_SPRINTF:
jvdias ae5aa7a 
+/* Removed as part of fix for CVE-2005-3962 / Upstream patch 26283 :
jvdias ae5aa7a 
+ *   case OP_SPRINTF:
jvdias ae5aa7a 
+ */
jvdias ae5aa7a 
     case OP_UCFIRST:
jvdias ae5aa7a 
     case OP_LCFIRST:
jvdias ae5aa7a 
     case OP_UC:
jvdias ae5aa7a 
--- perl-5.8.7/makedef.pl.CVE-2005-3962-bz174684	2005-05-09 09:27:41.000000000 -0400
jvdias c74188f 
+++ perl-5.8.7/makedef.pl	2005-12-14 12:40:55.000000000 -0500
jvdias ae5aa7a 
@@ -635,11 +635,13 @@
jvdias ae5aa7a 
 		    )];
jvdias ae5aa7a 
 }
jvdias ae5aa7a
jvdias ae5aa7a 
-if ($define{'PERL_MALLOC_WRAP'}) {
jvdias ae5aa7a 
-    emit_symbols [qw(
jvdias ae5aa7a 
-		    PL_memory_wrap
jvdias ae5aa7a 
-		    )];
jvdias ae5aa7a 
-}
jvdias ae5aa7a 
+# Removed as part of fix for CVE-2005-3962 / CVE-2005-3962 /
jvdias ae5aa7a 
+# Upstream patch #26283
jvdias ae5aa7a 
+# if ($define{'PERL_MALLOC_WRAP'}) {
jvdias ae5aa7a 
+#    emit_symbols [qw(
jvdias ae5aa7a 
+#		    PL_memory_wrap
jvdias ae5aa7a 
+#		    )];
jvdias ae5aa7a 
+#}
jvdias ae5aa7a
jvdias ae5aa7a 
 unless ($define{'USE_5005THREADS'} || $define{'USE_ITHREADS'}) {
jvdias ae5aa7a 
     skip_symbols [qw(
jvdias ae5aa7a 
--- perl-5.8.7/ext/Sys/Syslog/Syslog.pm.CVE-2005-3962-bz174684	2005-04-22 07:53:56.000000000 -0400
jvdias c74188f 
+++ perl-5.8.7/ext/Sys/Syslog/Syslog.pm	2005-12-14 12:40:55.000000000 -0500
jvdias ae5aa7a 
@@ -1,14 +1,13 @@
jvdias ae5aa7a 
 package Sys::Syslog;
jvdias ae5aa7a 
 require 5.006;
jvdias ae5aa7a 
 require Exporter;
jvdias ae5aa7a 
-require DynaLoader;
jvdias ae5aa7a 
 use Carp;
jvdias ae5aa7a 
 use strict;
jvdias ae5aa7a
jvdias ae5aa7a 
-our @ISA = qw(Exporter DynaLoader);
jvdias ae5aa7a 
+our @ISA = qw(Exporter);
jvdias ae5aa7a 
 our @EXPORT = qw(openlog closelog setlogmask syslog);
jvdias ae5aa7a 
 our @EXPORT_OK = qw(setlogsock);
jvdias ae5aa7a 
-our $VERSION = '0.06';
jvdias ae5aa7a 
+our $VERSION = '0.08';
jvdias ae5aa7a
jvdias ae5aa7a 
 # it would be nice to try stream/unix first, since that will be
jvdias ae5aa7a 
 # most efficient. However streams are dodgy - see _syslog_send_stream
jvdias ae5aa7a 
@@ -54,26 +53,38 @@
jvdias ae5aa7a
jvdias ae5aa7a 
 =item openlog $ident, $logopt, $facility
jvdias ae5aa7a
jvdias ae5aa7a 
+Opens the syslog.
jvdias ae5aa7a 
 I<$ident> is prepended to every message.  I<$logopt> contains zero or
jvdias ae5aa7a 
 more of the words I<pid>, I<ndelay>, I<nowait>.  The cons option is
jvdias ae5aa7a 
 ignored, since the failover mechanism will drop down to the console
jvdias ae5aa7a 
 automatically if all other media fail.  I<$facility> specifies the
jvdias ae5aa7a 
 part of the system to report about, for example LOG_USER or LOG_LOCAL0:
jvdias ae5aa7a 
 see your C<syslog(3)> documentation for the facilities available in
jvdias ae5aa7a 
-your system.
jvdias ae5aa7a 
+your system. This function will croak if it can't connect to the syslog
jvdias ae5aa7a 
+daemon.
jvdias ae5aa7a
jvdias ae5aa7a 
 B<You should use openlog() before calling syslog().>
jvdias ae5aa7a
jvdias ae5aa7a 
+=item syslog $priority, $message
jvdias ae5aa7a 
+
jvdias ae5aa7a 
 =item syslog $priority, $format, @args
jvdias ae5aa7a
jvdias ae5aa7a 
-If I<$priority> permits, logs I<($format, @args)>
jvdias ae5aa7a 
-printed as by C<printf(3V)>, with the addition that I<%m>
jvdias ae5aa7a 
-is replaced with C<"$!"> (the latest error message).
jvdias ae5aa7a 
+If I<$priority> permits, logs I<$message> or I<sprintf($format, @args)>
jvdias ae5aa7a 
+with the addition that I<%m> in $message or $format is replaced with
jvdias ae5aa7a 
+C<"$!"> (the latest error message).
jvdias ae5aa7a
jvdias ae5aa7a 
 If you didn't use openlog() before using syslog(), syslog will try to
jvdias ae5aa7a 
 guess the I<$ident> by extracting the shortest prefix of I<$format>
jvdias ae5aa7a 
 that ends in a ":".
jvdias ae5aa7a
jvdias ae5aa7a 
+Note that Sys::Syslog version v0.07 and older passed the $message as
jvdias ae5aa7a 
+the formatting string to sprintf() even when no formatting arguments
jvdias ae5aa7a 
+were provided.  If the code calling syslog() might execute with older
jvdias ae5aa7a 
+versions of this module, make sure to call the function as
jvdias ae5aa7a 
+syslog($priority, "%s", $message) instead of syslog($priority,
jvdias ae5aa7a 
+$message).  This protects against hostile formatting sequences that
jvdias ae5aa7a 
+might show up if $message contains tainted data.
jvdias ae5aa7a 
+
jvdias ae5aa7a 
 =item setlogmask $mask_priority
jvdias ae5aa7a
jvdias ae5aa7a 
 Sets log mask I<$mask_priority> and returns the old mask.
jvdias ae5aa7a 
@@ -175,7 +186,8 @@
jvdias ae5aa7a 
     goto &$AUTOLOAD;
jvdias ae5aa7a 
 }
jvdias ae5aa7a
jvdias ae5aa7a 
-bootstrap Sys::Syslog $VERSION;
jvdias ae5aa7a 
+require XSLoader;
jvdias ae5aa7a 
+XSLoader::load('Sys::Syslog', $VERSION);
jvdias ae5aa7a
jvdias ae5aa7a 
 our $maskpri = &LOG_UPTO(&LOG_DEBUG);
jvdias ae5aa7a
jvdias ae5aa7a 
@@ -316,9 +328,16 @@
jvdias ae5aa7a
jvdias ae5aa7a 
     $whoami .= "[$$]" if our $lo_pid;
jvdias ae5aa7a
jvdias ae5aa7a 
-    $mask =~ s/(?
jvdias ae5aa7a 
+    if ($mask =~ /%m/) {
jvdias ae5aa7a 
+	my $err = $!;
jvdias ae5aa7a 
+	# escape percent signs if sprintf will be called
jvdias ae5aa7a 
+	$err =~ s/%/%%/g if @_;
jvdias ae5aa7a 
+	# replace %m with $err, if preceded by an even number of percent signs
jvdias ae5aa7a 
+	$mask =~ s/(?
jvdias ae5aa7a 
+    }
jvdias ae5aa7a 
+
jvdias ae5aa7a 
     $mask .= "\n" unless $mask =~ /\n$/;
jvdias ae5aa7a 
-    $message = sprintf ($mask, @_);
jvdias ae5aa7a 
+    $message = @_ ? sprintf($mask, @_) : $mask;
jvdias ae5aa7a
jvdias ae5aa7a 
     $sum = $numpri + $numfac;
jvdias ae5aa7a 
     my $buf = "<$sum>$whoami: $message\0";
jvdias ae5aa7a 
--- perl-5.8.7/opcode.pl.CVE-2005-3962-bz174684	2004-12-01 08:54:30.000000000 -0500
jvdias c74188f 
+++ perl-5.8.7/opcode.pl	2005-12-14 12:40:55.000000000 -0500
jvdias ae5aa7a 
@@ -606,7 +606,7 @@
jvdias ae5aa7a 
 index		index			ck_index	isT@	S S S?
jvdias ae5aa7a 
 rindex		rindex			ck_index	isT@	S S S?
jvdias ae5aa7a
jvdias ae5aa7a 
-sprintf		sprintf			ck_fun		mfst@	S L
jvdias ae5aa7a 
+sprintf		sprintf			ck_fun		mst@	S L
jvdias ae5aa7a 
 formline	formline		ck_fun		ms@	S L
jvdias ae5aa7a 
 ord		ord			ck_fun		ifsTu%	S?
jvdias ae5aa7a 
 chr		chr			ck_fun		fsTu%	S?
jvdias ae5aa7a 
--- perl-5.8.7/handy.h.CVE-2005-3962-bz174684	2005-04-20 12:33:28.000000000 -0400
jvdias c74188f 
+++ perl-5.8.7/handy.h	2005-12-14 12:40:55.000000000 -0500
jvdias ae5aa7a 
@@ -598,91 +598,65 @@
jvdias ae5aa7a
jvdias ae5aa7a 
 =cut */
jvdias ae5aa7a
jvdias ae5aa7a 
-#ifndef lint
jvdias ae5aa7a 
-
jvdias ae5aa7a 
 #define NEWSV(x,len)	newSV(len)
jvdias ae5aa7a
jvdias ae5aa7a 
 #ifdef PERL_MALLOC_WRAP
jvdias ae5aa7a 
 #define MEM_WRAP_CHECK(n,t) \
jvdias ae5aa7a 
-	(void)((n)>((MEM_SIZE)~0)/sizeof(t)?(Perl_croak_nocontext(PL_memory_wrap),0):0)
jvdias ae5aa7a 
+	(void)((sizeof(t)>1?(n):1)>((MEM_SIZE)~0)/sizeof(t)?(Perl_croak_nocontext(PL_memory_wrap),0):0)
jvdias ae5aa7a 
 #define MEM_WRAP_CHECK_1(n,t,a) \
jvdias ae5aa7a 
-	(void)((n)>((MEM_SIZE)~0)/sizeof(t)?(Perl_croak_nocontext(a),0):0)
jvdias ae5aa7a 
+	(void)((sizeof(t)>1?(n):1)>((MEM_SIZE)~0)/sizeof(t)?(Perl_croak_nocontext(a),0):0)
jvdias ae5aa7a 
 #define MEM_WRAP_CHECK_2(n,t,a,b) \
jvdias ae5aa7a 
-	(void)((n)>((MEM_SIZE)~0)/sizeof(t)?(Perl_croak_nocontext(a,b),0):0)
jvdias ae5aa7a 
+	(void)((sizeof(t)>1?(n):1)>((MEM_SIZE)~0)/sizeof(t)?(Perl_croak_nocontext(a,b),0):0)
jvdias ae5aa7a 
+#define MEM_WRAP_CHECK_(n,t) MEM_WRAP_CHECK(n,t),
jvdias ae5aa7a
jvdias ae5aa7a 
-#define New(x,v,n,t)	(v = (MEM_WRAP_CHECK(n,t), (t*)safemalloc((MEM_SIZE)((n)*sizeof(t)))))
jvdias ae5aa7a 
-#define Newc(x,v,n,t,c)	(v = (MEM_WRAP_CHECK(n,t), (c*)safemalloc((MEM_SIZE)((n)*sizeof(t)))))
jvdias ae5aa7a 
-#define Newz(x,v,n,t)	(v = (MEM_WRAP_CHECK(n,t), (t*)safemalloc((MEM_SIZE)((n)*sizeof(t))))), \
jvdias ae5aa7a 
-			memzero((char*)(v), (n)*sizeof(t))
jvdias ae5aa7a 
-#define Renew(v,n,t) \
jvdias ae5aa7a 
-	  (v = (MEM_WRAP_CHECK(n,t), (t*)saferealloc((Malloc_t)(v),(MEM_SIZE)((n)*sizeof(t)))))
jvdias ae5aa7a 
-#define Renewc(v,n,t,c) \
jvdias ae5aa7a 
-	  (v = (MEM_WRAP_CHECK(n,t), (c*)saferealloc((Malloc_t)(v),(MEM_SIZE)((n)*sizeof(t)))))
jvdias ae5aa7a 
-#define Safefree(d)	safefree((Malloc_t)(d))
jvdias ae5aa7a 
-
jvdias ae5aa7a 
-#define Move(s,d,n,t)	(MEM_WRAP_CHECK(n,t), (void)memmove((char*)(d),(char*)(s), (n) * sizeof(t)))
jvdias ae5aa7a 
-#define Copy(s,d,n,t)	(MEM_WRAP_CHECK(n,t), (void)memcpy((char*)(d),(char*)(s), (n) * sizeof(t)))
jvdias ae5aa7a 
-#define Zero(d,n,t)	(MEM_WRAP_CHECK(n,t), (void)memzero((char*)(d), (n) * sizeof(t)))
jvdias ae5aa7a 
-
jvdias ae5aa7a 
-#define MoveD(s,d,n,t)	(MEM_WRAP_CHECK(n,t), memmove((char*)(d),(char*)(s), (n) * sizeof(t)))
jvdias ae5aa7a 
-#define CopyD(s,d,n,t)	(MEM_WRAP_CHECK(n,t), memcpy((char*)(d),(char*)(s), (n) * sizeof(t)))
jvdias ae5aa7a 
-#ifdef HAS_MEMSET
jvdias ae5aa7a 
-#define ZeroD(d,n,t)	(MEM_WRAP_CHECK(n,t), memzero((char*)(d), (n) * sizeof(t)))
jvdias ae5aa7a 
-#else
jvdias ae5aa7a 
-/* Using bzero(), which returns void.  */
jvdias ae5aa7a 
-#define ZeroD(d,n,t)	(MEM_WRAP_CHECK(n,t), memzero((char*)(d), (n) * sizeof(t)),d)
jvdias ae5aa7a 
-#endif
jvdias ae5aa7a 
-
jvdias ae5aa7a 
-#define Poison(d,n,t)	(MEM_WRAP_CHECK(n,t), (void)memset((char*)(d), 0xAB, (n) * sizeof(t)))
jvdias ae5aa7a 
+#define PERL_STRLEN_ROUNDUP(n) ((void)(((n) > (MEM_SIZE)~0 - 2 * PERL_STRLEN_ROUNDUP_QUANTUM) ? (Perl_croak_nocontext(PL_memory_wrap),0):0),((n-1+PERL_STRLEN_ROUNDUP_QUANTUM)&~((MEM_SIZE)PERL_STRLEN_ROUNDUP_QUANTUM-1)))
jvdias ae5aa7a
jvdias ae5aa7a 
 #else
jvdias ae5aa7a
jvdias ae5aa7a 
 #define MEM_WRAP_CHECK(n,t)
jvdias ae5aa7a 
 #define MEM_WRAP_CHECK_1(n,t,a)
jvdias ae5aa7a 
 #define MEM_WRAP_CHECK_2(n,t,a,b)
jvdias ae5aa7a 
+#define MEM_WRAP_CHECK_(n,t)
jvdias ae5aa7a 
+
jvdias ae5aa7a 
+#define PERL_STRLEN_ROUNDUP(n) (((n-1+PERL_STRLEN_ROUNDUP_QUANTUM)&~((MEM_SIZE)PERL_STRLEN_ROUNDUP_QUANTUM-1)))
jvdias ae5aa7a
jvdias ae5aa7a 
-#define New(x,v,n,t)	(v = (t*)safemalloc((MEM_SIZE)((n)*sizeof(t))))
jvdias ae5aa7a 
-#define Newc(x,v,n,t,c)	(v = (c*)safemalloc((MEM_SIZE)((n)*sizeof(t))))
jvdias ae5aa7a 
-#define Newz(x,v,n,t)	(v = (t*)safemalloc((MEM_SIZE)((n)*sizeof(t)))), \
jvdias ae5aa7a 
+#endif
jvdias ae5aa7a 
+
jvdias ae5aa7a 
+#define Newx(v,n,t)	(v = (MEM_WRAP_CHECK_(n,t) (t*)safemalloc((MEM_SIZE)((n)*sizeof(t)))))
jvdias ae5aa7a 
+#define Newxc(v,n,t,c)	(v = (MEM_WRAP_CHECK_(n,t) (c*)safemalloc((MEM_SIZE)((n)*sizeof(t)))))
jvdias ae5aa7a 
+#define Newxz(v,n,t)	(v = (MEM_WRAP_CHECK_(n,t) (t*)safemalloc((MEM_SIZE)((n)*sizeof(t))))), \
jvdias ae5aa7a 
 			memzero((char*)(v), (n)*sizeof(t))
jvdias ae5aa7a 
+/* pre 5.9.x compatibility */
jvdias ae5aa7a 
+#define New(x,v,n,t)	Newx(v,n,t)
jvdias ae5aa7a 
+#define Newc(x,v,n,t,c)	Newxc(v,n,t,c)
jvdias ae5aa7a 
+#define Newz(x,v,n,t)	Newxz(v,n,t)
jvdias ae5aa7a 
+
jvdias ae5aa7a 
 #define Renew(v,n,t) \
jvdias ae5aa7a 
-	  (v = (t*)saferealloc((Malloc_t)(v),(MEM_SIZE)((n)*sizeof(t))))
jvdias ae5aa7a 
+	  (v = (MEM_WRAP_CHECK_(n,t) (t*)saferealloc((Malloc_t)(v),(MEM_SIZE)((n)*sizeof(t)))))
jvdias ae5aa7a 
 #define Renewc(v,n,t,c) \
jvdias ae5aa7a 
-	  (v = (c*)saferealloc((Malloc_t)(v),(MEM_SIZE)((n)*sizeof(t))))
jvdias ae5aa7a 
-#define Safefree(d)	safefree((Malloc_t)(d))
jvdias ae5aa7a 
-
jvdias ae5aa7a 
-#define Move(s,d,n,t)	(void)memmove((char*)(d),(char*)(s), (n) * sizeof(t))
jvdias ae5aa7a 
-#define Copy(s,d,n,t)	(void)memcpy((char*)(d),(char*)(s), (n) * sizeof(t))
jvdias ae5aa7a 
-#define Zero(d,n,t)	(void)memzero((char*)(d), (n) * sizeof(t))
jvdias ae5aa7a 
+	  (v = (MEM_WRAP_CHECK_(n,t) (c*)saferealloc((Malloc_t)(v),(MEM_SIZE)((n)*sizeof(t)))))
jvdias ae5aa7a
jvdias ae5aa7a 
-#define MoveD(s,d,n,t)	memmove((char*)(d),(char*)(s), (n) * sizeof(t))
jvdias ae5aa7a 
-#define CopyD(s,d,n,t)	memcpy((char*)(d),(char*)(s), (n) * sizeof(t))
jvdias ae5aa7a 
-#ifdef HAS_MEMSET
jvdias ae5aa7a 
-#define ZeroD(d,n,t)	memzero((char*)(d), (n) * sizeof(t))
jvdias ae5aa7a 
+#ifdef PERL_POISON
jvdias ae5aa7a 
+#define Safefree(d) \
jvdias ae5aa7a 
+  (d ? (void)(safefree((Malloc_t)(d)), Poison(&(d), 1, Malloc_t)) : (void) 0)
jvdias ae5aa7a 
 #else
jvdias ae5aa7a 
-#define ZeroD(d,n,t)	((void)memzero((char*)(d), (n) * sizeof(t)),d)
jvdias ae5aa7a 
+#define Safefree(d)	safefree((Malloc_t)(d))
jvdias ae5aa7a 
 #endif
jvdias ae5aa7a
jvdias ae5aa7a 
-#define Poison(d,n,t)	(void)memset((char*)(d), 0xAB, (n) * sizeof(t))
jvdias ae5aa7a 
+#define Move(s,d,n,t)	(MEM_WRAP_CHECK_(n,t) (void)memmove((char*)(d),(const char*)(s), (n) * sizeof(t)))
jvdias ae5aa7a 
+#define Copy(s,d,n,t)	(MEM_WRAP_CHECK_(n,t) (void)memcpy((char*)(d),(const char*)(s), (n) * sizeof(t)))
jvdias ae5aa7a 
+#define Zero(d,n,t)	(MEM_WRAP_CHECK_(n,t) (void)memzero((char*)(d), (n) * sizeof(t)))
jvdias ae5aa7a
jvdias ae5aa7a 
+#define MoveD(s,d,n,t)	(MEM_WRAP_CHECK_(n,t) memmove((char*)(d),(const char*)(s), (n) * sizeof(t)))
jvdias ae5aa7a 
+#define CopyD(s,d,n,t)	(MEM_WRAP_CHECK_(n,t) memcpy((char*)(d),(const char*)(s), (n) * sizeof(t)))
jvdias ae5aa7a 
+#ifdef HAS_MEMSET
jvdias ae5aa7a 
+#define ZeroD(d,n,t)	(MEM_WRAP_CHECK_(n,t) memzero((char*)(d), (n) * sizeof(t)))
jvdias ae5aa7a 
+#else
jvdias ae5aa7a 
+/* Using bzero(), which returns void.  */
jvdias ae5aa7a 
+#define ZeroD(d,n,t)	(MEM_WRAP_CHECK_(n,t) memzero((char*)(d), (n) * sizeof(t)),d)
jvdias ae5aa7a 
 #endif
jvdias ae5aa7a
jvdias ae5aa7a 
-#else /* lint */
jvdias ae5aa7a 
-
jvdias ae5aa7a 
-#define New(x,v,n,s)	(v = Null(s *))
jvdias ae5aa7a 
-#define Newc(x,v,n,s,c)	(v = Null(s *))
jvdias ae5aa7a 
-#define Newz(x,v,n,s)	(v = Null(s *))
jvdias ae5aa7a 
-#define Renew(v,n,s)	(v = Null(s *))
jvdias ae5aa7a 
-#define Move(s,d,n,t)
jvdias ae5aa7a 
-#define Copy(s,d,n,t)
jvdias ae5aa7a 
-#define Zero(d,n,t)
jvdias ae5aa7a 
-#define MoveD(s,d,n,t)	d
jvdias ae5aa7a 
-#define CopyD(s,d,n,t)	d
jvdias ae5aa7a 
-#define ZeroD(d,n,t)	d
jvdias ae5aa7a 
-#define Poison(d,n,t)
jvdias ae5aa7a 
-#define Safefree(d)	(d) = (d)
jvdias ae5aa7a 
-
jvdias ae5aa7a 
-#endif /* lint */
jvdias ae5aa7a 
+#define Poison(d,n,t)	(MEM_WRAP_CHECK_(n,t) (void)memset((char*)(d), 0xAB, (n) * sizeof(t)))
jvdias ae5aa7a
jvdias ae5aa7a 
 #ifdef USE_STRUCT_COPY
jvdias ae5aa7a 
 #define StructCopy(s,d,t) (*((t*)(d)) = *((t*)(s)))
jvdias c74188f 
--- perl-5.8.7/perl.h.CVE-2005-3962-bz174684	2005-12-14 12:40:55.000000000 -0500
jvdias c74188f 
+++ perl-5.8.7/perl.h	2005-12-14 12:40:55.000000000 -0500
jvdias ae5aa7a 
@@ -720,6 +720,13 @@
jvdias ae5aa7a
jvdias ae5aa7a 
 #define MEM_SIZE Size_t
jvdias ae5aa7a
jvdias ae5aa7a 
+/* Round all values passed to malloc up, by default to a multiple of
jvdias ae5aa7a 
+   sizeof(size_t)
jvdias ae5aa7a 
+*/
jvdias ae5aa7a 
+#ifndef PERL_STRLEN_ROUNDUP_QUANTUM
jvdias ae5aa7a 
+#define PERL_STRLEN_ROUNDUP_QUANTUM Size_t_size
jvdias ae5aa7a 
+#endif
jvdias ae5aa7a 
+
jvdias ae5aa7a 
 #if defined(STANDARD_C) && defined(I_STDDEF)
jvdias ae5aa7a 
 #   include <stddef.h>
jvdias ae5aa7a 
 #   define STRUCT_OFFSET(s,m)  offsetof(s,m)
jvdias ae5aa7a 
@@ -3332,10 +3339,8 @@
jvdias ae5aa7a 
   INIT("\"my\" variable %s can't be in a package");
jvdias ae5aa7a 
 EXTCONST char PL_no_localize_ref[]
jvdias ae5aa7a 
   INIT("Can't localize through a reference");
jvdias ae5aa7a 
-#ifdef PERL_MALLOC_WRAP
jvdias ae5aa7a 
 EXTCONST char PL_memory_wrap[]
jvdias ae5aa7a 
   INIT("panic: memory wrap");
jvdias ae5aa7a 
-#endif
jvdias ae5aa7a
jvdias ae5aa7a 
 EXTCONST char PL_uuemap[65]
jvdias ae5aa7a 
   INIT("`!\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_");
jvdias 59c4848 
--- perl-5.8.7/sv.c.CVE-2005-3962-bz174684	2005-05-27 06:38:11.000000000 -0400
jvdias c74188f 
+++ perl-5.8.7/sv.c	2005-12-14 12:48:45.000000000 -0500
jvdias c74188f 
@@ -8589,9 +8589,12 @@
jvdias c74188f 
 	    if (vectorarg) {
jvdias c74188f 
 		if (args)
jvdias c74188f 
 		    vecsv = va_arg(*args, SV*);
jvdias c74188f 
-		else
jvdias c74188f 
-		    vecsv = (evix ? evix <= svmax : svix < svmax) ?
jvdias c74188f 
-			svargs[evix ? evix-1 : svix++] : &PL_sv_undef;
jvdias c74188f 
+		else if (evix) {
jvdias c74188f 
+		    vecsv = (evix > 0 && evix <= svmax)
jvdias c74188f 
+			? svargs[evix-1] : &PL_sv_undef;
jvdias c74188f 
+		} else {
jvdias c74188f 
+		    vecsv = svix < svmax ? svargs[svix++] : &PL_sv_undef;
jvdias c74188f 
+		}
jvdias c74188f 
 		dotstr = SvPVx(vecsv, dotstrlen);
jvdias c74188f 
 		if (DO_UTF8(vecsv))
jvdias c74188f 
 		    is_utf8 = TRUE;
jvdias c74188f 
@@ -8601,12 +8604,13 @@
jvdias c74188f 
 		vecstr = (U8*)SvPVx(vecsv,veclen);
jvdias c74188f 
 		vec_utf8 = DO_UTF8(vecsv);
jvdias c74188f 
 	    }
jvdias c74188f 
-	    else if (efix ? efix <= svmax : svix < svmax) {
jvdias c74188f 
+	    else if (efix ? (efix > 0 && efix <= svmax) : svix < svmax) {
jvdias c74188f 
 		vecsv = svargs[efix ? efix-1 : svix++];
jvdias c74188f 
 		vecstr = (U8*)SvPVx(vecsv,veclen);
jvdias c74188f 
 		vec_utf8 = DO_UTF8(vecsv);
jvdias c74188f 
 	    }
jvdias c74188f 
 	    else {
jvdias c74188f 
+		vecsv = &PL_sv_undef;
jvdias c74188f 
 		vecstr = (U8*)"";
jvdias c74188f 
 		veclen = 0;
jvdias c74188f 
 	    }
jvdias c74188f 
@@ -8707,9 +8711,15 @@
jvdias 59c4848
jvdias 59c4848 
 	if (vectorize)
jvdias 59c4848 
 	    argsv = vecsv;
jvdias 59c4848 
-	else if (!args)
jvdias 59c4848 
-	    argsv = (efix ? efix <= svmax : svix < svmax) ?
jvdias 59c4848 
-		    svargs[efix ? efix-1 : svix++] : &PL_sv_undef;
jvdias 59c4848 
+	else if (!args) {
jvdias ae5aa7a 
+	    if (efix) {
jvdias ae5aa7a 
+		const I32 i = efix-1;
jvdias ae5aa7a 
+		argsv = (i >= 0 && i < svmax) ? svargs[i] : &PL_sv_undef;
jvdias ae5aa7a 
+	    } else {
jvdias ae5aa7a 
+		argsv = (svix >= 0 && svix < svmax)
jvdias ae5aa7a 
+		    ? svargs[svix++] : &PL_sv_undef;
jvdias ae5aa7a 
+	    }
jvdias 59c4848 
+	}
jvdias 59c4848
jvdias 59c4848 
 	switch (c = *q++) {
jvdias 59c4848
jvdias c74188f 
@@ -8972,6 +8982,8 @@
jvdias ae5aa7a 
 		    *--eptr = '0';
jvdias ae5aa7a 
 		break;
jvdias ae5aa7a 
 	    case 2:
jvdias ae5aa7a 
+		if (!uv)
jvdias ae5aa7a 
+		    alt = FALSE;
jvdias ae5aa7a 
 		do {
jvdias ae5aa7a 
 		    dig = uv & 1;
jvdias ae5aa7a 
 		    *--eptr = '0' + dig;
jvdias c74188f 
@@ -9274,6 +9286,8 @@
jvdias ae5aa7a
jvdias ae5aa7a 
 	/* calculate width before utf8_upgrade changes it */
jvdias ae5aa7a 
 	have = esignlen + zeros + elen;
jvdias ae5aa7a 
+	if (have < zeros)
jvdias ae5aa7a 
+	    Perl_croak_nocontext(PL_memory_wrap);
jvdias ae5aa7a
jvdias ae5aa7a 
 	if (is_utf8 != has_utf8) {
jvdias ae5aa7a 
 	     if (is_utf8) {
jvdias c74188f 
@@ -9301,6 +9315,9 @@
jvdias ae5aa7a 
 	need = (have > width ? have : width);
jvdias ae5aa7a 
 	gap = need - have;
jvdias ae5aa7a
jvdias ae5aa7a 
+	if (need >= (((STRLEN)~0) - SvCUR(sv) - dotstrlen - 1))
jvdias ae5aa7a 
+	    Perl_croak_nocontext(PL_memory_wrap);
jvdias ae5aa7a 
+
jvdias ae5aa7a 
 	SvGROW(sv, SvCUR(sv) + need + dotstrlen + 1);
jvdias ae5aa7a 
 	p = SvEND(sv);
jvdias ae5aa7a 
 	if (esignlen && fill == '0') {
jvdias c74188f 
--- perl-5.8.7/globvar.sym.CVE-2005-3962-bz174684	2000-08-14 11:22:14.000000000 -0400
jvdias c74188f 
+++ perl-5.8.7/globvar.sym	2005-12-14 12:51:12.000000000 -0500
jvdias c74188f 
@@ -66,3 +66,4 @@
jvdias c74188f 
 vtbl_collxfrm
jvdias c74188f 
 vtbl_amagic
jvdias c74188f 
 vtbl_amagicelem
jvdias c74188f 
+memory_wrap
Powered by Pagure 5.13.3
DocumentationFile an IssueAbout this InstanceSSH Hostkey/Fingerprint
© Red Hat, Inc. and others.