[OE-core] [ROCKO][PATCH 27/34] perl: CVE-2018-6797
Jagadeesh Krishnanjanappa
jkrishnanjanappa at mvista.com
Wed Aug 22 11:18:05 UTC 2018
(perl #132227) restart a node if we change to uni rules within the node and encounter...
This could lead to a buffer overflow.
(cherry picked from commit a02c70e35d1313a5f4e245e8f863c810e991172d)
Affects perl >= 5.18 && perl <= 5.26
Signed-off-by: Jagadeesh Krishnanjanappa <jkrishnanjanappa at mvista.com>
---
.../recipes-devtools/perl/perl/CVE-2018-6797.patch | 45 ++++++++++++++++++++++
meta/recipes-devtools/perl/perl_5.24.1.bb | 1 +
2 files changed, 46 insertions(+)
create mode 100644 meta/recipes-devtools/perl/perl/CVE-2018-6797.patch
diff --git a/meta/recipes-devtools/perl/perl/CVE-2018-6797.patch b/meta/recipes-devtools/perl/perl/CVE-2018-6797.patch
new file mode 100644
index 0000000..b56ebd3
--- /dev/null
+++ b/meta/recipes-devtools/perl/perl/CVE-2018-6797.patch
@@ -0,0 +1,45 @@
+From abe1e6c568b96bcb382dfa4f61c56d1ab001ea51 Mon Sep 17 00:00:00 2001
+From: Karl Williamson <khw at cpan.org>
+Date: Fri, 2 Feb 2018 15:14:27 -0700
+Subject: [PATCH] (perl #132227) restart a node if we change to uni rules
+ within the node and encounter a sharp S
+
+This could lead to a buffer overflow.
+
+(cherry picked from commit a02c70e35d1313a5f4e245e8f863c810e991172d)
+
+CVE: CVE-2018-6797
+Upstream-Status: Backport [https://perl5.git.perl.org/perl.git/commitdiff/abe1e6c568b96bcb382dfa4f61c56d1ab001ea51]
+
+Signed-off-by: Jagadeesh Krishnanjanappa <jkrishnanjanappa at mvista.com>
+---
+ regcomp.c | 12 ++++++++++++
+ 1 file changed, 12 insertions(+)
+
+diff --git a/regcomp.c b/regcomp.c
+index 3b9550b10d..a7dee9a09e 100644
+--- a/regcomp.c
++++ b/regcomp.c
+@@ -13543,6 +13543,18 @@ S_regatom(pTHX_ RExC_state_t *pRExC_state, I32 *flagp, U32 depth)
+ * /u. This includes the multi-char fold SHARP S to
+ * 'ss' */
+ if (UNLIKELY(ender == LATIN_SMALL_LETTER_SHARP_S)) {
++
++ /* If the node started out having uni rules, we
++ * wouldn't have gotten here. So this means
++ * something in the middle has changed it, but
++ * didn't think it needed to reparse. But this
++ * sharp s now does indicate the need for
++ * reparsing. */
++ if (RExC_uni_semantics) {
++ p = oldp;
++ goto loopdone;
++ }
++
+ RExC_seen_unfolded_sharp_s = 1;
+ maybe_exactfu = FALSE;
+ }
+--
+2.15.1-424-g9478a660812
+
+
diff --git a/meta/recipes-devtools/perl/perl_5.24.1.bb b/meta/recipes-devtools/perl/perl_5.24.1.bb
index e696910..dafd268 100644
--- a/meta/recipes-devtools/perl/perl_5.24.1.bb
+++ b/meta/recipes-devtools/perl/perl_5.24.1.bb
@@ -70,6 +70,7 @@ SRC_URI += " \
file://CVE-2017-12837.patch \
file://CVE-2018-6798-1.patch \
file://CVE-2018-6798-2.patch \
+ file://CVE-2018-6797.patch \
"
# Fix test case issues
--
2.7.4
More information about the Openembedded-core
mailing list