MIRRORS/poky
1
0
Fork 0
mirror of git://git.yoctoproject.org/poky.git synced 2025-07-19 12:59:02 +02:00
Code Issues Actions Packages Projects Releases Wiki Activity

perl: fix CVE-2012-6329

Browse Source 
From http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-6329:
"The _compile function in Maketext.pm in the Locale::Maketext implementation in
Perl before 5.17.7 does not properly handle backslashes and fully qualified
method names during compilation of bracket notation, which allows
context-dependent attackers to execute arbitrary commands via crafted input to
an application."

Patches taken from upstream git.

(From OE-Core rev: b585a50b7bd735c3092af9477af263c13c853d32)

Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
This commit is contained in:
Ross Burton 2013-04-29 15:25:02 +01:00 committed by Richard Purdie
parent 2cc162ac12
commit 23f3663842
2 changed files with 72 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

71
meta/recipes-devtools/perl/perl-5.14.2/cve-2012-6329.patch Normal file
View File

@ -0,0 +1,71 @@
Upstream-Status: Backport
Signed-off-by: Ross Burton <ross.burton@intel.com>
From 1735f6f53ca19f99c6e9e39496c486af323ba6a8 Mon Sep 17 00:00:00 2001
From: Brian Carlson <brian.carlson@cpanel.net>
Date: Wed, 28 Nov 2012 08:54:33 -0500
Subject: [PATCH] Fix misparsing of maketext strings.
Case 61251: This commit fixes a misparse of maketext strings that could
lead to arbitrary code execution. Basically, maketext was compiling
bracket notation into functions, but neglected to escape backslashes
inside the content or die on fully-qualified method names when
generating the code. This change escapes all such backslashes and dies
when a method name with a colon or apostrophe is specified.
---
AUTHORS | 1 +
dist/Locale-Maketext/lib/Locale/Maketext.pm | 24 ++++++++----------------
2 files changed, 9 insertions(+), 16 deletions(-)
diff --git a/dist/Locale-Maketext/lib/Locale/Maketext.pm b/dist/Locale-Maketext/lib/Locale/Maketext.pm
index 4822027..63e5fba 100644
--- a/dist/Locale-Maketext/lib/Locale/Maketext.pm
+++ b/dist/Locale-Maketext/lib/Locale/Maketext.pm
@@ -625,21 +625,9 @@ sub _compile {
# 0-length method name means to just interpolate:
push @code, ' (';
}
- elsif($m =~ /^\w+(?:\:\:\w+)*$/s
- and $m !~ m/(?:^|\:)\d/s
- # exclude starting a (sub)package or symbol with a digit
+ elsif($m =~ /^\w+$/s
+ # exclude anything fancy, especially fully-qualified module names
) {
- # Yes, it even supports the demented (and undocumented?)
- # $obj->Foo::bar(...) syntax.
- $target->_die_pointing(
- $string_to_compile, q{Can't use "SUPER::" in a bracket-group method},
- 2 + length($c[-1])
- )
- if $m =~ m/^SUPER::/s;
- # Because for SUPER:: to work, we'd have to compile this into
- # the right package, and that seems just not worth the bother,
- # unless someone convinces me otherwise.
-
push @code, ' $_[0]->' . $m . '(';
}
else {
@@ -693,7 +681,9 @@ sub _compile {
elsif(substr($1,0,1) ne '~') {
# it's stuff not containing "~" or "[" or "]"
# i.e., a literal blob
- $c[-1] .= $1;
+ my $text = $1;
+ $text =~ s/\\/\\\\/g;
+ $c[-1] .= $text;
}
elsif($1 eq '~~') { # "~~"
@@ -731,7 +721,9 @@ sub _compile {
else {
# It's a "~X" where X is not a special character.
# Consider it a literal ~ and X.
- $c[-1] .= $1;
+ my $text = $1;
+ $text =~ s/\\/\\\\/g;
+ $c[-1] .= $text;
}
}
}
--
1.7.4.1

1
meta/recipes-devtools/perl/perl_5.14.2.bb
View File

@ -68,6 +68,7 @@ SRC_URI = "http://www.cpan.org/src/5.0/perl-${PV}.tar.gz \
file://perl-build-in-t-dir.patch \
file://perl-archlib-exp.patch \
file://perl-fix-CVE-2012-5195.patch \
file://cve-2012-6329.patch \
\
file://config.sh \
file://config.sh-32 \