* [oe][meta-oe][zeus][PATCH] perl: Fix CVE-2020-10543
@ 2020-06-29 2:21 De Huo
0 siblings, 0 replies; only message in thread
From: De Huo @ 2020-06-29 2:21 UTC (permalink / raw)
To: openembedded-devel; +Cc: de.huo
(CVE-2020-10543) On 32bit systems the size calculations for nested regular
expression quantifiers could overflow causing heap memory corruption.
Fixes: Perl/perl5-security#125
(cherry picked from commit bfd31397db5dc1a5c5d3e0a1f753a4f89a736e71)
Signed-off-by: De Huo <De.Huo@windriver.com>
---
.../perl/files/CVE-2020-10543.patch | 41 ++++++++++++++++++++++
meta/recipes-devtools/perl/perl_5.30.1.bb | 1 +
2 files changed, 42 insertions(+)
create mode 100644 meta/recipes-devtools/perl/files/CVE-2020-10543.patch
diff --git a/meta/recipes-devtools/perl/files/CVE-2020-10543.patch b/meta/recipes-devtools/perl/files/CVE-2020-10543.patch
new file mode 100644
index 0000000..c24ebc1
--- /dev/null
+++ b/meta/recipes-devtools/perl/files/CVE-2020-10543.patch
@@ -0,0 +1,41 @@
+From 897d1f7fd515b828e4b198d8b8bef76c6faf03ed Mon Sep 17 00:00:00 2001
+From: John Lightsey <jd@cpanel.net>
+Date: Wed, 20 Nov 2019 20:02:45 -0600
+Subject: [PATCH] regcomp.c: Prevent integer overflow from nested regex
+ quantifiers.
+
+(CVE-2020-10543) On 32bit systems the size calculations for nested regular
+expression quantifiers could overflow causing heap memory corruption.
+
+Fixes: Perl/perl5-security#125
+(cherry picked from commit bfd31397db5dc1a5c5d3e0a1f753a4f89a736e71)
+
+CVE: CVE-2020-10543
+Upstream-Status: Backport [https://github.com/perl/perl5/commit/897d1f7fd515b828e4b198d8b8bef76c6faf03ed]
+
+Signed-off-by: John Lightsey <jd@cpanel.net>
+Signed-off-by: De Huo <de.huo@windriver.com>
+---
+ regcomp.c | 6 ++++++
+ 1 file changed, 6 insertions(+)
+
+diff --git a/regcomp.c b/regcomp.c
+index 93c8d98..5f86be8 100644
+--- a/regcomp.c
++++ b/regcomp.c
+@@ -5489,6 +5489,12 @@ S_study_chunk(pTHX_ RExC_state_t *pRExC_state, regnode **scanp,
+ RExC_precomp)));
+ }
+
++ if ( ( minnext > 0 && mincount >= SSize_t_MAX / minnext )
++ || min >= SSize_t_MAX - minnext * mincount )
++ {
++ FAIL("Regexp out of space");
++ }
++
+ min += minnext * mincount;
+ is_inf_internal |= deltanext == SSize_t_MAX
+ || (maxcount == REG_INFTY && minnext + deltanext > 0);
+--
+1.9.1
+
diff --git a/meta/recipes-devtools/perl/perl_5.30.1.bb b/meta/recipes-devtools/perl/perl_5.30.1.bb
index 32746c7..ba9424c 100644
--- a/meta/recipes-devtools/perl/perl_5.30.1.bb
+++ b/meta/recipes-devtools/perl/perl_5.30.1.bb
@@ -23,6 +23,7 @@ SRC_URI = "https://www.cpan.org/src/5.0/perl-${PV}.tar.gz;name=perl \
file://0001-tests-adjust-to-correctly-exclude-unbuilt-extensions.patch \
file://determinism.patch \
file://racefix.patch \
+ file://CVE-2020-10543.patch \
"
SRC_URI_append_class-native = " \
file://perl-configpm-switch.patch \
--
1.9.1
^ permalink raw reply related [flat|nested] only message in thread
only message in thread, other threads:[~2020-06-29 2:22 UTC | newest]
Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2020-06-29 2:21 [oe][meta-oe][zeus][PATCH] perl: Fix CVE-2020-10543 De Huo
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.