author | Mike Sullivan <Mike.Sullivan@Oracle.COM> |
Wed, 29 Aug 2012 11:05:56 -0700 | |
changeset 957 | 255465c5756f |
parent 600 | 5828c439789b |
permissions | -rw-r--r-- |
600
5828c439789b
7111771 Problem with utility/perl
Vladimir Marek <Vladimir.Marek@oracle.com>
parents:
diff
changeset
|
1 |
# |
5828c439789b
7111771 Problem with utility/perl
Vladimir Marek <Vladimir.Marek@oracle.com>
parents:
diff
changeset
|
2 |
# CVE-2011-2939 |
5828c439789b
7111771 Problem with utility/perl
Vladimir Marek <Vladimir.Marek@oracle.com>
parents:
diff
changeset
|
3 |
# http://perl5.git.perl.org/perl.git/commitdiff/e46d973584785af1f445c4dedbee4243419cb860#patch5 |
5828c439789b
7111771 Problem with utility/perl
Vladimir Marek <Vladimir.Marek@oracle.com>
parents:
diff
changeset
|
4 |
# https://bugzilla.redhat.com/show_bug.cgi?id=731246 |
5828c439789b
7111771 Problem with utility/perl
Vladimir Marek <Vladimir.Marek@oracle.com>
parents:
diff
changeset
|
5 |
# |
5828c439789b
7111771 Problem with utility/perl
Vladimir Marek <Vladimir.Marek@oracle.com>
parents:
diff
changeset
|
6 |
--- perl-5.12.3/cpan/Encode/Unicode/Unicode.xs.old 2011-11-15 22:37:18.836023493 -0800 |
5828c439789b
7111771 Problem with utility/perl
Vladimir Marek <Vladimir.Marek@oracle.com>
parents:
diff
changeset
|
7 |
+++ perl-5.12.3/cpan/Encode/Unicode/Unicode.xs 2011-11-15 22:40:56.191609987 -0800 |
5828c439789b
7111771 Problem with utility/perl
Vladimir Marek <Vladimir.Marek@oracle.com>
parents:
diff
changeset
|
8 |
@@ -246,7 +246,10 @@ |
5828c439789b
7111771 Problem with utility/perl
Vladimir Marek <Vladimir.Marek@oracle.com>
parents:
diff
changeset
|
9 |
This prevents allocating too much in the rogue case of a large |
5828c439789b
7111771 Problem with utility/perl
Vladimir Marek <Vladimir.Marek@oracle.com>
parents:
diff
changeset
|
10 |
input consisting initially of long sequence uft8-byte unicode |
5828c439789b
7111771 Problem with utility/perl
Vladimir Marek <Vladimir.Marek@oracle.com>
parents:
diff
changeset
|
11 |
chars followed by single utf8-byte chars. */ |
5828c439789b
7111771 Problem with utility/perl
Vladimir Marek <Vladimir.Marek@oracle.com>
parents:
diff
changeset
|
12 |
- STRLEN remaining = (e - s)/usize; |
5828c439789b
7111771 Problem with utility/perl
Vladimir Marek <Vladimir.Marek@oracle.com>
parents:
diff
changeset
|
13 |
+ /* +1 |
5828c439789b
7111771 Problem with utility/perl
Vladimir Marek <Vladimir.Marek@oracle.com>
parents:
diff
changeset
|
14 |
+ fixes Unicode.xs!decode_xs n-byte heap-overflow |
5828c439789b
7111771 Problem with utility/perl
Vladimir Marek <Vladimir.Marek@oracle.com>
parents:
diff
changeset
|
15 |
+ */ |
5828c439789b
7111771 Problem with utility/perl
Vladimir Marek <Vladimir.Marek@oracle.com>
parents:
diff
changeset
|
16 |
+ STRLEN remaining = (e - s)/usize + 1; /* +1 to avoid the leak */ |
5828c439789b
7111771 Problem with utility/perl
Vladimir Marek <Vladimir.Marek@oracle.com>
parents:
diff
changeset
|
17 |
STRLEN max_alloc = remaining + (8*1024*1024); |
5828c439789b
7111771 Problem with utility/perl
Vladimir Marek <Vladimir.Marek@oracle.com>
parents:
diff
changeset
|
18 |
STRLEN est_alloc = remaining * UTF8_MAXLEN; |
5828c439789b
7111771 Problem with utility/perl
Vladimir Marek <Vladimir.Marek@oracle.com>
parents:
diff
changeset
|
19 |
STRLEN newlen = SvLEN(result) + /* min(max_alloc, est_alloc) */ |