| author | Petr Sumbera <petr.sumbera@oracle.com> |
| Fri, 12 Apr 2013 09:37:03 -0700 | |
| changeset 1262 | 878f258ea71e |
| parent 1206 | 8f71b436e7f7 |
| permissions | -rw-r--r-- |
|
1206
8f71b436e7f7
15820486 problem in UTILITY/PERL
Brian Cameron <brian.cameron@oracle.com>
parents:
diff
changeset
|
1 |
|
|
8f71b436e7f7
15820486 problem in UTILITY/PERL
Brian Cameron <brian.cameron@oracle.com>
parents:
diff
changeset
|
2 |
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-6329 |
|
8f71b436e7f7
15820486 problem in UTILITY/PERL
Brian Cameron <brian.cameron@oracle.com>
parents:
diff
changeset
|
3 |
CONFIRM:http://perl5.git.perl.org/perl.git/commit/1735f6f53ca19f99c6e9e39496c486af323ba6a8 |
|
8f71b436e7f7
15820486 problem in UTILITY/PERL
Brian Cameron <brian.cameron@oracle.com>
parents:
diff
changeset
|
4 |
|
|
8f71b436e7f7
15820486 problem in UTILITY/PERL
Brian Cameron <brian.cameron@oracle.com>
parents:
diff
changeset
|
5 |
From 1735f6f53ca19f99c6e9e39496c486af323ba6a8 Mon Sep 17 00:00:00 2001 |
|
8f71b436e7f7
15820486 problem in UTILITY/PERL
Brian Cameron <brian.cameron@oracle.com>
parents:
diff
changeset
|
6 |
From: Brian Carlson <[email protected]> |
|
8f71b436e7f7
15820486 problem in UTILITY/PERL
Brian Cameron <brian.cameron@oracle.com>
parents:
diff
changeset
|
7 |
Date: Wed, 28 Nov 2012 08:54:33 -0500 |
|
8f71b436e7f7
15820486 problem in UTILITY/PERL
Brian Cameron <brian.cameron@oracle.com>
parents:
diff
changeset
|
8 |
Subject: [PATCH] Fix misparsing of maketext strings. |
|
8f71b436e7f7
15820486 problem in UTILITY/PERL
Brian Cameron <brian.cameron@oracle.com>
parents:
diff
changeset
|
9 |
|
|
8f71b436e7f7
15820486 problem in UTILITY/PERL
Brian Cameron <brian.cameron@oracle.com>
parents:
diff
changeset
|
10 |
Case 61251: This commit fixes a misparse of maketext strings that could |
|
8f71b436e7f7
15820486 problem in UTILITY/PERL
Brian Cameron <brian.cameron@oracle.com>
parents:
diff
changeset
|
11 |
lead to arbitrary code execution. Basically, maketext was compiling |
|
8f71b436e7f7
15820486 problem in UTILITY/PERL
Brian Cameron <brian.cameron@oracle.com>
parents:
diff
changeset
|
12 |
bracket notation into functions, but neglected to escape backslashes |
|
8f71b436e7f7
15820486 problem in UTILITY/PERL
Brian Cameron <brian.cameron@oracle.com>
parents:
diff
changeset
|
13 |
inside the content or die on fully-qualified method names when |
|
8f71b436e7f7
15820486 problem in UTILITY/PERL
Brian Cameron <brian.cameron@oracle.com>
parents:
diff
changeset
|
14 |
generating the code. This change escapes all such backslashes and dies |
|
8f71b436e7f7
15820486 problem in UTILITY/PERL
Brian Cameron <brian.cameron@oracle.com>
parents:
diff
changeset
|
15 |
when a method name with a colon or apostrophe is specified. |
|
8f71b436e7f7
15820486 problem in UTILITY/PERL
Brian Cameron <brian.cameron@oracle.com>
parents:
diff
changeset
|
16 |
--- |
|
8f71b436e7f7
15820486 problem in UTILITY/PERL
Brian Cameron <brian.cameron@oracle.com>
parents:
diff
changeset
|
17 |
AUTHORS | 1 + |
|
8f71b436e7f7
15820486 problem in UTILITY/PERL
Brian Cameron <brian.cameron@oracle.com>
parents:
diff
changeset
|
18 |
dist/Locale-Maketext/lib/Locale/Maketext.pm | 24 ++++++++---------------- |
|
8f71b436e7f7
15820486 problem in UTILITY/PERL
Brian Cameron <brian.cameron@oracle.com>
parents:
diff
changeset
|
19 |
2 files changed, 9 insertions(+), 16 deletions(-) |
|
8f71b436e7f7
15820486 problem in UTILITY/PERL
Brian Cameron <brian.cameron@oracle.com>
parents:
diff
changeset
|
20 |
|
|
8f71b436e7f7
15820486 problem in UTILITY/PERL
Brian Cameron <brian.cameron@oracle.com>
parents:
diff
changeset
|
21 |
diff --git a/AUTHORS b/AUTHORS |
|
8f71b436e7f7
15820486 problem in UTILITY/PERL
Brian Cameron <brian.cameron@oracle.com>
parents:
diff
changeset
|
22 |
index 70734b0..009dea0 100644 |
|
8f71b436e7f7
15820486 problem in UTILITY/PERL
Brian Cameron <brian.cameron@oracle.com>
parents:
diff
changeset
|
23 |
--- a/AUTHORS |
|
8f71b436e7f7
15820486 problem in UTILITY/PERL
Brian Cameron <brian.cameron@oracle.com>
parents:
diff
changeset
|
24 |
+++ b/AUTHORS |
|
8f71b436e7f7
15820486 problem in UTILITY/PERL
Brian Cameron <brian.cameron@oracle.com>
parents:
diff
changeset
|
25 |
@@ -154,6 +154,7 @@ Breno G. de Oliveira <[email protected]> |
|
8f71b436e7f7
15820486 problem in UTILITY/PERL
Brian Cameron <brian.cameron@oracle.com>
parents:
diff
changeset
|
26 |
Brent Dax <[email protected]> |
|
8f71b436e7f7
15820486 problem in UTILITY/PERL
Brian Cameron <brian.cameron@oracle.com>
parents:
diff
changeset
|
27 |
Brooks D Boyd |
|
8f71b436e7f7
15820486 problem in UTILITY/PERL
Brian Cameron <brian.cameron@oracle.com>
parents:
diff
changeset
|
28 |
Brian Callaghan <[email protected]> |
|
8f71b436e7f7
15820486 problem in UTILITY/PERL
Brian Cameron <brian.cameron@oracle.com>
parents:
diff
changeset
|
29 |
+Brian Carlson <[email protected]> |
|
8f71b436e7f7
15820486 problem in UTILITY/PERL
Brian Cameron <brian.cameron@oracle.com>
parents:
diff
changeset
|
30 |
Brian Clarke <[email protected]> |
|
8f71b436e7f7
15820486 problem in UTILITY/PERL
Brian Cameron <brian.cameron@oracle.com>
parents:
diff
changeset
|
31 |
brian d foy <[email protected]> |
|
8f71b436e7f7
15820486 problem in UTILITY/PERL
Brian Cameron <brian.cameron@oracle.com>
parents:
diff
changeset
|
32 |
Brian Fraser <[email protected]> |
|
8f71b436e7f7
15820486 problem in UTILITY/PERL
Brian Cameron <brian.cameron@oracle.com>
parents:
diff
changeset
|
33 |
diff --git a/dist/Locale-Maketext/lib/Locale/Maketext.pm b/dist/Locale-Maketext/lib/Locale/Maketext.pm |
|
8f71b436e7f7
15820486 problem in UTILITY/PERL
Brian Cameron <brian.cameron@oracle.com>
parents:
diff
changeset
|
34 |
index 4822027..63e5fba 100644 |
|
8f71b436e7f7
15820486 problem in UTILITY/PERL
Brian Cameron <brian.cameron@oracle.com>
parents:
diff
changeset
|
35 |
--- a/dist/Locale-Maketext/lib/Locale/Maketext.pm |
|
8f71b436e7f7
15820486 problem in UTILITY/PERL
Brian Cameron <brian.cameron@oracle.com>
parents:
diff
changeset
|
36 |
+++ b/dist/Locale-Maketext/lib/Locale/Maketext.pm |
|
8f71b436e7f7
15820486 problem in UTILITY/PERL
Brian Cameron <brian.cameron@oracle.com>
parents:
diff
changeset
|
37 |
@@ -625,21 +625,9 @@ sub _compile {
|
|
8f71b436e7f7
15820486 problem in UTILITY/PERL
Brian Cameron <brian.cameron@oracle.com>
parents:
diff
changeset
|
38 |
# 0-length method name means to just interpolate: |
|
8f71b436e7f7
15820486 problem in UTILITY/PERL
Brian Cameron <brian.cameron@oracle.com>
parents:
diff
changeset
|
39 |
push @code, ' (';
|
|
8f71b436e7f7
15820486 problem in UTILITY/PERL
Brian Cameron <brian.cameron@oracle.com>
parents:
diff
changeset
|
40 |
} |
|
8f71b436e7f7
15820486 problem in UTILITY/PERL
Brian Cameron <brian.cameron@oracle.com>
parents:
diff
changeset
|
41 |
- elsif($m =~ /^\w+(?:\:\:\w+)*$/s |
|
8f71b436e7f7
15820486 problem in UTILITY/PERL
Brian Cameron <brian.cameron@oracle.com>
parents:
diff
changeset
|
42 |
- and $m !~ m/(?:^|\:)\d/s |
|
8f71b436e7f7
15820486 problem in UTILITY/PERL
Brian Cameron <brian.cameron@oracle.com>
parents:
diff
changeset
|
43 |
- # exclude starting a (sub)package or symbol with a digit |
|
8f71b436e7f7
15820486 problem in UTILITY/PERL
Brian Cameron <brian.cameron@oracle.com>
parents:
diff
changeset
|
44 |
+ elsif($m =~ /^\w+$/s |
|
8f71b436e7f7
15820486 problem in UTILITY/PERL
Brian Cameron <brian.cameron@oracle.com>
parents:
diff
changeset
|
45 |
+ # exclude anything fancy, especially fully-qualified module names |
|
8f71b436e7f7
15820486 problem in UTILITY/PERL
Brian Cameron <brian.cameron@oracle.com>
parents:
diff
changeset
|
46 |
) {
|
|
8f71b436e7f7
15820486 problem in UTILITY/PERL
Brian Cameron <brian.cameron@oracle.com>
parents:
diff
changeset
|
47 |
- # Yes, it even supports the demented (and undocumented?) |
|
8f71b436e7f7
15820486 problem in UTILITY/PERL
Brian Cameron <brian.cameron@oracle.com>
parents:
diff
changeset
|
48 |
- # $obj->Foo::bar(...) syntax. |
|
8f71b436e7f7
15820486 problem in UTILITY/PERL
Brian Cameron <brian.cameron@oracle.com>
parents:
diff
changeset
|
49 |
- $target->_die_pointing( |
|
8f71b436e7f7
15820486 problem in UTILITY/PERL
Brian Cameron <brian.cameron@oracle.com>
parents:
diff
changeset
|
50 |
- $string_to_compile, q{Can't use "SUPER::" in a bracket-group method},
|
|
8f71b436e7f7
15820486 problem in UTILITY/PERL
Brian Cameron <brian.cameron@oracle.com>
parents:
diff
changeset
|
51 |
- 2 + length($c[-1]) |
|
8f71b436e7f7
15820486 problem in UTILITY/PERL
Brian Cameron <brian.cameron@oracle.com>
parents:
diff
changeset
|
52 |
- ) |
|
8f71b436e7f7
15820486 problem in UTILITY/PERL
Brian Cameron <brian.cameron@oracle.com>
parents:
diff
changeset
|
53 |
- if $m =~ m/^SUPER::/s; |
|
8f71b436e7f7
15820486 problem in UTILITY/PERL
Brian Cameron <brian.cameron@oracle.com>
parents:
diff
changeset
|
54 |
- # Because for SUPER:: to work, we'd have to compile this into |
|
8f71b436e7f7
15820486 problem in UTILITY/PERL
Brian Cameron <brian.cameron@oracle.com>
parents:
diff
changeset
|
55 |
- # the right package, and that seems just not worth the bother, |
|
8f71b436e7f7
15820486 problem in UTILITY/PERL
Brian Cameron <brian.cameron@oracle.com>
parents:
diff
changeset
|
56 |
- # unless someone convinces me otherwise. |
|
8f71b436e7f7
15820486 problem in UTILITY/PERL
Brian Cameron <brian.cameron@oracle.com>
parents:
diff
changeset
|
57 |
- |
|
8f71b436e7f7
15820486 problem in UTILITY/PERL
Brian Cameron <brian.cameron@oracle.com>
parents:
diff
changeset
|
58 |
push @code, ' $_[0]->' . $m . '(';
|
|
8f71b436e7f7
15820486 problem in UTILITY/PERL
Brian Cameron <brian.cameron@oracle.com>
parents:
diff
changeset
|
59 |
} |
|
8f71b436e7f7
15820486 problem in UTILITY/PERL
Brian Cameron <brian.cameron@oracle.com>
parents:
diff
changeset
|
60 |
else {
|
|
8f71b436e7f7
15820486 problem in UTILITY/PERL
Brian Cameron <brian.cameron@oracle.com>
parents:
diff
changeset
|
61 |
@@ -693,7 +681,9 @@ sub _compile {
|
|
8f71b436e7f7
15820486 problem in UTILITY/PERL
Brian Cameron <brian.cameron@oracle.com>
parents:
diff
changeset
|
62 |
elsif(substr($1,0,1) ne '~') {
|
|
8f71b436e7f7
15820486 problem in UTILITY/PERL
Brian Cameron <brian.cameron@oracle.com>
parents:
diff
changeset
|
63 |
# it's stuff not containing "~" or "[" or "]" |
|
8f71b436e7f7
15820486 problem in UTILITY/PERL
Brian Cameron <brian.cameron@oracle.com>
parents:
diff
changeset
|
64 |
# i.e., a literal blob |
|
8f71b436e7f7
15820486 problem in UTILITY/PERL
Brian Cameron <brian.cameron@oracle.com>
parents:
diff
changeset
|
65 |
- $c[-1] .= $1; |
|
8f71b436e7f7
15820486 problem in UTILITY/PERL
Brian Cameron <brian.cameron@oracle.com>
parents:
diff
changeset
|
66 |
+ my $text = $1; |
|
8f71b436e7f7
15820486 problem in UTILITY/PERL
Brian Cameron <brian.cameron@oracle.com>
parents:
diff
changeset
|
67 |
+ $text =~ s/\\/\\\\/g; |
|
8f71b436e7f7
15820486 problem in UTILITY/PERL
Brian Cameron <brian.cameron@oracle.com>
parents:
diff
changeset
|
68 |
+ $c[-1] .= $text; |
|
8f71b436e7f7
15820486 problem in UTILITY/PERL
Brian Cameron <brian.cameron@oracle.com>
parents:
diff
changeset
|
69 |
|
|
8f71b436e7f7
15820486 problem in UTILITY/PERL
Brian Cameron <brian.cameron@oracle.com>
parents:
diff
changeset
|
70 |
} |
|
8f71b436e7f7
15820486 problem in UTILITY/PERL
Brian Cameron <brian.cameron@oracle.com>
parents:
diff
changeset
|
71 |
elsif($1 eq '~~') { # "~~"
|
|
8f71b436e7f7
15820486 problem in UTILITY/PERL
Brian Cameron <brian.cameron@oracle.com>
parents:
diff
changeset
|
72 |
@@ -731,7 +721,9 @@ sub _compile {
|
|
8f71b436e7f7
15820486 problem in UTILITY/PERL
Brian Cameron <brian.cameron@oracle.com>
parents:
diff
changeset
|
73 |
else {
|
|
8f71b436e7f7
15820486 problem in UTILITY/PERL
Brian Cameron <brian.cameron@oracle.com>
parents:
diff
changeset
|
74 |
# It's a "~X" where X is not a special character. |
|
8f71b436e7f7
15820486 problem in UTILITY/PERL
Brian Cameron <brian.cameron@oracle.com>
parents:
diff
changeset
|
75 |
# Consider it a literal ~ and X. |
|
8f71b436e7f7
15820486 problem in UTILITY/PERL
Brian Cameron <brian.cameron@oracle.com>
parents:
diff
changeset
|
76 |
- $c[-1] .= $1; |
|
8f71b436e7f7
15820486 problem in UTILITY/PERL
Brian Cameron <brian.cameron@oracle.com>
parents:
diff
changeset
|
77 |
+ my $text = $1; |
|
8f71b436e7f7
15820486 problem in UTILITY/PERL
Brian Cameron <brian.cameron@oracle.com>
parents:
diff
changeset
|
78 |
+ $text =~ s/\\/\\\\/g; |
|
8f71b436e7f7
15820486 problem in UTILITY/PERL
Brian Cameron <brian.cameron@oracle.com>
parents:
diff
changeset
|
79 |
+ $c[-1] .= $text; |
|
8f71b436e7f7
15820486 problem in UTILITY/PERL
Brian Cameron <brian.cameron@oracle.com>
parents:
diff
changeset
|
80 |
} |
|
8f71b436e7f7
15820486 problem in UTILITY/PERL
Brian Cameron <brian.cameron@oracle.com>
parents:
diff
changeset
|
81 |
} |
|
8f71b436e7f7
15820486 problem in UTILITY/PERL
Brian Cameron <brian.cameron@oracle.com>
parents:
diff
changeset
|
82 |
} |
|
8f71b436e7f7
15820486 problem in UTILITY/PERL
Brian Cameron <brian.cameron@oracle.com>
parents:
diff
changeset
|
83 |
-- |
|
8f71b436e7f7
15820486 problem in UTILITY/PERL
Brian Cameron <brian.cameron@oracle.com>
parents:
diff
changeset
|
84 |
1.7.4.1 |
|
8f71b436e7f7
15820486 problem in UTILITY/PERL
Brian Cameron <brian.cameron@oracle.com>
parents:
diff
changeset
|
85 |