summaryrefslogtreecommitdiff
path: root/core/perl/cve-2012-5195.patch
diff options
context:
space:
mode:
Diffstat (limited to 'core/perl/cve-2012-5195.patch')
-rw-r--r--core/perl/cve-2012-5195.patch29
1 files changed, 29 insertions, 0 deletions
diff --git a/core/perl/cve-2012-5195.patch b/core/perl/cve-2012-5195.patch
new file mode 100644
index 000000000..a995194c6
--- /dev/null
+++ b/core/perl/cve-2012-5195.patch
@@ -0,0 +1,29 @@
+commit b11b0d3ef18a35595a07a06c91fa4f27c9cacf5b
+Author: Andy Dougherty <doughera@lafayette.edu>
+Date: Thu Sep 27 09:52:18 2012 -0400
+
+ avoid calling memset with a negative count
+
+ Poorly written perl code that allows an attacker to specify the count to
+ perl's 'x' string repeat operator can already cause a memory exhaustion
+ denial-of-service attack. A flaw in versions of perl before 5.15.5 can
+ escalate that into a heap buffer overrun; coupled with versions of glibc
+ before 2.16, it possibly allows the execution of arbitrary code.
+
+ The flaw addressed to this commit has been assigned identifier
+ CVE-2012-5195.
+
+diff --git a/util.c b/util.c
+index 171456f..34f5fa9 100644
+--- a/util.c
++++ b/util.c
+@@ -3416,6 +3416,9 @@ Perl_repeatcpy(register char *to, register const char *from, I32 len, register I
+ {
+ PERL_ARGS_ASSERT_REPEATCPY;
+
++ if (count < 0)
++ Perl_croak_nocontext("%s",PL_memory_wrap);
++
+ if (len == 1)
+ memset(to, *from, count);
+ else if (count) {
generated by cgit v1.2.3-54-g00ecf (git 2.45.2) at 2024-07-12 04:12:00 +0000