perl: fix CVE-2015-8607
Backport patch to fix CVE-2015-8607 from perl upstream: http://perl5.git.perl.org/perl.git/commitdiff/0b6f93036de171c12ba95d415e264d9cf7f4e1fd (From OE-Core rev: e2289647ace9ef96e6a7e4aae201fd9149e56678) Signed-off-by: Mingli Yu <Mingli.Yu@windriver.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
This commit is contained in:
parent
c27660df40
commit
f5b1cd0e82
|
@ -0,0 +1,74 @@
|
|||
From 652c8d4852a69f1bb4d387946f9b76350a1f0d0e Mon Sep 17 00:00:00 2001
|
||||
From: Tony Cook <tony@develop-help.com>
|
||||
Date: Tue, 15 Dec 2015 10:56:54 +1100
|
||||
Subject: [PATCH] perl: fix CVE-2015-8607
|
||||
|
||||
ensure File::Spec::canonpath() preserves taint
|
||||
|
||||
Previously the unix specific XS implementation of canonpath() would
|
||||
return an untainted path when supplied a tainted path.
|
||||
|
||||
For the empty string case, newSVpvs() already sets taint as needed on
|
||||
its result.
|
||||
|
||||
This issue was assigned CVE-2015-8607. [perl #126862]
|
||||
|
||||
Backport patch from http://perl5.git.perl.org/perl.git/commitdiff/0b6f93036de171c12ba95d415e264d9cf7f4e1fd
|
||||
|
||||
Upstream-Status: Backport
|
||||
CVE: CVE-2015-8607
|
||||
Signed-off-by: Mingli Yu <Mingli.Yu@windriver.com>
|
||||
---
|
||||
dist/PathTools/Cwd.xs | 1 +
|
||||
dist/PathTools/t/taint.t | 19 ++++++++++++++++++-
|
||||
2 files changed, 19 insertions(+), 1 deletion(-)
|
||||
|
||||
diff --git a/dist/PathTools/Cwd.xs b/dist/PathTools/Cwd.xs
|
||||
index 9d4dcf0..3d018dc 100644
|
||||
--- a/dist/PathTools/Cwd.xs
|
||||
+++ b/dist/PathTools/Cwd.xs
|
||||
@@ -535,6 +535,7 @@ THX_unix_canonpath(pTHX_ SV *path)
|
||||
*o = 0;
|
||||
SvPOK_on(retval);
|
||||
SvCUR_set(retval, o - SvPVX(retval));
|
||||
+ SvTAINT(retval);
|
||||
return retval;
|
||||
}
|
||||
|
||||
diff --git a/dist/PathTools/t/taint.t b/dist/PathTools/t/taint.t
|
||||
index 309b3e5..48f8c5b 100644
|
||||
--- a/dist/PathTools/t/taint.t
|
||||
+++ b/dist/PathTools/t/taint.t
|
||||
@@ -12,7 +12,7 @@ use Test::More;
|
||||
BEGIN {
|
||||
plan(
|
||||
${^TAINT}
|
||||
- ? (tests => 17)
|
||||
+ ? (tests => 21)
|
||||
: (skip_all => "A perl without taint support")
|
||||
);
|
||||
}
|
||||
@@ -34,3 +34,20 @@ foreach my $func (@Functions) {
|
||||
|
||||
# Previous versions of Cwd tainted $^O
|
||||
is !tainted($^O), 1, "\$^O should not be tainted";
|
||||
+
|
||||
+{
|
||||
+ # [perl #126862] canonpath() loses taint
|
||||
+ my $tainted = substr($ENV{PATH}, 0, 0);
|
||||
+ # yes, getcwd()'s result should be tainted, and is tested above
|
||||
+ # but be sure
|
||||
+ ok tainted(File::Spec->canonpath($tainted . Cwd::getcwd)),
|
||||
+ "canonpath() keeps taint on non-empty string";
|
||||
+ ok tainted(File::Spec->canonpath($tainted)),
|
||||
+ "canonpath() keeps taint on empty string";
|
||||
+
|
||||
+ (Cwd::getcwd() =~ /^(.*)/);
|
||||
+ my $untainted = $1;
|
||||
+ ok !tainted($untainted), "make sure our untainted value is untainted";
|
||||
+ ok !tainted(File::Spec->canonpath($untainted)),
|
||||
+ "canonpath() doesn't add taint to untainted string";
|
||||
+}
|
||||
--
|
||||
2.8.1
|
||||
|
|
@ -67,6 +67,7 @@ SRC_URI += " \
|
|||
file://perl-test-customized.patch \
|
||||
file://perl-fix-CVE-2016-2381.patch \
|
||||
file://perl-fix-CVE-2016-6185.patch \
|
||||
file://perl-fix-CVE-2015-8607.patch \
|
||||
"
|
||||
|
||||
# Fix test case issues
|
||||
|
|
Loading…
Reference in New Issue