[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[bug#27805] [PATCH] gnu: perl-dbd-mysql: Fix CVE-2017-10788.
|
From: |
Kei Kebreau |
|
Subject: |
[bug#27805] [PATCH] gnu: perl-dbd-mysql: Fix CVE-2017-10788. |
|
Date: |
Mon, 24 Jul 2017 14:31:44 -0400 |
* gnu/packages/patches/perl-dbd-mysql-CVE-2017-10788.patch: New file.
* gnu/local.mk (dist_patch_DATA): Add it.
* gnu/packages/databases.scm (perl-dbd-mysql)[source]: Use it.
---
gnu/local.mk | 1 +
gnu/packages/databases.scm | 3 +-
.../patches/perl-dbd-mysql-CVE-2017-10788.patch | 51 ++++++++++++++++++++++
3 files changed, 54 insertions(+), 1 deletion(-)
create mode 100644 gnu/packages/patches/perl-dbd-mysql-CVE-2017-10788.patch
diff --git a/gnu/local.mk b/gnu/local.mk
index 3eccc879b..4292d705c 100644
--- a/gnu/local.mk
+++ b/gnu/local.mk
@@ -902,6 +902,7 @@ dist_patch_DATA =
\
%D%/packages/patches/pcre2-CVE-2017-8786.patch \
%D%/packages/patches/perl-file-path-CVE-2017-6512.patch \
%D%/packages/patches/perl-autosplit-default-time.patch \
+ %D%/packages/patches/perl-dbd-mysql-CVE-2017-10788.patch \
%D%/packages/patches/perl-deterministic-ordering.patch \
%D%/packages/patches/perl-finance-quote-unuse-mozilla-ca.patch \
%D%/packages/patches/perl-gd-options-passthrough-and-fontconfig.patch \
diff --git a/gnu/packages/databases.scm b/gnu/packages/databases.scm
index ee340505e..7e62452ea 100644
--- a/gnu/packages/databases.scm
+++ b/gnu/packages/databases.scm
@@ -1015,7 +1015,8 @@ columns, primary keys, unique constraints and
relationships.")
"DBD-mysql-" version ".tar.gz"))
(sha256
(base32
- "16bg7l28n65ngi1abjxvwk906a80i2vd5vzjn812dx8phdg8d7v2"))))
+ "16bg7l28n65ngi1abjxvwk906a80i2vd5vzjn812dx8phdg8d7v2"))
+ (patches (search-patches "perl-dbd-mysql-CVE-2017-10788.patch"))))
(build-system perl-build-system)
;; Tests require running MySQL server
(arguments `(#:tests? #f))
diff --git a/gnu/packages/patches/perl-dbd-mysql-CVE-2017-10788.patch
b/gnu/packages/patches/perl-dbd-mysql-CVE-2017-10788.patch
new file mode 100644
index 000000000..344f2d803
--- /dev/null
+++ b/gnu/packages/patches/perl-dbd-mysql-CVE-2017-10788.patch
@@ -0,0 +1,51 @@
+From 9ce10cfae7138c37c3a0cb2ba2a1d682482943d0 Mon Sep 17 00:00:00 2001
+From: Pali <address@hidden>
+Date: Sun, 25 Jun 2017 10:07:39 +0200
+Subject: [PATCH] Fix use-after-free after calling mysql_stmt_close()
+
+Ignore return value from mysql_stmt_close() and also its error message
+because it points to freed memory after mysql_stmt_close() was called.
+---
+ dbdimp.c | 8 ++------
+ mysql.xs | 7 ++-----
+ 2 files changed, 4 insertions(+), 11 deletions(-)
+
+diff --git a/dbdimp.c b/dbdimp.c
+index c60a5f6..a6410e5 100644
+--- a/dbdimp.c
++++ b/dbdimp.c
+@@ -4894,12 +4894,8 @@ void dbd_st_destroy(SV *sth, imp_sth_t *imp_sth) {
+
+ if (imp_sth->stmt)
+ {
+- if (mysql_stmt_close(imp_sth->stmt))
+- {
+- do_error(DBIc_PARENT_H(imp_sth), mysql_stmt_errno(imp_sth->stmt),
+- mysql_stmt_error(imp_sth->stmt),
+- mysql_stmt_sqlstate(imp_sth->stmt));
+- }
++ mysql_stmt_close(imp_sth->stmt);
++ imp_sth->stmt= NULL;
+ }
+ #endif
+
+diff --git a/mysql.xs b/mysql.xs
+index 55376e1..affde59 100644
+--- a/mysql.xs
++++ b/mysql.xs
+@@ -434,11 +434,8 @@ do(dbh, statement, attr=Nullsv, ...)
+ if (bind)
+ Safefree(bind);
+
+- if(mysql_stmt_close(stmt))
+- {
+- fprintf(stderr, "\n failed while closing the statement");
+- fprintf(stderr, "\n %s", mysql_stmt_error(stmt));
+- }
++ mysql_stmt_close(stmt);
++ stmt= NULL;
+
+ if (retval == -2) /* -2 means error */
+ {
+--
+1.7.9.5
--
2.13.3
- [bug#27805] [PATCH] gnu: perl-dbd-mysql: Fix CVE-2017-10788.,
Kei Kebreau <=