[debbugs-tracker] bug#27805: closed ([PATCH] gnu: perl-dbd-mysql: Fix CVE-2017-10788.)

[GNU bug Tracking System]

Your message dated Tue, 25 Jul 2017 14:13:04 -0400
with message-id <address@hidden>
and subject line Re: [bug#27805] [PATCH] gnu: perl-dbd-mysql: Fix 
CVE-2017-10788.
has caused the debbugs.gnu.org bug report #27805,
regarding [PATCH] gnu: perl-dbd-mysql: Fix CVE-2017-10788.
to be marked as done.

(If you believe you have received this mail in error, please contact
address@hidden)


-- 
27805: http://debbugs.gnu.org/cgi/bugreport.cgi?bug=27805
GNU Bug Tracking System
Contact address@hidden with problems
> --- Begin Message ---
>
>
>
> Subject: 
>
> [PATCH] gnu: perl-dbd-mysql: Fix CVE-2017-10788.
>
>
>
>
> Date: 
>
> Mon, 24 Jul 2017 14:31:44 -0400
>
>
>
>
> * gnu/packages/patches/perl-dbd-mysql-CVE-2017-10788.patch: New file.
> * gnu/local.mk (dist_patch_DATA): Add it.
> * gnu/packages/databases.scm (perl-dbd-mysql)[source]: Use it.
> ---
>  gnu/local.mk                                       |  1 +
>  gnu/packages/databases.scm                         |  3 +-
>  .../patches/perl-dbd-mysql-CVE-2017-10788.patch    | 51 ++++++++++++++++++++++
>  3 files changed, 54 insertions(+), 1 deletion(-)
>  create mode 100644 gnu/packages/patches/perl-dbd-mysql-CVE-2017-10788.patch
>
> diff --git a/gnu/local.mk b/gnu/local.mk
> index 3eccc879b..4292d705c 100644
> --- a/gnu/local.mk
> +++ b/gnu/local.mk
> @@ -902,6 +902,7 @@ dist_patch_DATA =                                           
> \
>    %D%/packages/patches/pcre2-CVE-2017-8786.patch               \
>    %D%/packages/patches/perl-file-path-CVE-2017-6512.patch      \
>    %D%/packages/patches/perl-autosplit-default-time.patch       \
> +  %D%/packages/patches/perl-dbd-mysql-CVE-2017-10788.patch     \
>    %D%/packages/patches/perl-deterministic-ordering.patch       \
>    %D%/packages/patches/perl-finance-quote-unuse-mozilla-ca.patch \
>    %D%/packages/patches/perl-gd-options-passthrough-and-fontconfig.patch \
> diff --git a/gnu/packages/databases.scm b/gnu/packages/databases.scm
> index ee340505e..7e62452ea 100644
> --- a/gnu/packages/databases.scm
> +++ b/gnu/packages/databases.scm
> @@ -1015,7 +1015,8 @@ columns, primary keys, unique constraints and 
> relationships.")
>                             "DBD-mysql-" version ".tar.gz"))
>         (sha256
>          (base32
> -         "16bg7l28n65ngi1abjxvwk906a80i2vd5vzjn812dx8phdg8d7v2"))))
> +         "16bg7l28n65ngi1abjxvwk906a80i2vd5vzjn812dx8phdg8d7v2"))
> +       (patches (search-patches "perl-dbd-mysql-CVE-2017-10788.patch"))))
>      (build-system perl-build-system)
>      ;; Tests require running MySQL server
>      (arguments `(#:tests? #f))
> diff --git a/gnu/packages/patches/perl-dbd-mysql-CVE-2017-10788.patch 
> b/gnu/packages/patches/perl-dbd-mysql-CVE-2017-10788.patch
> new file mode 100644
> index 000000000..344f2d803
> --- /dev/null
> +++ b/gnu/packages/patches/perl-dbd-mysql-CVE-2017-10788.patch
> @@ -0,0 +1,51 @@
> +From 9ce10cfae7138c37c3a0cb2ba2a1d682482943d0 Mon Sep 17 00:00:00 2001
> +From: Pali <address@hidden>
> +Date: Sun, 25 Jun 2017 10:07:39 +0200
> +Subject: [PATCH] Fix use-after-free after calling mysql_stmt_close()
> +
> +Ignore return value from mysql_stmt_close() and also its error message
> +because it points to freed memory after mysql_stmt_close() was called.
> +---
> + dbdimp.c |    8 ++------
> + mysql.xs |    7 ++-----
> + 2 files changed, 4 insertions(+), 11 deletions(-)
> +
> +diff --git a/dbdimp.c b/dbdimp.c
> +index c60a5f6..a6410e5 100644
> +--- a/dbdimp.c
> ++++ b/dbdimp.c
> +@@ -4894,12 +4894,8 @@ void dbd_st_destroy(SV *sth, imp_sth_t *imp_sth) {
> +
> +   if (imp_sth->stmt)
> +   {
> +-    if (mysql_stmt_close(imp_sth->stmt))
> +-    {
> +-      do_error(DBIc_PARENT_H(imp_sth), mysql_stmt_errno(imp_sth->stmt),
> +-          mysql_stmt_error(imp_sth->stmt),
> +-          mysql_stmt_sqlstate(imp_sth->stmt));
> +-    }
> ++    mysql_stmt_close(imp_sth->stmt);
> ++    imp_sth->stmt= NULL;
> +   }
> + #endif
> +
> +diff --git a/mysql.xs b/mysql.xs
> +index 55376e1..affde59 100644
> +--- a/mysql.xs
> ++++ b/mysql.xs
> +@@ -434,11 +434,8 @@ do(dbh, statement, attr=Nullsv, ...)
> +       if (bind)
> +         Safefree(bind);
> +
> +-      if(mysql_stmt_close(stmt))
> +-      {
> +-        fprintf(stderr, "\n failed while closing the statement");
> +-        fprintf(stderr, "\n %s", mysql_stmt_error(stmt));
> +-      }
> ++      mysql_stmt_close(stmt);
> ++      stmt= NULL;
> +
> +       if (retval == -2) /* -2 means error */
> +       {
> +--
> +1.7.9.5
> -- 
> 2.13.3
>
>
>
>
> --- End Message ---

--- Begin Message --- Subject: Re: [bug#27805] [PATCH] gnu: perl-dbd-mysql: Fix CVE-2017-10788. Date: Tue, 25 Jul 2017 14:13:04 -0400 User-agent: Gnus/5.13 (Gnus v5.13) Emacs/25.2 (gnu/linux)

Leo Famulari <address@hidden> writes:

> On Mon, Jul 24, 2017 at 06:07:25PM -0400, Kei Kebreau wrote:
>> Done! FYI, this patch is tentative (i.e. not merged upstream as of
>> yet). It seems to do the right thing, but I'm not quite sure, as I'm not
>> an experienced C programmer, nor am I a user of this package.
>
> I'm not an expert but, I agree, it seems to do the right thing.
>
>> > Check 'gnu/packages/patches/wget-CVE-2017-6508.patch' for an example if
>> > you are unsure.
>> >
>> > There is also CVE-2017-10789. I'm not sure if there is a fix merged
>> > upstream yet:
>> >
>> > http://cve.mitre.org/cgi-bin/cvename.cgi?name=2017-10789
>
> Okay, let's wait on that one. Can you try to keep track of it?
>

Will do!

>> How does the attached patch look?
>
>> From d067457fcc87a0353dfdf6c8bfbe4f2bbdb90bb9 Mon Sep 17 00:00:00 2001
>> From: Kei Kebreau <address@hidden>
>> Date: Mon, 24 Jul 2017 13:51:50 -0400
>> Subject: [PATCH] gnu: perl-dbd-mysql: Fix CVE-2017-10788.
>> 
>> * gnu/packages/patches/perl-dbd-mysql-CVE-2017-10788.patch: New file.
>> * gnu/local.mk (dist_patch_DATA): Add it.
>> * gnu/packages/databases.scm (perl-dbd-mysql)[source]: Use it.
>
> Please push!

Pushed to master! Thank you for reviewing.

signature.asc
Description: PGP signature

--- End Message ---