In perl.git, the branch blead has been updated <http://perl5.git.perl.org/perl.git/commitdiff/2709980d5a193ce6f3a16f0d19879a6560dcde44?hp=2c8ca683ba2cfa11ba67ed8364aabd92180ec161>
- Log ----------------------------------------------------------------- commit 2709980d5a193ce6f3a16f0d19879a6560dcde44 Author: Andy Dougherty <[email protected]> Date: Thu Sep 27 09:52:18 2012 -0400 avoid calling memset with a negative count Poorly written perl code that allows an attacker to specify the count to perl's 'x' string repeat operator can already cause a memory exhaustion denial-of-service attack. A flaw in versions of perl before 5.15.5 can escalate that into a heap buffer overrun; coupled with versions of glibc before 2.16, it possibly allows the execution of arbitrary code. The flaw addressed to this commit has been assigned identifier CVE-2012-5195. ----------------------------------------------------------------------- Summary of changes: util.c | 3 +++ 1 files changed, 3 insertions(+), 0 deletions(-) diff --git a/util.c b/util.c index 8bd2094..2633034 100644 --- a/util.c +++ b/util.c @@ -3256,6 +3256,9 @@ Perl_repeatcpy(register char *to, register const char *from, I32 len, register I { PERL_ARGS_ASSERT_REPEATCPY; + if (count < 0) + Perl_croak_nocontext("%s",PL_memory_wrap); + if (len == 1) memset(to, *from, count); else if (count) { -- Perl5 Master Repository
