[Perl/perl5] 30228c: study_chunk: extract rck_elide_nothing

Mon, 01 Jun 2020 12:35:23 -0700 

  Branch: refs/heads/blead
  Home:   https://github.com/Perl/perl5
  Commit: 30228cdc40a106845f279082f032011abc99e09d
      
https://github.com/Perl/perl5/commit/30228cdc40a106845f279082f032011abc99e09d
  Author: Hugo van der Sanden <h...@crypt.org>
  Date:   2020-06-01 (Mon, 01 Jun 2020)

  Changed paths:
    M embed.fnc
    M embed.h
    M proto.h
    M regcomp.c

  Log Message:
  -----------
  study_chunk: extract rck_elide_nothing

(CVE-2020-10878)

(cherry picked from commit 4fccd2d99bdeb28c2937c3220ea5334999564aa8)


  Commit: 4b4b1fbd0d43429c43d5de8857f3266daba1dd66
      
https://github.com/Perl/perl5/commit/4b4b1fbd0d43429c43d5de8857f3266daba1dd66
  Author: Karl Williamson <k...@cpan.org>
  Date:   2020-06-01 (Mon, 01 Jun 2020)

  Changed paths:
    M regcomp.c

  Log Message:
  -----------
  regcomp: use long jumps if there is any possibility of overflow

(CVE-2020-10878) Be conservative for backporting, we'll aim to do
something more aggressive for bleadperl.

(cherry picked from commit 8243e7d09fa7bd65b70935e3170c6abda3e34917)


  Commit: 0e9563b9242a5758c6ce11daf8385b3753e9ed9c
      
https://github.com/Perl/perl5/commit/0e9563b9242a5758c6ce11daf8385b3753e9ed9c
  Author: John Lightsey <j...@cpanel.net>
  Date:   2020-06-01 (Mon, 01 Jun 2020)

  Changed paths:
    M regcomp.c

  Log Message:
  -----------
  regcomp.c: Prevent integer overflow from nested regex quantifiers.

(CVE-2020-10543) On 32bit systems the size calculations for nested regular
expression quantifiers could overflow causing heap memory corruption.

Fixes: Perl/perl5-security#125
(cherry picked from commit 670c54b00a47d930431dd470e72fd7d13643e169)


  Commit: 3a1df45e827a79d14694d18dd0141c09a0abfe5c
      
https://github.com/Perl/perl5/commit/3a1df45e827a79d14694d18dd0141c09a0abfe5c
  Author: Hugo van der Sanden <h...@crypt.org>
  Date:   2020-06-01 (Mon, 01 Jun 2020)

  Changed paths:
    M embed.fnc
    M embed.h
    M proto.h
    M regcomp.c
    M t/re/pat.t

  Log Message:
  -----------
  study_chunk: honour mutate_ok over recursion

As described in #17743, study_chunk can re-enter itself either by
simple recursion or by enframing. 089ad25d3f used the new mutate_ok
variable to track whether we were within the framing scope of GOSUB,
and to disallow mutating changes to ops if so.

This commit extends that logic to reentry by recursion, passing in
the current state as was_mutate_ok.

(CVE-2020-12723)

(cherry picked from commit 3445383845ed220eaa12cd406db2067eb7b8a741)


Compare: https://github.com/Perl/perl5/compare/902f303cd950...3a1df45e827a

Reply via email to