From 4abdd8db3253deba8a5b4c4192447ec5a2c6fba9 Mon Sep 17 00:00:00 2001 From: Jitka Plesnikova <jples...@redhat.com> Date: Tue, 26 Jul 2016 14:46:27 +0200 Subject: Fix use after free error (bug #1360280)
--- DBD-MySQL-4.035-Fix-use-after-free-error.patch | 38 ++++++++++++++++++++++++++ perl-DBD-MySQL.spec | 7 ++++- 2 files changed, 44 insertions(+), 1 deletion(-) create mode 100644 DBD-MySQL-4.035-Fix-use-after-free-error.patch diff --git a/DBD-MySQL-4.035-Fix-use-after-free-error.patch b/DBD-MySQL-4.035-Fix-use-after-free-error.patch new file mode 100644 index 0000000..dacd489 --- /dev/null +++ b/DBD-MySQL-4.035-Fix-use-after-free-error.patch @@ -0,0 +1,38 @@ +From 2e1cbd0034cf0041f832ba81d07c24db886782d8 Mon Sep 17 00:00:00 2001 +From: Hanno <ha...@gentoo.org> +Date: Sat, 14 Nov 2015 23:06:12 +0100 +Subject: [PATCH] Fix use after free error. + +--- + dbdimp.c | 9 ++++----- + 1 file changed, 4 insertions(+), 5 deletions(-) + +diff --git a/dbdimp.c b/dbdimp.c +index d507588..acdfee8 100644 +--- a/dbdimp.c ++++ b/dbdimp.c +@@ -2085,10 +2085,6 @@ static int my_login(pTHX_ SV* dbh, imp_dbh_t *imp_dbh) + } + result = mysql_dr_connect(dbh, imp_dbh->pmysql, mysql_socket, host, port, user, + password, dbname, imp_dbh) ? TRUE : FALSE; +- if (fresh && !result) { +- /* Prevent leaks, but do not free in case of a reconnect. See #97625 */ +- Safefree(imp_dbh->pmysql); +- } + return result; + } + +@@ -2142,9 +2138,12 @@ int dbd_db_login(SV* dbh, imp_dbh_t* imp_dbh, char* dbname, char* user, + + if (!my_login(aTHX_ dbh, imp_dbh)) + { +- if(imp_dbh->pmysql) ++ if(imp_dbh->pmysql) { + do_error(dbh, mysql_errno(imp_dbh->pmysql), + mysql_error(imp_dbh->pmysql) ,mysql_sqlstate(imp_dbh->pmysql)); ++ Safefree(imp_dbh->pmysql); ++ ++ } + return FALSE; + } + diff --git a/perl-DBD-MySQL.spec b/perl-DBD-MySQL.spec index bea73d6..83cb2a1 100644 --- a/perl-DBD-MySQL.spec +++ b/perl-DBD-MySQL.spec @@ -1,11 +1,12 @@ Name: perl-DBD-MySQL Version: 4.033 -Release: 1%{?dist} +Release: 2%{?dist} Summary: A MySQL interface for Perl Group: Development/Libraries License: GPL+ or Artistic URL: http://search.cpan.org/dist/DBD-mysql/ Source0: http://www.cpan.org/authors/id/C/CA/CAPTTOFU/DBD-mysql-%{version}.tar.gz +Patch0: DBD-MySQL-4.035-Fix-use-after-free-error.patch BuildRequires: mariadb, mariadb-devel, zlib-devel BuildRequires: coreutils BuildRequires: findutils @@ -37,6 +38,7 @@ management system. %prep %setup -q -n DBD-mysql-%{version} +%patch0 -p1 # Correct file permissions find . -type f | xargs chmod -x @@ -69,6 +71,9 @@ find %{buildroot} -type f -name '*.bs' -empty -exec rm -f {} ';' %{_mandir}/man3/*.3* %changelog +* Tue Jul 26 2016 Jitka Plesnikova <jples...@redhat.com> - 4.033-2 +- Fix use after free error (bug #1360280) + * Tue Oct 27 2015 Jitka Plesnikova <jples...@redhat.com> - 4.033-1 - 4.033 bump -- cgit v0.12 http://pkgs.fedoraproject.org/cgit/perl-DBD-MySQL.git/commit/?h=f23&id=4abdd8db3253deba8a5b4c4192447ec5a2c6fba9 -- Fedora Extras Perl SIG http://www.fedoraproject.org/wiki/Extras/SIGs/Perl perl-devel mailing list perl-devel@lists.fedoraproject.org https://lists.fedoraproject.org/admin/lists/perl-devel@lists.fedoraproject.org