[perl5-dbi/dbi] 36f2a2: Fix a buffer overlfow on an overlong DBD class name

  Branch: refs/heads/master=0D
  Home:   https://github.com/perl5-dbi/dbi=0D
  Commit: 36f2a2c5fea36d7d47d6871e420286643460e71b=0D
      https://github.com/perl5-dbi/dbi/commit/36f2a2c5fea36d7d47d6871e420=
286643460e71b=0D
  Author: Petr P=C3=ADsa=C5=99 <ppisar@redhat.com>=0D
  Date:   2019-08-01 (Thu, 01 Aug 2019)=0D
=0D
  Changed paths:=0D
    M DBI.xs=0D
    M t/02dbidrv.t=0D
=0D
  Log Message:=0D
  -----------=0D
  Fix a buffer overlfow on an overlong DBD class name=0D
=0D
dbih_setup_handle() in DBI.xs does:=0D
=0D
static void=0D
dbih_setup_handle(pTHX_ SV *orv, char *imp_class, SV *parent, SV *imp_dat=
asv)=0D
{=0D
    [...]=0D
    char imp_mem_name[300];=0D
    [...]=0D
    strcpy(imp_mem_name, imp_class);=0D
    strcat(imp_mem_name, "_mem");=0D
    [...]=0D
}=0D
=0D
If imp_class argument string value is longer than 300 - strlen("_mem")=0D=

- 1 bytes, a data will be written past imp_mem_name[] array. The=0D
imp_class comes from DBD driver class name (DBI::_new_drh ->=0D
_new_handle() -> dbih_setup_handle()).=0D
=0D
People usually do not use so long package names (e.g. DBD::ExampleP=0D
calls DBI::_new_drh() in lib/DBD/ExampleP.pm), so the risk is low.=0D
=0D
Reproducer:=0D
=0D
$ perl -MDBI -e 'DBI::_new_drh(q{x} x 300, {}, 0)'=0D
*** buffer overflow detected ***: perl terminated=0D
Aborted (core dumped)=0D
=0D
https://rt.cpan.org/Ticket/Display.html?id=3D130191=0D
=0D
=0D
  Commit: eaf547a5696b8530b597f82dbb094ff1e3f6713d=0D
      https://github.com/perl5-dbi/dbi/commit/eaf547a5696b8530b597f82dbb0=
94ff1e3f6713d=0D
  Author: Tim Bunce <Tim.Bunce@pobox.com>=0D
  Date:   2019-08-01 (Thu, 01 Aug 2019)=0D
=0D
  Changed paths:=0D
    M DBI.xs=0D
    M t/02dbidrv.t=0D
=0D
  Log Message:=0D
  -----------=0D
  Merge pull request #83 from ppisar/imp_mem_name=0D
=0D
Fix a buffer overlfow on an overlong DBD class name=0D
=0D
=0D
Compare: https://github.com/perl5-dbi/dbi/compare/a0e17557590f...eaf547a5=
696b=0D
0
noreply
8/1/2019 4:37:38 PM
perl.dbi.dev 1960 articles. 0 followers. Follow

0 Replies
206 Views

Similar Articles

[PageSpeed] 20

Reply: