fix CVE-2024-56406
This commit is contained in:
fly_fzc
parent
b4aa0fbbce
commit
a1eb245cca
26
backport-CVE-2024-56406.patch
Normal file
26
backport-CVE-2024-56406.patch
Normal file
@ -0,0 +1,26 @@
|
||||
From 87f42aa0e0096e9a346c9672aa3a0bd3bef8c1dd Mon Sep 17 00:00:00 2001
|
||||
From: Karl Williamson <khw@cpan.org>
|
||||
Date: Wed, 18 Dec 2024 18:25:29 -0700
|
||||
Subject: [PATCH] CVE-2024-56406: Heap-buffer-overflow with tr//
|
||||
|
||||
This was due to underallocating needed space. If the translation forces
|
||||
something to become UTF-8 that is initially bytes, that UTF-8 could
|
||||
now require two bytes where previously a single one would do.
|
||||
|
||||
(cherry picked from commit f93109c8a6950aafbd7488d98e112552033a3686)
|
||||
---
|
||||
op.c | 1 +
|
||||
1 file changed, 1 insertion(+)
|
||||
|
||||
diff --git a/op.c b/op.c
|
||||
index 69ff030e88eb..298b2926338a 100644
|
||||
--- a/op.c
|
||||
+++ b/op.c
|
||||
@@ -6520,6 +6520,7 @@
|
||||
* same time. But otherwise one crosses before the other */
|
||||
if (t_cp < 256 && r_cp_end > 255 && r_cp != t_cp) {
|
||||
can_force_utf8 = TRUE;
|
||||
+ max_expansion = MAX(2, max_expansion);
|
||||
}
|
||||
}
|
||||
|
||||
@ -22,7 +22,7 @@ Name: perl
|
||||
License: (GPL+ or Artistic) and (GPLv2+ or Artistic) and MIT and UCD and Public Domain and BSD
|
||||
Epoch: 4
|
||||
Version: %{perl_version}
|
||||
Release: 14
|
||||
Release: 15
|
||||
Summary: A highly capable, feature-rich programming language
|
||||
Url: https://www.perl.org/
|
||||
Source0: https://www.cpan.org/src/5.0/%{name}-%{version}.tar.xz
|
||||
@ -44,6 +44,7 @@ Patch6003: backport-CVE-2022-48522.patch
|
||||
Patch6004: backport-CVE-2023-47100-CVE-2023-47038.patch
|
||||
Patch6005: backport-CVE-2023-47039.patch
|
||||
Patch6006: fix-test-case-failure-caused-by-zlib.patch
|
||||
Patch6007: backport-CVE-2024-56406.patch
|
||||
|
||||
BuildRequires: gcc bash findutils coreutils make tar procps bzip2-devel gdbm-devel perl-File-Compare perl-File-Find
|
||||
BuildRequires: zlib-devel systemtap-sdt-devel perl-interpreter perl-generators
|
||||
@ -494,6 +495,9 @@ make test_harness
|
||||
%{_mandir}/man3/*
|
||||
|
||||
%changelog
|
||||
* Mon Apr 14 2025 Funda Wang <fundawang@yeah.net> - 4:5.34.0-15
|
||||
- fix CVE-2024-56406
|
||||
|
||||
* Tue Jun 4 2024 hongjinghao <hongjinghao@huawei.com> - 4:5.34.0-14
|
||||
- fix test case failure caused by zlib
|
||||
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user