Accepting request 514862 from home:pmonrealgonzalez:branches:devel:languages:perl

- Add patch to fix CVE-2017-10788 bsc#1047095 * Denial of service or possibly RCE through use-after-free * perl-DBD-mysql-4.043-CVE-2017-10788.patch OBS-URL: https://build.opensuse.org/request/show/514862 OBS-URL: https://build.opensuse.org/package/show/devel:languages:perl/perl-DBD-mysql?expand=0&rev=56
2017-08-14 12:56:01 +00:00
parent 23fd45d3b0
commit a945f9ec41
3 changed files with 62 additions and 0 deletions
--- a/perl-DBD-mysql-4.043-CVE-2017-10788.patch
+++ b/perl-DBD-mysql-4.043-CVE-2017-10788.patch
@@ -0,0 +1,52 @@
+From 9ce10cfae7138c37c3a0cb2ba2a1d682482943d0 Mon Sep 17 00:00:00 2001
+From: Pali <pali@cpan.org>
+Date: Sun, 25 Jun 2017 10:07:39 +0200
+Subject: [PATCH] Fix use-after-free after calling mysql_stmt_close()
+
+Ignore return value from mysql_stmt_close() and also its error message
+because it points to freed memory after mysql_stmt_close() was called.
+---
+ dbdimp.c |    8 ++------
+ mysql.xs |    7 ++-----
+ 2 files changed, 4 insertions(+), 11 deletions(-)
+
+diff --git a/dbdimp.c b/dbdimp.c
+index c60a5f6..a6410e5 100644
+--- a/dbdimp.c
+++ b/dbdimp.c
+@@ -4894,12 +4894,8 @@ void dbd_st_destroy(SV *sth, imp_sth_t *imp_sth) {
+ 
+   if (imp_sth->stmt)
+   {
+-    if (mysql_stmt_close(imp_sth->stmt))
+-    {
+-      do_error(DBIc_PARENT_H(imp_sth), mysql_stmt_errno(imp_sth->stmt),
+-          mysql_stmt_error(imp_sth->stmt),
+-          mysql_stmt_sqlstate(imp_sth->stmt));
+-    }
+    mysql_stmt_close(imp_sth->stmt);
+    imp_sth->stmt= NULL;
+   }
+ #endif
+ 
+diff --git a/mysql.xs b/mysql.xs
+index 55376e1..affde59 100644
+--- a/mysql.xs
+++ b/mysql.xs
+@@ -434,11 +434,8 @@ do(dbh, statement, attr=Nullsv, ...)
+       if (bind)
+         Safefree(bind);
+ 
+-      if(mysql_stmt_close(stmt))
+-      {
+-        fprintf(stderr, "\n failed while closing the statement");
+-        fprintf(stderr, "\n %s", mysql_stmt_error(stmt));
+-      }
+      mysql_stmt_close(stmt);
+      stmt= NULL;
+ 
+       if (retval == -2) /* -2 means error */
+       {
+-- 
+1.7.9.5
+
--- a/perl-DBD-mysql.changes
+++ b/perl-DBD-mysql.changes
@@ -1,3 +1,10 @@
+-------------------------------------------------------------------
+Mon Jul 17 11:16:13 UTC 2017 - pmonrealgonzalez@suse.com
+
+- Add patch to fix CVE-2017-10788 bsc#1047095
+  * Denial of service or possibly RCE through use-after-free
+  * perl-DBD-mysql-4.043-CVE-2017-10788.patch
+
 -------------------------------------------------------------------
 Fri Jun 30 05:19:38 UTC 2017 - coolo@suse.com

--- a/perl-DBD-mysql.spec
+++ b/perl-DBD-mysql.spec
@@ -26,6 +26,8 @@ Group:          Development/Libraries/Perl
 Url:            http://search.cpan.org/dist/DBD-mysql/
 Source0:        https://cpan.metacpan.org/authors/id/M/MI/MICHIELB/%{cpan_name}-%{version}.tar.gz
 Source1:        cpanspec.yml
+# PATCH-FIX-UPSTREAM CVE-2017-10788 bsc#1047095 pmonrealgonzalez@suse.com - DoS or possibly RCE through use-after-free
+Patch1:         perl-DBD-mysql-4.043-CVE-2017-10788.patch
 BuildRoot:      %{_tmppath}/%{name}-%{version}-build
 BuildRequires:  perl
 BuildRequires:  perl-macros
@@ -49,6 +51,7 @@ no-one ever requested them. :-)
 %prep
 %setup -q -n %{cpan_name}-%{version}
 find . -type f ! -name \*.pl -print0 | xargs -0 chmod 644
+%patch1 -p1

 %build
 %{__perl} Makefile.PL INSTALLDIRS=vendor OPTIMIZE="%{optflags}"