From a945f9ec41a334fdc2bc30c53d17350893bb2b19b4b3d0800cb8f31c1727be93 Mon Sep 17 00:00:00 2001 From: Dirk Stoecker Date: Mon, 14 Aug 2017 12:56:01 +0000 Subject: [PATCH] Accepting request 514862 from home:pmonrealgonzalez:branches:devel:languages:perl - Add patch to fix CVE-2017-10788 bsc#1047095 * Denial of service or possibly RCE through use-after-free * perl-DBD-mysql-4.043-CVE-2017-10788.patch OBS-URL: https://build.opensuse.org/request/show/514862 OBS-URL: https://build.opensuse.org/package/show/devel:languages:perl/perl-DBD-mysql?expand=0&rev=56 --- perl-DBD-mysql-4.043-CVE-2017-10788.patch | 52 +++++++++++++++++++++++ perl-DBD-mysql.changes | 7 +++ perl-DBD-mysql.spec | 3 ++ 3 files changed, 62 insertions(+) create mode 100644 perl-DBD-mysql-4.043-CVE-2017-10788.patch diff --git a/perl-DBD-mysql-4.043-CVE-2017-10788.patch b/perl-DBD-mysql-4.043-CVE-2017-10788.patch new file mode 100644 index 0000000..beeaec7 --- /dev/null +++ b/perl-DBD-mysql-4.043-CVE-2017-10788.patch @@ -0,0 +1,52 @@ +From 9ce10cfae7138c37c3a0cb2ba2a1d682482943d0 Mon Sep 17 00:00:00 2001 +From: Pali +Date: Sun, 25 Jun 2017 10:07:39 +0200 +Subject: [PATCH] Fix use-after-free after calling mysql_stmt_close() + +Ignore return value from mysql_stmt_close() and also its error message +because it points to freed memory after mysql_stmt_close() was called. +--- + dbdimp.c | 8 ++------ + mysql.xs | 7 ++----- + 2 files changed, 4 insertions(+), 11 deletions(-) + +diff --git a/dbdimp.c b/dbdimp.c +index c60a5f6..a6410e5 100644 +--- a/dbdimp.c ++++ b/dbdimp.c +@@ -4894,12 +4894,8 @@ void dbd_st_destroy(SV *sth, imp_sth_t *imp_sth) { + + if (imp_sth->stmt) + { +- if (mysql_stmt_close(imp_sth->stmt)) +- { +- do_error(DBIc_PARENT_H(imp_sth), mysql_stmt_errno(imp_sth->stmt), +- mysql_stmt_error(imp_sth->stmt), +- mysql_stmt_sqlstate(imp_sth->stmt)); +- } ++ mysql_stmt_close(imp_sth->stmt); ++ imp_sth->stmt= NULL; + } + #endif + +diff --git a/mysql.xs b/mysql.xs +index 55376e1..affde59 100644 +--- a/mysql.xs ++++ b/mysql.xs +@@ -434,11 +434,8 @@ do(dbh, statement, attr=Nullsv, ...) + if (bind) + Safefree(bind); + +- if(mysql_stmt_close(stmt)) +- { +- fprintf(stderr, "\n failed while closing the statement"); +- fprintf(stderr, "\n %s", mysql_stmt_error(stmt)); +- } ++ mysql_stmt_close(stmt); ++ stmt= NULL; + + if (retval == -2) /* -2 means error */ + { +-- +1.7.9.5 + diff --git a/perl-DBD-mysql.changes b/perl-DBD-mysql.changes index bbae08c..ab3933d 100644 --- a/perl-DBD-mysql.changes +++ b/perl-DBD-mysql.changes @@ -1,3 +1,10 @@ +------------------------------------------------------------------- +Mon Jul 17 11:16:13 UTC 2017 - pmonrealgonzalez@suse.com + +- Add patch to fix CVE-2017-10788 bsc#1047095 + * Denial of service or possibly RCE through use-after-free + * perl-DBD-mysql-4.043-CVE-2017-10788.patch + ------------------------------------------------------------------- Fri Jun 30 05:19:38 UTC 2017 - coolo@suse.com diff --git a/perl-DBD-mysql.spec b/perl-DBD-mysql.spec index bce0c2e..2c33455 100644 --- a/perl-DBD-mysql.spec +++ b/perl-DBD-mysql.spec @@ -26,6 +26,8 @@ Group: Development/Libraries/Perl Url: http://search.cpan.org/dist/DBD-mysql/ Source0: https://cpan.metacpan.org/authors/id/M/MI/MICHIELB/%{cpan_name}-%{version}.tar.gz Source1: cpanspec.yml +# PATCH-FIX-UPSTREAM CVE-2017-10788 bsc#1047095 pmonrealgonzalez@suse.com - DoS or possibly RCE through use-after-free +Patch1: perl-DBD-mysql-4.043-CVE-2017-10788.patch BuildRoot: %{_tmppath}/%{name}-%{version}-build BuildRequires: perl BuildRequires: perl-macros @@ -49,6 +51,7 @@ no-one ever requested them. :-) %prep %setup -q -n %{cpan_name}-%{version} find . -type f ! -name \*.pl -print0 | xargs -0 chmod 644 +%patch1 -p1 %build %{__perl} Makefile.PL INSTALLDIRS=vendor OPTIMIZE="%{optflags}"