Mercurial > illumos > illumos-gate

changeset 6696:a476264b067f

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
6629836 perl 5.8 vulnerable to buffer overflow in regular expression engine 6688142 Lgrp perl test broken in 5.6.1
author vm156888
date Fri, 23 May 2008 01:41:17 -0700
parents 12d7dd4459fd
children acd61c9c8407
files usr/src/cmd/perl/5.8.4/distrib/patchlevel.h usr/src/cmd/perl/5.8.4/distrib/regcomp.c usr/src/cmd/perl/5.8.4/distrib/t/op/pat.t usr/src/cmd/perl/contrib/Sun/Solaris/Lgrp/t/Lgrp_api.t
diffstat 4 files changed, 53 insertions(+), 7 deletions(-) [+]
line wrap: on
line diff
--- a/usr/src/cmd/perl/5.8.4/distrib/patchlevel.h	Thu May 22 22:23:49 2008 -0700
+++ b/usr/src/cmd/perl/5.8.4/distrib/patchlevel.h	Fri May 23 01:41:17 2008 -0700
@@ -150,6 +150,7 @@
 	"27722 perlio.c breaks on Solaris/gcc when > 256 FDs are available",
  	"SPRINTF0 - fixes for sprintf formatting issues - CVE-2005-3962",
 	"6663288 Upgrade to CGI.pm 3.33",
+ 	"REGEXP0 - fix for UTF-8 recoding in regexps - CVE-2007-5116",
 	NULL
 };
 
--- a/usr/src/cmd/perl/5.8.4/distrib/regcomp.c	Thu May 22 22:23:49 2008 -0700
+++ b/usr/src/cmd/perl/5.8.4/distrib/regcomp.c	Fri May 23 01:41:17 2008 -0700
@@ -126,7 +126,10 @@
     I32		extralen;
     I32		seen_zerolen;
     I32		seen_evals;
-    I32		utf8;
+    I32		utf8;		/* whether the pattern is utf8 or not */
+    I32		orig_utf8;	/* whether the pattern was originally in utf8 */
+				/* XXX use this for future optimisation of case
+				 * where pattern must be upgraded to utf8. */
 #if ADD_TO_REGEXEC
     char 	*starttry;		/* -Dr: where regtry was called. */
 #define RExC_starttry	(pRExC_state->starttry)
@@ -152,6 +155,7 @@
 #define RExC_seen_zerolen	(pRExC_state->seen_zerolen)
 #define RExC_seen_evals	(pRExC_state->seen_evals)
 #define RExC_utf8	(pRExC_state->utf8)
+#define RExC_orig_utf8	(pRExC_state->orig_utf8)
 
 #define	ISMULT1(c)	((c) == '*' || (c) == '+' || (c) == '?')
 #define	ISMULT2(s)	((*s) == '*' || (*s) == '+' || (*s) == '?' || \
@@ -1746,15 +1750,17 @@
     if (exp == NULL)
 	FAIL("NULL regexp argument");
 
-    RExC_utf8 = pm->op_pmdynflags & PMdf_CMP_UTF8;
-
-    RExC_precomp = exp;
+    RExC_utf8 = RExC_orig_utf8 = pm->op_pmdynflags & PMdf_CMP_UTF8;
+
     DEBUG_r({
 	 if (!PL_colorset) reginitcolors();
 	 PerlIO_printf(Perl_debug_log, "%sCompiling REx%s `%s%*s%s'\n",
 		       PL_colors[4],PL_colors[5],PL_colors[0],
-		       (int)(xend - exp), RExC_precomp, PL_colors[1]);
+		       (int)(xend - exp), exp, PL_colors[1]);
     });
+
+redo_first_pass:
+    RExC_precomp = exp;
     RExC_flags = pm->op_pmflags;
     RExC_sawback = 0;
 
@@ -1780,6 +1786,26 @@
 	RExC_precomp = Nullch;
 	return(NULL);
     }
+
+    if (RExC_utf8 && !RExC_orig_utf8) {
+        /* It's possible to write a regexp in ascii that represents unicode
+        codepoints outside of the byte range, such as via \x{100}. If we
+        detect such a sequence we have to convert the entire pattern to utf8
+        and then recompile, as our sizing calculation will have been based
+        on 1 byte == 1 character, but we will need to use utf8 to encode
+        at least some part of the pattern, and therefore must convert the whole
+        thing.
+        XXX: somehow figure out how to make this less expensive...
+        -- dmq */
+        STRLEN len = xend-exp;
+        DEBUG_r(PerlIO_printf(Perl_debug_log,
+	    "UTF8 mismatch! Converting to utf8 for resizing and compile\n"));
+        exp = (char*)Perl_bytes_to_utf8(aTHX_ (U8*)exp, &len);
+        xend = exp + len;
+        RExC_orig_utf8 = RExC_utf8;
+        SAVEFREEPV(exp);
+        goto redo_first_pass;
+    }
     DEBUG_r(PerlIO_printf(Perl_debug_log, "size %"IVdf" ", (IV)RExC_size));
 
     /* Small enough for pointer-storage convention?
--- a/usr/src/cmd/perl/5.8.4/distrib/t/op/pat.t	Thu May 22 22:23:49 2008 -0700
+++ b/usr/src/cmd/perl/5.8.4/distrib/t/op/pat.t	Fri May 23 01:41:17 2008 -0700
@@ -6,7 +6,7 @@
 
 $| = 1;
 
-print "1..1056\n";
+print "1..1058\n";
 
 BEGIN {
     chdir 't' if -d 't';
@@ -3255,6 +3255,15 @@
 	);
     }
 }
+ 
+{
+    use warnings;
+    my @w;
+    local $SIG{__WARN__}=sub{push @w,"@_"};
+    my $c=qq(\x{DF}); 
+    ok($c=~/${c}|\x{100}/, "ASCII pattern that really is utf8");
+    ok(@w==0, "No warnings");
+}    
 
 # perl #25269: panic: pp_match start/end pointers
 ok("a-bc" eq eval {
--- a/usr/src/cmd/perl/contrib/Sun/Solaris/Lgrp/t/Lgrp_api.t	Thu May 22 22:23:49 2008 -0700
+++ b/usr/src/cmd/perl/contrib/Sun/Solaris/Lgrp/t/Lgrp_api.t	Fri May 23 01:41:17 2008 -0700
@@ -24,13 +24,23 @@
 # Copyright 2006 Sun Microsystems, Inc.  All rights reserved.
 # Use is subject to license terms.
 #
-# ident	"%Z%%M%	%I%	%E% SMI"
+# ident	"@(#)Lgrp_api.t	1.1	06/09/01 SMI"
 #
 
 require 5.8.0;
 use strict;
 use warnings;
 
+# Make sure that Lgrp test is not executed on anything less than 5.8.0,
+# as Lgrp is not implemented there
+BEGIN {
+	if ($] < 5.008) {
+		# Fake one successfull test and exit
+		printf "1..1\nok\n";
+		exit 0;
+	}
+}
+
 ######################################################################
 # Tests for Sun::Solaris::Lgrp API.
 #