diff options
Diffstat (limited to 'lang/perl5/patches/patch-bf')
-rw-r--r-- | lang/perl5/patches/patch-bf | 24 |
1 files changed, 0 insertions, 24 deletions
diff --git a/lang/perl5/patches/patch-bf b/lang/perl5/patches/patch-bf deleted file mode 100644 index cc65e2cc14a..00000000000 --- a/lang/perl5/patches/patch-bf +++ /dev/null @@ -1,24 +0,0 @@ -$NetBSD: patch-bf,v 1.1 2005/06/24 06:43:47 jlam Exp $ - ---- perlio.c.orig 2004-09-10 03:06:52.000000000 -0400 -+++ perlio.c -@@ -454,7 +454,8 @@ PerlIO_debug(const char *fmt, ...) - va_list ap; - dSYS; - va_start(ap, fmt); -- if (!dbg) { -+ /* Tighten uid/gid checks [CAN-2005-0155] */ -+ if (!dbg && !PL_tainting && PL_uid == PL_euid && PL_gid == PL_egid) { - char *s = PerlEnv_getenv("PERLIO_DEBUG"); - if (s && *s) - dbg = PerlLIO_open3(s, O_WRONLY | O_CREAT | O_APPEND, 0666); -@@ -471,7 +472,8 @@ PerlIO_debug(const char *fmt, ...) - s = CopFILE(PL_curcop); - if (!s) - s = "(none)"; -- sprintf(buffer, "%s:%" IVdf " ", s, (IV) CopLINE(PL_curcop)); -+ /* Avoid PERLIO_DEBUG buffer overflow [CAN-2005-0156] */ -+ sprintf(buffer, "%.40s:%" IVdf " ", s, (IV) CopLINE(PL_curcop)); - len = strlen(buffer); - vsprintf(buffer+len, fmt, ap); - PerlLIO_write(dbg, buffer, strlen(buffer)); |