diff options
Diffstat (limited to 'lang/perl5/patches/patch-cpan_File-Path_lib_File_Path.pm')
-rw-r--r-- | lang/perl5/patches/patch-cpan_File-Path_lib_File_Path.pm | 64 |
1 files changed, 64 insertions, 0 deletions
diff --git a/lang/perl5/patches/patch-cpan_File-Path_lib_File_Path.pm b/lang/perl5/patches/patch-cpan_File-Path_lib_File_Path.pm new file mode 100644 index 00000000000..f3261a86438 --- /dev/null +++ b/lang/perl5/patches/patch-cpan_File-Path_lib_File_Path.pm @@ -0,0 +1,64 @@ +$NetBSD: patch-cpan_File-Path_lib_File_Path.pm,v 1.1 2017/06/05 18:58:44 bsiegert Exp $ +OpenBSD 6.1 errata 10, June 04, 2017: + +Use fchmod to avoid a race condition in File::Path. +Fixes CVE-2017-6512. + +--- cpan/File-Path/lib/File/Path.pm 5 Feb 2017 00:31:58 -0000 ++++ cpan/File-Path/lib/File/Path.pm 1 Jun 2017 22:00:11 -0000 +@@ -18,7 +18,7 @@ BEGIN { + + use Exporter (); + use vars qw($VERSION @ISA @EXPORT @EXPORT_OK); +-$VERSION = '2.12_01'; ++$VERSION = '2.12_02'; + $VERSION = eval $VERSION; + @ISA = qw(Exporter); + @EXPORT = qw(mkpath rmtree); +@@ -354,21 +354,32 @@ sub _rmtree { + + # see if we can escalate privileges to get in + # (e.g. funny protection mask such as -w- instead of rwx) +- $perm &= oct '7777'; +- my $nperm = $perm | oct '700'; +- if ( +- !( +- $arg->{safe} +- or $nperm == $perm +- or chmod( $nperm, $root ) +- ) +- ) +- { +- _error( $arg, +- "cannot make child directory read-write-exec", $canon ); +- next ROOT_DIR; ++ # This uses fchmod to avoid traversing outside of the proper ++ # location (CVE-2017-6512) ++ my $root_fh; ++ if (open($root_fh, '<', $root)) { ++ my ($fh_dev, $fh_inode) = (stat $root_fh )[0,1]; ++ $perm &= oct '7777'; ++ my $nperm = $perm | oct '700'; ++ local $@; ++ if ( ++ !( ++ $arg->{safe} ++ or $nperm == $perm ++ or !-d _ ++ or $fh_dev ne $ldev ++ or $fh_inode ne $lino ++ or eval { chmod( $nperm, $root_fh ) } ++ ) ++ ) ++ { ++ _error( $arg, ++ "cannot make child directory read-write-exec", $canon ); ++ next ROOT_DIR; ++ } ++ close $root_fh; + } +- elsif ( !chdir($root) ) { ++ if ( !chdir($root) ) { + _error( $arg, "cannot chdir to child", $canon ); + next ROOT_DIR; + } |