summaryrefslogtreecommitdiff
path: root/lang/perl58/patches/patch-bf
diff options
context:
space:
mode:
Diffstat (limited to 'lang/perl58/patches/patch-bf')
-rw-r--r--lang/perl58/patches/patch-bf24
1 files changed, 24 insertions, 0 deletions
diff --git a/lang/perl58/patches/patch-bf b/lang/perl58/patches/patch-bf
new file mode 100644
index 00000000000..057c3a2afe4
--- /dev/null
+++ b/lang/perl58/patches/patch-bf
@@ -0,0 +1,24 @@
+$NetBSD: patch-bf,v 1.1.2.2 2005/02/05 17:22:21 salo Exp $
+
+--- perlio.c.orig 2004-09-10 03:06:52.000000000 -0400
++++ perlio.c
+@@ -448,7 +448,8 @@ PerlIO_debug(const char *fmt, ...)
+ va_list ap;
+ dSYS;
+ va_start(ap, fmt);
+- if (!dbg) {
++ /* Tighten uid/gid checks [CAN-2005-0155] */
++ if (!dbg && !PL_tainting && PL_uid == PL_euid && PL_gid == PL_egid) {
+ char *s = PerlEnv_getenv("PERLIO_DEBUG");
+ if (s && *s)
+ dbg = PerlLIO_open3(s, O_WRONLY | O_CREAT | O_APPEND, 0666);
+@@ -465,7 +466,8 @@ PerlIO_debug(const char *fmt, ...)
+ s = CopFILE(PL_curcop);
+ if (!s)
+ s = "(none)";
+- sprintf(buffer, "%s:%" IVdf " ", s, (IV) CopLINE(PL_curcop));
++ /* Avoid PERLIO_DEBUG buffer overflow [CAN-2005-0156] */
++ sprintf(buffer, "%.40s:%" IVdf " ", s, (IV) CopLINE(PL_curcop));
+ len = strlen(buffer);
+ vsprintf(buffer+len, fmt, ap);
+ PerlLIO_write(dbg, buffer, strlen(buffer));
generated by cgit v1.2.3 (git 2.39.1) at 2024-06-04 17:57:17 +0000