Re: [PATCH] Re: Perl PR: "Security holes in Sys::Syslog" - nntp.perl.org

Front page | perl.perl5.porters | Postings from December 2005

Re: [PATCH] Re: Perl PR: "Security holes in Sys::Syslog"

Thread Previous | Thread Next

From:

Nicholas Clark

Date:

December 1, 2005 07:52

Subject:

Re: [PATCH] Re: Perl PR: "Security holes in Sys::Syslog"

Message ID:

20051201155226.GD68284@plum.flirble.org

On Thu, Dec 01, 2005 at 07:45:48AM -0800, Jan Dubois wrote:
> On Thu, 01 Dec 2005, Gisle Aas wrote:
> > 
> > This patch plugs that hole.
> 
> PL_memory_wrap is only defined if you have PERL_MALLOC_WRAP enabled,
> so you need to check for it:
> 
>  
> > --- perl-current/sv.c	2005-12-01 10:56:34.000000000 +0100
> > +++ perl-hack/sv.c	2005-12-01 15:15:01.000000000 +0100
> > @@ -8889,6 +8889,8 @@
> > 
> >  	/* calculate width before utf8_upgrade changes it */
> >  	have = esignlen + zeros + elen;
> 
> #ifdef PERL_MALLOC_WRAP
> 
> > +	if (have < zeros)
> > +	    Perl_croak_nocontext(PL_memory_wrap);
> 
> #endif

Alternatively change it so that PL_memory_wrap always be defined?

I believe that the new test here will work on all platforms, even those where
the generic memory wrap macros don't.


Nicholas Clark

Thread Previous | Thread Next

Perl PR: "Security holes in Sys::Syslog" by Andy Lester

Re: Perl PR: "Security holes in Sys::Syslog" by dreamwvr

Re: Perl PR: "Security holes in Sys::Syslog" by Dave Mitchell

Re: Perl PR: "Security holes in Sys::Syslog" by Nicholas Clark

Re: Perl PR: "Security holes in Sys::Syslog" by Gisle Aas

Re: Perl PR: "Security holes in Sys::Syslog" by Gisle Aas

[PATCH] Disable constant folding of sprintf by Gisle Aas

Re: [PATCH] Disable constant folding of sprintf by hv

Re: [PATCH] Disable constant folding of sprintf by Nicholas Clark

Re: [PATCH] Disable constant folding of sprintf by Andy Lester

Re: [PATCH] Disable constant folding of sprintf by Steve Peters

Re: [PATCH] Disable constant folding of sprintf by Rafael Garcia-Suarez

Re: Perl PR: "Security holes in Sys::Syslog" by Rafael Garcia-Suarez

Re: Perl PR: "Security holes in Sys::Syslog" by Gisle Aas

Re: Perl PR: "Security holes in Sys::Syslog" by Ronald J Kimball

RE: Perl PR: "Security holes in Sys::Syslog" by Jan Dubois

Re: Perl PR: "Security holes in Sys::Syslog" by Ronald J Kimball

Re: Perl PR: "Security holes in Sys::Syslog" by Gisle Aas
Re: Perl PR: "Security holes in Sys::Syslog" by Rafael Garcia-Suarez

sprintf patches by Andy Lester

Re: sprintf patches by Rafael Garcia-Suarez

Re: sprintf patches by Nicholas Clark

Re: sprintf patches by Brendan O'Dea

Re: sprintf patches by Nicholas Clark

Re: sprintf patches by H.Merijn Brand
Re: sprintf patches by Steve Peters

Re: sprintf patches by Jason Vas Dias

Re: sprintf patches by Nicholas Clark

Re: sprintf patches by Brendan O'Dea

Re: sprintf patches by Nicholas Clark

Re: sprintf patches by Dominic Dunlop

Re: sprintf patches by Dominic Dunlop
Re: sprintf patches by Dominic Dunlop

Re: sprintf patches by Nicholas Clark

Re: sprintf patches by Andrew Dougherty

Re: sprintf patches by Nicholas Clark

Re: sprintf patches by Dominic Dunlop
Re: sprintf patches by Nicholas Clark

Re: sprintf patches by Nicholas Clark

Re: sprintf patches by Steve Hay

Re: sprintf patches by Nicholas Clark

Re: sprintf patches by Steve Hay

Re: sprintf patches by Nicholas Clark

Re: sprintf patches by Nicholas Clark

Re: sprintf patches by Andy Dougherty
Re: sprintf patches by Dominic Dunlop

Re: sprintf patches by Nicholas Clark

Re: sprintf patches by Andy Dougherty

RE: Perl PR: "Security holes in Sys::Syslog" by Jan Dubois

Re: Perl PR: "Security holes in Sys::Syslog" by Gisle Aas

RE: Perl PR: "Security holes in Sys::Syslog" by Jan Dubois
Re: Perl PR: "Security holes in Sys::Syslog" by Ronald J Kimball

Re: Perl PR: "Security holes in Sys::Syslog" by Gisle Aas

Re: Perl PR: "Security holes in Sys::Syslog" by Rafael Garcia-Suarez

Re: Perl PR: "Security holes in Sys::Syslog" by Gisle Aas

Re: Perl PR: "Security holes in Sys::Syslog" by Dave Mitchell

Re: Perl PR: "Security holes in Sys::Syslog" by hv

Re: Perl PR: "Security holes in Sys::Syslog" by Nicholas Clark

Re: Perl PR: "Security holes in Sys::Syslog" by hv

Re: Perl PR: "Security holes in Sys::Syslog" by Gisle Aas
Re: Perl PR: "Security holes in Sys::Syslog" by Andy Lester

Re: Perl PR: "Security holes in Sys::Syslog" by Gisle Aas

[patch] Re: Perl PR: "Security holes in Sys::Syslog" by Philippe M. Chiasson

Re: [patch] Re: Perl PR: "Security holes in Sys::Syslog" by Allen Smith
Re: [patch] Re: Perl PR: "Security holes in Sys::Syslog" by Rafael Garcia-Suarez

Re: [patch] Re: Perl PR: "Security holes in Sys::Syslog" by Gisle Aas

[PATCH] Re: Perl PR: "Security holes in Sys::Syslog" by Gisle Aas

RE: [PATCH] Re: Perl PR: "Security holes in Sys::Syslog" by Jan Dubois

Re: [PATCH] Re: Perl PR: "Security holes in Sys::Syslog" by Rafael Garcia-Suarez
Re: [PATCH] Re: Perl PR: "Security holes in Sys::Syslog" by Nicholas Clark

RE: [PATCH] Re: Perl PR: "Security holes in Sys::Syslog" by Jan Dubois

Re: [PATCH] Re: Perl PR: "Security holes in Sys::Syslog" by Rafael Garcia-Suarez

Re: [PATCH] Re: Perl PR: "Security holes in Sys::Syslog" by Rafael Garcia-Suarez

[PATCH] Suppress "0b" prefix for sprintf("%#b", 0) by Gisle Aas

Re: Perl PR: "Security holes in Sys::Syslog" by Adriano Ferreira

nntp.perl.org: Perl Programming lists via nntp and http.
Comments to Ask Bjørn Hansen at ask@perl.org | Group listing | About