* [bug#27805] [PATCH] gnu: perl-dbd-mysql: Fix CVE-2017-10788.
@ 2017-07-24 18:31 Kei Kebreau
2017-07-24 19:17 ` Leo Famulari
0 siblings, 1 reply; 5+ messages in thread
From: Kei Kebreau @ 2017-07-24 18:31 UTC (permalink / raw)
To: 27805; +Cc: Kei Kebreau
* gnu/packages/patches/perl-dbd-mysql-CVE-2017-10788.patch: New file.
* gnu/local.mk (dist_patch_DATA): Add it.
* gnu/packages/databases.scm (perl-dbd-mysql)[source]: Use it.
---
gnu/local.mk | 1 +
gnu/packages/databases.scm | 3 +-
.../patches/perl-dbd-mysql-CVE-2017-10788.patch | 51 ++++++++++++++++++++++
3 files changed, 54 insertions(+), 1 deletion(-)
create mode 100644 gnu/packages/patches/perl-dbd-mysql-CVE-2017-10788.patch
diff --git a/gnu/local.mk b/gnu/local.mk
index 3eccc879b..4292d705c 100644
--- a/gnu/local.mk
+++ b/gnu/local.mk
@@ -902,6 +902,7 @@ dist_patch_DATA = \
%D%/packages/patches/pcre2-CVE-2017-8786.patch \
%D%/packages/patches/perl-file-path-CVE-2017-6512.patch \
%D%/packages/patches/perl-autosplit-default-time.patch \
+ %D%/packages/patches/perl-dbd-mysql-CVE-2017-10788.patch \
%D%/packages/patches/perl-deterministic-ordering.patch \
%D%/packages/patches/perl-finance-quote-unuse-mozilla-ca.patch \
%D%/packages/patches/perl-gd-options-passthrough-and-fontconfig.patch \
diff --git a/gnu/packages/databases.scm b/gnu/packages/databases.scm
index ee340505e..7e62452ea 100644
--- a/gnu/packages/databases.scm
+++ b/gnu/packages/databases.scm
@@ -1015,7 +1015,8 @@ columns, primary keys, unique constraints and relationships.")
"DBD-mysql-" version ".tar.gz"))
(sha256
(base32
- "16bg7l28n65ngi1abjxvwk906a80i2vd5vzjn812dx8phdg8d7v2"))))
+ "16bg7l28n65ngi1abjxvwk906a80i2vd5vzjn812dx8phdg8d7v2"))
+ (patches (search-patches "perl-dbd-mysql-CVE-2017-10788.patch"))))
(build-system perl-build-system)
;; Tests require running MySQL server
(arguments `(#:tests? #f))
diff --git a/gnu/packages/patches/perl-dbd-mysql-CVE-2017-10788.patch b/gnu/packages/patches/perl-dbd-mysql-CVE-2017-10788.patch
new file mode 100644
index 000000000..344f2d803
--- /dev/null
+++ b/gnu/packages/patches/perl-dbd-mysql-CVE-2017-10788.patch
@@ -0,0 +1,51 @@
+From 9ce10cfae7138c37c3a0cb2ba2a1d682482943d0 Mon Sep 17 00:00:00 2001
+From: Pali <pali@cpan.org>
+Date: Sun, 25 Jun 2017 10:07:39 +0200
+Subject: [PATCH] Fix use-after-free after calling mysql_stmt_close()
+
+Ignore return value from mysql_stmt_close() and also its error message
+because it points to freed memory after mysql_stmt_close() was called.
+---
+ dbdimp.c | 8 ++------
+ mysql.xs | 7 ++-----
+ 2 files changed, 4 insertions(+), 11 deletions(-)
+
+diff --git a/dbdimp.c b/dbdimp.c
+index c60a5f6..a6410e5 100644
+--- a/dbdimp.c
++++ b/dbdimp.c
+@@ -4894,12 +4894,8 @@ void dbd_st_destroy(SV *sth, imp_sth_t *imp_sth) {
+
+ if (imp_sth->stmt)
+ {
+- if (mysql_stmt_close(imp_sth->stmt))
+- {
+- do_error(DBIc_PARENT_H(imp_sth), mysql_stmt_errno(imp_sth->stmt),
+- mysql_stmt_error(imp_sth->stmt),
+- mysql_stmt_sqlstate(imp_sth->stmt));
+- }
++ mysql_stmt_close(imp_sth->stmt);
++ imp_sth->stmt= NULL;
+ }
+ #endif
+
+diff --git a/mysql.xs b/mysql.xs
+index 55376e1..affde59 100644
+--- a/mysql.xs
++++ b/mysql.xs
+@@ -434,11 +434,8 @@ do(dbh, statement, attr=Nullsv, ...)
+ if (bind)
+ Safefree(bind);
+
+- if(mysql_stmt_close(stmt))
+- {
+- fprintf(stderr, "\n failed while closing the statement");
+- fprintf(stderr, "\n %s", mysql_stmt_error(stmt));
+- }
++ mysql_stmt_close(stmt);
++ stmt= NULL;
+
+ if (retval == -2) /* -2 means error */
+ {
+--
+1.7.9.5
--
2.13.3
^ permalink raw reply related [flat|nested] 5+ messages in thread
* [bug#27805] [PATCH] gnu: perl-dbd-mysql: Fix CVE-2017-10788.
2017-07-24 18:31 [bug#27805] [PATCH] gnu: perl-dbd-mysql: Fix CVE-2017-10788 Kei Kebreau
@ 2017-07-24 19:17 ` Leo Famulari
2017-07-24 22:07 ` Kei Kebreau
0 siblings, 1 reply; 5+ messages in thread
From: Leo Famulari @ 2017-07-24 19:17 UTC (permalink / raw)
To: Kei Kebreau; +Cc: 27805
[-- Attachment #1: Type: text/plain, Size: 1263 bytes --]
On Mon, Jul 24, 2017 at 02:31:44PM -0400, Kei Kebreau wrote:
> * gnu/packages/patches/perl-dbd-mysql-CVE-2017-10788.patch: New file.
> * gnu/local.mk (dist_patch_DATA): Add it.
> * gnu/packages/databases.scm (perl-dbd-mysql)[source]: Use it.
Thanks!
> diff --git a/gnu/packages/patches/perl-dbd-mysql-CVE-2017-10788.patch b/gnu/packages/patches/perl-dbd-mysql-CVE-2017-10788.patch
> new file mode 100644
> index 000000000..344f2d803
> --- /dev/null
> +++ b/gnu/packages/patches/perl-dbd-mysql-CVE-2017-10788.patch
> @@ -0,0 +1,51 @@
> +From 9ce10cfae7138c37c3a0cb2ba2a1d682482943d0 Mon Sep 17 00:00:00 2001
> +From: Pali <pali@cpan.org>
> +Date: Sun, 25 Jun 2017 10:07:39 +0200
> +Subject: [PATCH] Fix use-after-free after calling mysql_stmt_close()
> +
> +Ignore return value from mysql_stmt_close() and also its error message
> +because it points to freed memory after mysql_stmt_close() was called.
Can you add a link to the MITRE page for this CVE (and any other pages
you think are relevant) and to the source of this patch?
Check 'gnu/packages/patches/wget-CVE-2017-6508.patch' for an example if
you are unsure.
There is also CVE-2017-10789. I'm not sure if there is a fix merged
upstream yet:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=2017-10789
[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 833 bytes --]
^ permalink raw reply [flat|nested] 5+ messages in thread
* [bug#27805] [PATCH] gnu: perl-dbd-mysql: Fix CVE-2017-10788.
2017-07-24 19:17 ` Leo Famulari
@ 2017-07-24 22:07 ` Kei Kebreau
2017-07-25 18:00 ` Leo Famulari
0 siblings, 1 reply; 5+ messages in thread
From: Kei Kebreau @ 2017-07-24 22:07 UTC (permalink / raw)
To: Leo Famulari; +Cc: 27805
[-- Attachment #1.1: Type: text/plain, Size: 1672 bytes --]
Leo Famulari <leo@famulari.name> writes:
> On Mon, Jul 24, 2017 at 02:31:44PM -0400, Kei Kebreau wrote:
>> * gnu/packages/patches/perl-dbd-mysql-CVE-2017-10788.patch: New file.
>> * gnu/local.mk (dist_patch_DATA): Add it.
>> * gnu/packages/databases.scm (perl-dbd-mysql)[source]: Use it.
>
> Thanks!
>
>> diff --git
>> a/gnu/packages/patches/perl-dbd-mysql-CVE-2017-10788.patch
>> b/gnu/packages/patches/perl-dbd-mysql-CVE-2017-10788.patch
>> new file mode 100644
>> index 000000000..344f2d803
>> --- /dev/null
>> +++ b/gnu/packages/patches/perl-dbd-mysql-CVE-2017-10788.patch
>> @@ -0,0 +1,51 @@
>> +From 9ce10cfae7138c37c3a0cb2ba2a1d682482943d0 Mon Sep 17 00:00:00 2001
>> +From: Pali <pali@cpan.org>
>> +Date: Sun, 25 Jun 2017 10:07:39 +0200
>> +Subject: [PATCH] Fix use-after-free after calling mysql_stmt_close()
>> +
>> +Ignore return value from mysql_stmt_close() and also its error message
>> +because it points to freed memory after mysql_stmt_close() was called.
>
> Can you add a link to the MITRE page for this CVE (and any other pages
> you think are relevant) and to the source of this patch?
>
Done! FYI, this patch is tentative (i.e. not merged upstream as of
yet). It seems to do the right thing, but I'm not quite sure, as I'm not
an experienced C programmer, nor am I a user of this package.
> Check 'gnu/packages/patches/wget-CVE-2017-6508.patch' for an example if
> you are unsure.
>
> There is also CVE-2017-10789. I'm not sure if there is a fix merged
> upstream yet:
>
> http://cve.mitre.org/cgi-bin/cvename.cgi?name=2017-10789
There was a fix that was merged and later reverted in the latest
version, 4.043.
How does the attached patch look?
[-- Attachment #1.2: 0001-gnu-perl-dbd-mysql-Fix-CVE-2017-10788.patch --]
[-- Type: text/plain, Size: 4303 bytes --]
From d067457fcc87a0353dfdf6c8bfbe4f2bbdb90bb9 Mon Sep 17 00:00:00 2001
From: Kei Kebreau <kei@openmailbox.org>
Date: Mon, 24 Jul 2017 13:51:50 -0400
Subject: [PATCH] gnu: perl-dbd-mysql: Fix CVE-2017-10788.
* gnu/packages/patches/perl-dbd-mysql-CVE-2017-10788.patch: New file.
* gnu/local.mk (dist_patch_DATA): Add it.
* gnu/packages/databases.scm (perl-dbd-mysql)[source]: Use it.
---
gnu/local.mk | 1 +
gnu/packages/databases.scm | 3 +-
.../patches/perl-dbd-mysql-CVE-2017-10788.patch | 62 ++++++++++++++++++++++
3 files changed, 65 insertions(+), 1 deletion(-)
create mode 100644 gnu/packages/patches/perl-dbd-mysql-CVE-2017-10788.patch
diff --git a/gnu/local.mk b/gnu/local.mk
index 3eccc879b..4292d705c 100644
--- a/gnu/local.mk
+++ b/gnu/local.mk
@@ -902,6 +902,7 @@ dist_patch_DATA = \
%D%/packages/patches/pcre2-CVE-2017-8786.patch \
%D%/packages/patches/perl-file-path-CVE-2017-6512.patch \
%D%/packages/patches/perl-autosplit-default-time.patch \
+ %D%/packages/patches/perl-dbd-mysql-CVE-2017-10788.patch \
%D%/packages/patches/perl-deterministic-ordering.patch \
%D%/packages/patches/perl-finance-quote-unuse-mozilla-ca.patch \
%D%/packages/patches/perl-gd-options-passthrough-and-fontconfig.patch \
diff --git a/gnu/packages/databases.scm b/gnu/packages/databases.scm
index ee340505e..7e62452ea 100644
--- a/gnu/packages/databases.scm
+++ b/gnu/packages/databases.scm
@@ -1015,7 +1015,8 @@ columns, primary keys, unique constraints and relationships.")
"DBD-mysql-" version ".tar.gz"))
(sha256
(base32
- "16bg7l28n65ngi1abjxvwk906a80i2vd5vzjn812dx8phdg8d7v2"))))
+ "16bg7l28n65ngi1abjxvwk906a80i2vd5vzjn812dx8phdg8d7v2"))
+ (patches (search-patches "perl-dbd-mysql-CVE-2017-10788.patch"))))
(build-system perl-build-system)
;; Tests require running MySQL server
(arguments `(#:tests? #f))
diff --git a/gnu/packages/patches/perl-dbd-mysql-CVE-2017-10788.patch b/gnu/packages/patches/perl-dbd-mysql-CVE-2017-10788.patch
new file mode 100644
index 000000000..74613cb63
--- /dev/null
+++ b/gnu/packages/patches/perl-dbd-mysql-CVE-2017-10788.patch
@@ -0,0 +1,62 @@
+Fix CVE-2017-10788:
+
+https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10788
+
+Patch written to match corrected documentation specifications:
+
+Old: http://web.archive.org/web/20161220021610/https://dev.mysql.com/doc/refman/5.7/en/mysql-stmt-close.html
+New: https://dev.mysql.com/doc/refman/5.7/en/mysql-stmt-close.html
+
+The patch itself is from https://github.com/perl5-dbi/DBD-mysql/issues/120#issuecomment-312420660.
+
+From 9ce10cfae7138c37c3a0cb2ba2a1d682482943d0 Mon Sep 17 00:00:00 2001
+From: Pali <pali@cpan.org>
+Date: Sun, 25 Jun 2017 10:07:39 +0200
+Subject: [PATCH] Fix use-after-free after calling mysql_stmt_close()
+
+Ignore return value from mysql_stmt_close() and also its error message
+because it points to freed memory after mysql_stmt_close() was called.
+---
+ dbdimp.c | 8 ++------
+ mysql.xs | 7 ++-----
+ 2 files changed, 4 insertions(+), 11 deletions(-)
+
+diff --git a/dbdimp.c b/dbdimp.c
+index c60a5f6..a6410e5 100644
+--- a/dbdimp.c
++++ b/dbdimp.c
+@@ -4894,12 +4894,8 @@ void dbd_st_destroy(SV *sth, imp_sth_t *imp_sth) {
+
+ if (imp_sth->stmt)
+ {
+- if (mysql_stmt_close(imp_sth->stmt))
+- {
+- do_error(DBIc_PARENT_H(imp_sth), mysql_stmt_errno(imp_sth->stmt),
+- mysql_stmt_error(imp_sth->stmt),
+- mysql_stmt_sqlstate(imp_sth->stmt));
+- }
++ mysql_stmt_close(imp_sth->stmt);
++ imp_sth->stmt= NULL;
+ }
+ #endif
+
+diff --git a/mysql.xs b/mysql.xs
+index 55376e1..affde59 100644
+--- a/mysql.xs
++++ b/mysql.xs
+@@ -434,11 +434,8 @@ do(dbh, statement, attr=Nullsv, ...)
+ if (bind)
+ Safefree(bind);
+
+- if(mysql_stmt_close(stmt))
+- {
+- fprintf(stderr, "\n failed while closing the statement");
+- fprintf(stderr, "\n %s", mysql_stmt_error(stmt));
+- }
++ mysql_stmt_close(stmt);
++ stmt= NULL;
+
+ if (retval == -2) /* -2 means error */
+ {
+--
+1.7.9.5
--
2.13.3
[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 832 bytes --]
^ permalink raw reply related [flat|nested] 5+ messages in thread
* [bug#27805] [PATCH] gnu: perl-dbd-mysql: Fix CVE-2017-10788.
2017-07-24 22:07 ` Kei Kebreau
@ 2017-07-25 18:00 ` Leo Famulari
2017-07-25 18:13 ` bug#27805: " Kei Kebreau
0 siblings, 1 reply; 5+ messages in thread
From: Leo Famulari @ 2017-07-25 18:00 UTC (permalink / raw)
To: Kei Kebreau; +Cc: 27805
[-- Attachment #1: Type: text/plain, Size: 1134 bytes --]
On Mon, Jul 24, 2017 at 06:07:25PM -0400, Kei Kebreau wrote:
> Done! FYI, this patch is tentative (i.e. not merged upstream as of
> yet). It seems to do the right thing, but I'm not quite sure, as I'm not
> an experienced C programmer, nor am I a user of this package.
I'm not an expert but, I agree, it seems to do the right thing.
> > Check 'gnu/packages/patches/wget-CVE-2017-6508.patch' for an example if
> > you are unsure.
> >
> > There is also CVE-2017-10789. I'm not sure if there is a fix merged
> > upstream yet:
> >
> > http://cve.mitre.org/cgi-bin/cvename.cgi?name=2017-10789
Okay, let's wait on that one. Can you try to keep track of it?
> How does the attached patch look?
> From d067457fcc87a0353dfdf6c8bfbe4f2bbdb90bb9 Mon Sep 17 00:00:00 2001
> From: Kei Kebreau <kei@openmailbox.org>
> Date: Mon, 24 Jul 2017 13:51:50 -0400
> Subject: [PATCH] gnu: perl-dbd-mysql: Fix CVE-2017-10788.
>
> * gnu/packages/patches/perl-dbd-mysql-CVE-2017-10788.patch: New file.
> * gnu/local.mk (dist_patch_DATA): Add it.
> * gnu/packages/databases.scm (perl-dbd-mysql)[source]: Use it.
Please push!
[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 833 bytes --]
^ permalink raw reply [flat|nested] 5+ messages in thread
* bug#27805: [PATCH] gnu: perl-dbd-mysql: Fix CVE-2017-10788.
2017-07-25 18:00 ` Leo Famulari
@ 2017-07-25 18:13 ` Kei Kebreau
0 siblings, 0 replies; 5+ messages in thread
From: Kei Kebreau @ 2017-07-25 18:13 UTC (permalink / raw)
To: Leo Famulari; +Cc: 27805-done
[-- Attachment #1: Type: text/plain, Size: 1271 bytes --]
Leo Famulari <leo@famulari.name> writes:
> On Mon, Jul 24, 2017 at 06:07:25PM -0400, Kei Kebreau wrote:
>> Done! FYI, this patch is tentative (i.e. not merged upstream as of
>> yet). It seems to do the right thing, but I'm not quite sure, as I'm not
>> an experienced C programmer, nor am I a user of this package.
>
> I'm not an expert but, I agree, it seems to do the right thing.
>
>> > Check 'gnu/packages/patches/wget-CVE-2017-6508.patch' for an example if
>> > you are unsure.
>> >
>> > There is also CVE-2017-10789. I'm not sure if there is a fix merged
>> > upstream yet:
>> >
>> > http://cve.mitre.org/cgi-bin/cvename.cgi?name=2017-10789
>
> Okay, let's wait on that one. Can you try to keep track of it?
>
Will do!
>> How does the attached patch look?
>
>> From d067457fcc87a0353dfdf6c8bfbe4f2bbdb90bb9 Mon Sep 17 00:00:00 2001
>> From: Kei Kebreau <kei@openmailbox.org>
>> Date: Mon, 24 Jul 2017 13:51:50 -0400
>> Subject: [PATCH] gnu: perl-dbd-mysql: Fix CVE-2017-10788.
>>
>> * gnu/packages/patches/perl-dbd-mysql-CVE-2017-10788.patch: New file.
>> * gnu/local.mk (dist_patch_DATA): Add it.
>> * gnu/packages/databases.scm (perl-dbd-mysql)[source]: Use it.
>
> Please push!
Pushed to master! Thank you for reviewing.
[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 832 bytes --]
^ permalink raw reply [flat|nested] 5+ messages in thread
end of thread, other threads:[~2017-07-25 18:14 UTC | newest]
Thread overview: 5+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2017-07-24 18:31 [bug#27805] [PATCH] gnu: perl-dbd-mysql: Fix CVE-2017-10788 Kei Kebreau
2017-07-24 19:17 ` Leo Famulari
2017-07-24 22:07 ` Kei Kebreau
2017-07-25 18:00 ` Leo Famulari
2017-07-25 18:13 ` bug#27805: " Kei Kebreau
Code repositories for project(s) associated with this public inbox
https://git.savannah.gnu.org/cgit/guix.git
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).