import-layers/yocto-poky/meta/recipes-devtools/perl/perl/perl-fix-CVE-2015-8607.patch - openbmc/openbmc - Gitiles

 From 652c8d4852a69f1bb4d387946f9b76350a1f0d0e Mon Sep 17 00:00:00 2001
 From: Tony Cook <tony@develop-help.com>
 Date: Tue, 15 Dec 2015 10:56:54 +1100
 Subject: [PATCH] perl: fix CVE-2015-8607

 ensure File::Spec::canonpath() preserves taint

 Previously the unix specific XS implementation of canonpath() would
 return an untainted path when supplied a tainted path.

 For the empty string case, newSVpvs() already sets taint as needed on
 its result.

 This issue was assigned CVE-2015-8607.  [perl #126862]

 Backport patch from http://perl5.git.perl.org/perl.git/commitdiff/0b6f93036de171c12ba95d415e264d9cf7f4e1fd

 Upstream-Status: Backport
 CVE: CVE-2015-8607
 Signed-off-by: Mingli Yu <Mingli.Yu@windriver.com>
 ---
  dist/PathTools/Cwd.xs    |  1 +
  dist/PathTools/t/taint.t | 19 ++++++++++++++++++-
  2 files changed, 19 insertions(+), 1 deletion(-)

 diff --git a/dist/PathTools/Cwd.xs b/dist/PathTools/Cwd.xs
 index 9d4dcf0..3d018dc 100644
 --- a/dist/PathTools/Cwd.xs
 +++ b/dist/PathTools/Cwd.xs
 @@ -535,6 +535,7 @@ THX_unix_canonpath(pTHX_ SV *path)
      *o = 0;
      SvPOK_on(retval);
      SvCUR_set(retval, o - SvPVX(retval));
 +    SvTAINT(retval);
      return retval;
  }

 diff --git a/dist/PathTools/t/taint.t b/dist/PathTools/t/taint.t
 index 309b3e5..48f8c5b 100644
 --- a/dist/PathTools/t/taint.t
 +++ b/dist/PathTools/t/taint.t
 @@ -12,7 +12,7 @@ use Test::More;
  BEGIN {
      plan(
          ${^TAINT}
 -        ? (tests => 17)
 +        ? (tests => 21)
          : (skip_all => "A perl without taint support")
      );
  }
 @@ -34,3 +34,20 @@ foreach my $func (@Functions) {

  # Previous versions of Cwd tainted $^O
  is !tainted($^O), 1, "\$^O should not be tainted";
 +
 +{
 +    # [perl #126862] canonpath() loses taint
 +    my $tainted = substr($ENV{PATH}, 0, 0);
 +    # yes, getcwd()'s result should be tainted, and is tested above
 +    # but be sure
 +    ok tainted(File::Spec->canonpath($tainted . Cwd::getcwd)),
 +        "canonpath() keeps taint on non-empty string";
 +    ok tainted(File::Spec->canonpath($tainted)),
 +        "canonpath() keeps taint on empty string";
 +
 +    (Cwd::getcwd() =~ /^(.*)/);
 +    my $untainted = $1;
 +    ok !tainted($untainted), "make sure our untainted value is untainted";
 +    ok !tainted(File::Spec->canonpath($untainted)),
 +        "canonpath() doesn't add taint to untainted string";
 +}
 --
 2.8.1
	From 652c8d4852a69f1bb4d387946f9b76350a1f0d0e Mon Sep 17 00:00:00 2001
	From: Tony Cook <tony@develop-help.com>
	Date: Tue, 15 Dec 2015 10:56:54 +1100
	Subject: [PATCH] perl: fix CVE-2015-8607

	ensure File::Spec::canonpath() preserves taint

	Previously the unix specific XS implementation of canonpath() would
	return an untainted path when supplied a tainted path.

	For the empty string case, newSVpvs() already sets taint as needed on
	its result.

	This issue was assigned CVE-2015-8607. [perl #126862]

	Backport patch from http://perl5.git.perl.org/perl.git/commitdiff/0b6f93036de171c12ba95d415e264d9cf7f4e1fd

	Upstream-Status: Backport
	CVE: CVE-2015-8607
	Signed-off-by: Mingli Yu <Mingli.Yu@windriver.com>
	---
	dist/PathTools/Cwd.xs \| 1 +
	dist/PathTools/t/taint.t \| 19 ++++++++++++++++++-
	2 files changed, 19 insertions(+), 1 deletion(-)

	diff --git a/dist/PathTools/Cwd.xs b/dist/PathTools/Cwd.xs
	index 9d4dcf0..3d018dc 100644
	--- a/dist/PathTools/Cwd.xs
	+++ b/dist/PathTools/Cwd.xs
	@@ -535,6 +535,7 @@ THX_unix_canonpath(pTHX_ SV *path)
	*o = 0;
	SvPOK_on(retval);
	SvCUR_set(retval, o - SvPVX(retval));
	+ SvTAINT(retval);
	return retval;
	}

	diff --git a/dist/PathTools/t/taint.t b/dist/PathTools/t/taint.t
	index 309b3e5..48f8c5b 100644
	--- a/dist/PathTools/t/taint.t
	+++ b/dist/PathTools/t/taint.t
	@@ -12,7 +12,7 @@ use Test::More;
	BEGIN {
	plan(
	${^TAINT}
	- ? (tests => 17)
	+ ? (tests => 21)
	: (skip_all => "A perl without taint support")
	);
	}
	@@ -34,3 +34,20 @@ foreach my $func (@Functions) {

	# Previous versions of Cwd tainted $^O
	is !tainted($^O), 1, "\$^O should not be tainted";
	+
	+{
	+ # [perl #126862] canonpath() loses taint
	+ my $tainted = substr($ENV{PATH}, 0, 0);
	+ # yes, getcwd()'s result should be tainted, and is tested above
	+ # but be sure
	+ ok tainted(File::Spec->canonpath($tainted . Cwd::getcwd)),
	+ "canonpath() keeps taint on non-empty string";
	+ ok tainted(File::Spec->canonpath($tainted)),
	+ "canonpath() keeps taint on empty string";
	+
	+ (Cwd::getcwd() =~ /^(.*)/);
	+ my $untainted = $1;
	+ ok !tainted($untainted), "make sure our untainted value is untainted";
	+ ok !tainted(File::Spec->canonpath($untainted)),
	+ "canonpath() doesn't add taint to untainted string";
	+}
	--
	2.8.1