Bug #122830 for Socket: Insecure implementation of the croak

Thu Aug 17 03:42:40 2017 pali [...] cpan.org - Ticket created

Subject:

Insecure implementation of the croak_sv

Current implementation in perlblead cpan/Socket/Socket.xs file is: #ifndef croak_sv # define croak_sv(sv) croak(SvPVx_nolen(sv)) #endif But function croak is variadic which expects as a first parameter printf-style format. Passing arbitrary and string from the caller as a printf format leads to the security problem CWE-134: Use of Externally-Controlled Format String. But croak_sv is not used at all, so rather remove this insecure implementation.

Thu Jan 11 17:58:29 2018 leonerd-cpan [...] leonerd.org.uk - Correspondence added

On Thu Aug 17 03:42:40 2017, PALI wrote: Show quoted text

> But croak_sv is not used at all, so rather remove this insecure > implementation.

Technically since the macro isn't even expanded, it doesn't get used at all in the source so it never appears. But I agree, since it isn't used and it's not a good implementation even if it was used, I've deleted it. Will be (absent) in 2.026 -- Paul Evans

Subject:

rt122830.patch

=== modified file 'Socket.xs' --- Socket.xs 2018-01-11 22:40:33 +0000 +++ Socket.xs 2018-01-11 22:58:10 +0000 @@ -186,10 +186,6 @@ #endif /* __GNU__ */ #endif /* !SvPVx_nolen */ -#ifndef croak_sv -# define croak_sv(sv) croak(SvPVx_nolen(sv)) -#endif - #ifndef hv_stores # define hv_stores(hv, keystr, val) \ hv_store(hv, ""keystr"", sizeof(keystr)-1, val, 0)

Thu Jan 11 17:58:30 2018 The RT System itself - Status changed from 'new' to 'open'

Thu Jan 11 17:58:30 2018 leonerd-cpan [...] leonerd.org.uk - Status changed from 'open' to 'patched'

Fri Jan 12 12:00:30 2018 leonerd-cpan [...] leonerd.org.uk - Correspondence added

Released -- Paul Evans

Fri Jan 12 12:00:31 2018 leonerd-cpan [...] leonerd.org.uk - Status changed from 'patched' to 'resolved'

Fri Jan 12 12:00:31 2018 leonerd-cpan [...] leonerd.org.uk - Fixed in 2.026 added

Bug #122830 for Socket: Insecure implementation of the croak_sv