| Subject: | Missing Storable Hook |
| Date: | Wed, 03 Aug 2011 17:31:38 +0200 |
| To: | bug-Compress-Raw-Zlib [...] rt.cpan.org |
| From: | Jens-Wolfhard Schicke <j.schicke [...] asco.de> |
The following code results in a SIGSEGV:
#!/usr/bin/perl
use strict;
use warnings;
use Compress::Raw::Zlib;
use Storable qw(freeze thaw);
use Data::Dumper;
my $stream = new Compress::Raw::Zlib::Deflate();
print Dumper($stream);
my $frozenStream = freeze($stream);
my $crash = thaw($frozenStream);
print Dumper($crash);
print Dumper(bless(\(my $xyz = 123456), 'Test'));
As the Compress::Raw::Zlib::deflateStream is represented as a
scalar reference containing a pointer, a double dereference results
in two stream objects and subsequently to a double free.
It would be nice to have a Storable_freeze function defined
which dies and reports non-serializability of the deflate streams.
Similarly for STORABLE_thaw, otherwise thawing from network looks
like a security risk as an attacker can corrupt memory via creating
a stray stream object which points anywhere.
Sincerely,
Jens Schicke-Uffmann
--
Jens Schicke-Uffmann
j.schicke@asco.de
Tel 0531/3906-119
asco GmbH
Mittelweg 7
38106 Braunschweig
Tel 0531/3906-0
Fax 0531/3906-400
http://www.asco.de
Amtsgericht Braunschweig HRB 5035
Geschäftsführer Jochen Grote