Skip Menu |

This queue is for tickets about the DBI CPAN distribution.

Report information
The Basics
Id: 79952
Status: resolved
Priority: 0/
Queue: DBI

People
Owner: Nobody in particular
Requestors: RURBAN [...] cpan.org
Cc:
AdminCc:

Bug Information
Severity: Normal
Broken in: 1.622
Fixed in: (no value)



Subject: Improve security
I addition to #75614 this issue also can be easily be improved, by disallowing any other type bits for the impl handle than DBIt_DB or DBIt_ST. This way it will be harder to use any pointer to shellcode on the heap, when being attacked by memory pressure (wrong refcount leading to use-after free). -- Reini Urban
Subject: DBI-add-default.patch
diff -bu ./DBI.xs~ ./DBI.xs --- ./DBI.xs~ 2012-10-01 20:59:06.119631448 -0500 +++ ./DBI.xs 2012-10-01 20:58:16.104084790 -0500 @@ -1492,6 +1492,8 @@ tmp_svp = hv_fetch((HV*)SvRV(h), "Statement", 9, 1); (void)hv_store((HV*)SvRV(parent), "Statement", 9, SvREFCNT_inc(*tmp_svp), 0); break; + default: + die("Wrong DBIc_TYPE"); } }
The code changed by the patch is within a if (DBIc_TYPE(imp) <= DBIt_ST) {...} block so the patch wouldn't have any effect. I've applied the patch as an else on that if() block. Thanks.
Released in DBI-1.622_921