Skip Menu |

This queue is for tickets about the DBI CPAN distribution.

Report information
The Basics
Id: 79952
Status: resolved
Priority: 0/
Queue: DBI
People
Owner: Nobody in particular
Requestors: RURBAN [...] cpan.org
Cc:
AdminCc:
Bug Information
Severity: Normal
Broken in: 1.622
Fixed in: (no value)

History Show all quoted text
  Mon Oct 01 22:09:12 2012 RURBAN [...] cpan.org - Ticket created
Subject: Improve security
I addition to #75614 this issue also can be easily be improved, by disallowing any other type bits for the impl handle than DBIt_DB or DBIt_ST. This way it will be harder to use any pointer to shellcode on the heap, when being attacked by memory pressure (wrong refcount leading to use-after free). -- Reini Urban
Subject: DBI-add-default.patch
diff -bu ./DBI.xs~ ./DBI.xs --- ./DBI.xs~ 2012-10-01 20:59:06.119631448 -0500 +++ ./DBI.xs 2012-10-01 20:58:16.104084790 -0500 @@ -1492,6 +1492,8 @@ tmp_svp = hv_fetch((HV*)SvRV(h), "Statement", 9, 1); (void)hv_store((HV*)SvRV(parent), "Statement", 9, SvREFCNT_inc(*tmp_svp), 0); break; + default: + die("Wrong DBIc_TYPE"); } }
  Mon Nov 19 17:58:38 2012 TIMB [...] cpan.org - Correspondence added
The code changed by the patch is within a if (DBIc_TYPE(imp) <= DBIt_ST) {...} block so the patch wouldn't have any effect. I've applied the patch as an else on that if() block. Thanks.
  Mon Nov 19 17:58:38 2012 The RT System itself - Status changed from 'new' to 'open'
  Mon Nov 19 17:58:39 2012 TIMB [...] cpan.org - Status changed from 'open' to 'patched'
  Mon Nov 19 18:28:58 2012 TIMB [...] cpan.org - Severity Critical changed to Normal
  Mon Nov 19 18:28:58 2012 TIMB [...] cpan.org - Correspondence added
Released in DBI-1.622_921
  Mon Nov 19 18:28:59 2012 The RT System itself - Status changed from 'patched' to 'open'
  Mon Nov 19 18:29:00 2012 TIMB [...] cpan.org - Status changed from 'open' to 'resolved'