Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
openSUSE:Leap:42.3:Ports
perl-DBD-mysql
perl-DBD-mysql-CVE-2016-1249.patch
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File perl-DBD-mysql-CVE-2016-1249.patch of Package perl-DBD-mysql
From 793b72b1a0baa5070adacaac0e12fd995a6fbabe Mon Sep 17 00:00:00 2001 From: root <patg@patg.net> Date: Wed, 16 Nov 2016 03:40:40 +0000 Subject: [PATCH] Added Pali's fix for CVE-2016-1249 --- dbdimp.c | 18 +------ lib/Bundle/DBD/mysql.pm | 2 +- lib/DBD/mysql.pm | 2 +- mysql.xs | 128 +++------------------------------------------ t/40server_prepare_crash.t | 8 ++- 6 files changed, 22 insertions(+), 139 deletions(-) Index: DBD-mysql-4.021/dbdimp.c =================================================================== --- DBD-mysql-4.021.orig/dbdimp.c +++ DBD-mysql-4.021/dbdimp.c @@ -2608,7 +2608,7 @@ dbd_st_prepare( dTHX; #if MYSQL_VERSION_ID >= SERVER_PREPARE_VERSION char *str_ptr; - int col_type, prepare_retval, limit_flag=0; + int prepare_retval, limit_flag=0; MYSQL_BIND *bind, *bind_end; imp_sth_phb_t *fbind; #endif @@ -2797,7 +2797,6 @@ dbd_st_prepare( if (DBIc_NUM_PARAMS(imp_sth) > 0) { - int has_statement_fields= imp_sth->stmt->fields != 0; /* Allocate memory for bind variables */ imp_sth->bind= alloc_bind(DBIc_NUM_PARAMS(imp_sth)); imp_sth->fbind= alloc_fbind(DBIc_NUM_PARAMS(imp_sth)); @@ -2811,20 +2810,7 @@ dbd_st_prepare( bind < bind_end ; bind++, fbind++, i++ ) { - /* - if this statement has a result set, field types will be - correctly identified. If there is no result set, such as - with an INSERT, fields will not be defined, and all buffer_type - will default to MYSQL_TYPE_VAR_STRING - */ - col_type= (has_statement_fields ? - imp_sth->stmt->fields[i].type : MYSQL_TYPE_STRING); - - bind->buffer_type= mysql_to_perl_type(col_type); - - if (DBIc_TRACE_LEVEL(imp_xxh) >= 2) - PerlIO_printf(DBIc_LOGPIO(imp_xxh), "\t\tmysql_to_perl_type returned %d\n", col_type); - + bind->buffer_type= MYSQL_TYPE_STRING; bind->buffer= NULL; bind->length= &(fbind->length); bind->is_null= (char*) &(fbind->is_null); Index: DBD-mysql-4.021/mysql.xs =================================================================== --- DBD-mysql-4.021.orig/mysql.xs +++ DBD-mysql-4.021/mysql.xs @@ -259,15 +259,11 @@ do(dbh, statement, attr=Nullsv, ...) STRLEN slen; char *str_ptr, *statement_ptr, *buffer; int has_binded; - int col_type= MYSQL_TYPE_STRING; - int buffer_is_null= 0; int buffer_length= slen; int buffer_type= 0; - int param_type= SQL_VARCHAR; int use_server_side_prepare= 0; MYSQL_STMT *stmt= NULL; MYSQL_BIND *bind= NULL; - imp_sth_phb_t *fbind= NULL; #endif ASYNC_CHECK_XS(dbh); #if MYSQL_VERSION_ID >= MULTIPLE_RESULT_SET_VERSION @@ -360,137 +356,36 @@ do(dbh, statement, attr=Nullsv, ...) */ int i; num_params= items - 3; - /*num_params = mysql_stmt_param_count(stmt);*/ - Newz(0, params, sizeof(*params)*num_params, struct imp_sth_ph_st); Newz(0, bind, (unsigned int) num_params, MYSQL_BIND); - Newz(0, fbind, (unsigned int) num_params, imp_sth_phb_t); for (i = 0; i < num_params; i++) { int defined= 0; - params[i].value= ST(i+3); + SV *param= ST(i+3); - if (params[i].value) + if (param) { - if (SvMAGICAL(params[i].value)) - mg_get(params[i].value); - if (SvOK(params[i].value)) + if (SvMAGICAL(param)) + mg_get(param); + if (SvOK(param)) defined= 1; } if (defined) { - buffer= SvPV(params[i].value, slen); - buffer_is_null= 0; + buffer= SvPV(param, slen); buffer_length= slen; + buffer_type= MYSQL_TYPE_STRING; } else { buffer= NULL; - buffer_is_null= 1; buffer_length= 0; - } - - /* - if this statement has a result set, field types will be - correctly identified. If there is no result set, such as - with an INSERT, fields will not be defined, and all - buffer_type will default to MYSQL_TYPE_VAR_STRING - */ - col_type= (stmt->fields) ? stmt->fields[i].type : MYSQL_TYPE_STRING; - - switch (col_type) { -#if MYSQL_VERSION_ID > 50003 - case MYSQL_TYPE_NEWDECIMAL: -#endif - case MYSQL_TYPE_DECIMAL: - param_type= SQL_DECIMAL; - buffer_type= MYSQL_TYPE_DOUBLE; - break; - - case MYSQL_TYPE_DOUBLE: - param_type= SQL_DOUBLE; - buffer_type= MYSQL_TYPE_DOUBLE; - break; - - case MYSQL_TYPE_FLOAT: - buffer_type= MYSQL_TYPE_DOUBLE; - param_type= SQL_FLOAT; - break; - - case MYSQL_TYPE_SHORT: - buffer_type= MYSQL_TYPE_DOUBLE; - param_type= SQL_FLOAT; - break; - - case MYSQL_TYPE_TINY: - buffer_type= MYSQL_TYPE_DOUBLE; - param_type= SQL_FLOAT; - break; - - case MYSQL_TYPE_LONG: - buffer_type= MYSQL_TYPE_LONG; - param_type= SQL_BIGINT; - break; - - case MYSQL_TYPE_INT24: - case MYSQL_TYPE_YEAR: - buffer_type= MYSQL_TYPE_LONG; - param_type= SQL_INTEGER; - break; - - case MYSQL_TYPE_LONGLONG: - /* perl handles long long as double - * so we'll set this to string */ - buffer_type= MYSQL_TYPE_STRING; - param_type= SQL_VARCHAR; - break; - - case MYSQL_TYPE_NEWDATE: - case MYSQL_TYPE_DATE: - buffer_type= MYSQL_TYPE_STRING; - param_type= SQL_DATE; - break; - - case MYSQL_TYPE_TIME: - buffer_type= MYSQL_TYPE_STRING; - param_type= SQL_TIME; - break; - - case MYSQL_TYPE_TIMESTAMP: - buffer_type= MYSQL_TYPE_STRING; - param_type= SQL_TIMESTAMP; - break; - - case MYSQL_TYPE_VAR_STRING: - case MYSQL_TYPE_STRING: - case MYSQL_TYPE_DATETIME: - buffer_type= MYSQL_TYPE_STRING; - param_type= SQL_VARCHAR; - break; - - case MYSQL_TYPE_BLOB: - buffer_type= MYSQL_TYPE_BLOB; - param_type= SQL_BINARY; - break; - - case MYSQL_TYPE_GEOMETRY: - buffer_type= MYSQL_TYPE_BLOB; - param_type= SQL_BINARY; - break; - - - default: - buffer_type= MYSQL_TYPE_STRING; - param_type= SQL_VARCHAR; - break; + buffer_type= MYSQL_TYPE_NULL; } bind[i].buffer_type = buffer_type; bind[i].buffer_length= buffer_length; bind[i].buffer= buffer; - fbind[i].length= buffer_length; - fbind[i].is_null= buffer_is_null; - params[i].type= param_type; } has_binded= 0; } @@ -502,8 +397,6 @@ do(dbh, statement, attr=Nullsv, ...) &has_binded); if (bind) Safefree(bind); - if (fbind) - Safefree(fbind); if(mysql_stmt_close(stmt)) {
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor