/[packages]/updates/5/perl-DBD-mysql/current/SOURCES/DBD-mysql-4.043-Fix-use-after-free-after-calling-mysql_stmt_close.patch
ViewVC logotype

Contents of /updates/5/perl-DBD-mysql/current/SOURCES/DBD-mysql-4.043-Fix-use-after-free-after-calling-mysql_stmt_close.patch

Parent Directory Parent Directory | Revision Log Revision Log


Revision 1186915 - (show annotations) (download)
Fri Dec 29 02:21:28 2017 UTC (6 years, 3 months ago) by luigiwalser
File size: 1444 byte(s)
sync patches with fedora to fix CVE-2017-1078[89]
1 From 9ce10cfae7138c37c3a0cb2ba2a1d682482943d0 Mon Sep 17 00:00:00 2001
2 From: Pali <pali@cpan.org>
3 Date: Sun, 25 Jun 2017 10:07:39 +0200
4 Subject: [PATCH] Fix use-after-free after calling mysql_stmt_close()
5
6 Ignore return value from mysql_stmt_close() and also its error message
7 because it points to freed memory after mysql_stmt_close() was called.
8 ---
9 dbdimp.c | 8 ++------
10 mysql.xs | 7 ++-----
11 2 files changed, 4 insertions(+), 11 deletions(-)
12
13 diff --git a/dbdimp.c b/dbdimp.c
14 index c60a5f6..a6410e5 100644
15 --- a/dbdimp.c
16 +++ b/dbdimp.c
17 @@ -4894,12 +4894,8 @@ void dbd_st_destroy(SV *sth, imp_sth_t *imp_sth) {
18
19 if (imp_sth->stmt)
20 {
21 - if (mysql_stmt_close(imp_sth->stmt))
22 - {
23 - do_error(DBIc_PARENT_H(imp_sth), mysql_stmt_errno(imp_sth->stmt),
24 - mysql_stmt_error(imp_sth->stmt),
25 - mysql_stmt_sqlstate(imp_sth->stmt));
26 - }
27 + mysql_stmt_close(imp_sth->stmt);
28 + imp_sth->stmt= NULL;
29 }
30 #endif
31
32 diff --git a/mysql.xs b/mysql.xs
33 index 55376e1..affde59 100644
34 --- a/mysql.xs
35 +++ b/mysql.xs
36 @@ -434,11 +434,8 @@ do(dbh, statement, attr=Nullsv, ...)
37 if (bind)
38 Safefree(bind);
39
40 - if(mysql_stmt_close(stmt))
41 - {
42 - fprintf(stderr, "\n failed while closing the statement");
43 - fprintf(stderr, "\n %s", mysql_stmt_error(stmt));
44 - }
45 + mysql_stmt_close(stmt);
46 + stmt= NULL;
47
48 if (retval == -2) /* -2 means error */
49 {
50 --
51 1.7.9.5
52

  ViewVC Help
Powered by ViewVC 1.1.30