search

Perl / perl5

🐪 The Perl programming language
https://dev.perl.org/perl5/
Other
2.12k stars 584 forks source link

Not OK: perl v5.7.0 +SUIDMAIL +DEVEL6855 on i586-linux 2.2.12 (UNINSTA\ #2472

Closed p5pRT closed 21 years ago

p5pRT commented 24 years ago

Migrated from rt.perl.org#3909 (status was 'resolved')

Searchable as RT3909$

p5pRT commented 24 years ago

From @nwc10

Apart from sfio causing op/misc test 48 to fail\, bytecode is unhappy​:

nick@​fruitbat [Bytecode]$ bin/perlcc -B -o hw hw.pl nick@​fruitbat [Bytecode]$ cat hw.pl #!/usr/local/bin/perl -w print "hello world\n"; nick@​fruitbat [Bytecode]$ bin/perl hw Segmentation fault nick@​fruitbat [139]$ nick@​fruitbat [Bytecode]$ gdb bin/perl GNU gdb 19990928 Copyright 1998 Free Software Foundation\, Inc. GDB is free software\, covered by the GNU General Public License\, and you are welcome to change it and/or distribute copies of it under certain conditions. Type "show copying" to see the conditions. There is absolutely no warranty for GDB. Type "show warranty" for details. This GDB was configured as "i686-pc-linux-gnu"... (gdb) run hw Starting program​: /home/nick/Bytecode/bin/perl hw

Program received signal SIGSEGV\, Segmentation fault. 0x400e2b48 in free () from /lib/libc.so.6 (gdb) where #0 0x400e2b48 in free () from /lib/libc.so.6 #1 0x400e2aed in free () from /lib/libc.so.6 #2 0x80b350c in Perl_safesysfree (where=0x813f600) at util.c​:165 #3 0x806f53c in byterun (bstate=0xbffff4a4) at byterun.c​:62 #4 0x806ee03 in byteloader_filter (idx=0\, buf_sv=0x813fedc\, maxlen=0)   at ByteLoader.xs​:96 #5 0x807f753 in Perl_filter_read (idx=0\, buf_sv=0x813fedc\, maxlen=0)   at toke.c​:1973 #6 0x807f79b in S_filter_gets (sv=0x813fedc\, fp=0x8146368\, append=0)   at toke.c​:1988 #7 0x8080c0b in Perl_yylex () at toke.c​:2485 #8 0x80935d2 in Perl_yyparse () at perly.c​:1432 #9 0x8072fc7 in S_parse_body (env=0x0\, xsinit=0x805b608 \<xs_init>)   at perl.c​:1294 #10 0x8072593 in perl_parse (my_perl=0x813fec0\, xsinit=0x805b608 \<xs_init>\,   argc=2\, argv=0xbffffcd4\, env=0x0) at perl.c​:875 #11 0x805b5a9 in main (argc=2\, argv=0xbffffcd4\, env=0xbffffce0)   at perlmain.c​:50

the free in bytecode.h is extraneous as BGET_strconst uses PL_tokenbuf rather than a malloc()ed buffer

#define BGET_strconst(arg) STMT_START { \   for (arg = PL_tokenbuf; (*arg = BGET_FGETC()); arg++) /* nothing */; \   arg = PL_tokenbuf; \   } STMT_END

so this patch is needed.

*** ext/ByteLoader/bytecode.h.orig Tue Aug 22 17​:15​:14 2000 --- ext/ByteLoader/bytecode.h Mon Aug 28 15​:43​:55 2000 *************** *** 250\,254 ****   if (strNE(str\, STRINGIFY(BYTEORDER))) { \   HEADER_FAIL("different byteorder"\, 0\, 0); \   } \ - Safefree(str); \   } STMT_END --- 250\,253 ----

however\, using PL_tokenbuf for gets() emulation seems like a bad plan\, as I (untested\, because of the SEGV just fixed) suspect that it will buffer overflow. I'm about to experiment with an alternative.

Nicholas Clark

Perl Info ``` Flags: category=install severity=none Site configuration information for perl v5.7.0: Configured by nick at Mon Aug 28 13:45:14 BST 2000. Summary of my perl5 (revision 5.0 version 7 subversion 0) configuration: Platform: osname=linux, osvers=2.2.12, archname=i586-linux uname='linux fruitbat 2.2.16 #6 tue aug 1 12:35:02 bst 2000 i586 unknown ' config_args='' hint=previous, useposix=true, d_sigaction=define usethreads=undef use5005threads=undef useithreads=undef usemultiplicity=undef useperlio=define d_sfio=define uselargefiles=define use64bitint=undef use64bitall=undef uselongdouble=undef usesocks=undef Compiler: cc='cc', optimize='-O2', gccversion=2.95.2 20000220 (Debian GNU/Linux), gccosandvers= cppflags='-fno-strict-aliasing -I/usr/local/include -D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64' ccflags ='-fno-strict-aliasing -I/usr/local/include -D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64' stdchar='char', d_stdstdio=define, usevfork=false intsize=4, longsize=4, ptrsize=4, doublesize=8, byteorder=1234 d_longlong=define, longlongsize=8, d_longdbl=define, longdblsize=12 ivtype='long', ivsize=4, nvtype='double', nvsize=8, Off_t='off_t', lseeksize=8 alignbytes=4, usemymalloc=n, prototype=define Linker and Libraries: ld='cc', ldflags =' -L/usr/local/lib' libpth=/usr/local/lib /lib /usr/lib libs=-lsfio -lnsl -lndbm -lgdbm -ldbm -ldb -ldl -lm -lc -lposix -lcrypt -lutil libc=/lib/libc-2.1.3.so, so=so, useshrplib=false, libperl=libperl.a Dynamic Linking: dlsrc=dl_dlopen.xs, dlext=so, d_dlsymun=undef, ccdlflags='-rdynamic' cccdlflags='-fpic', lddlflags='-shared -L/usr/local/lib' Locally applied patches: SUIDMAIL - fixes for suidperl security DEVEL6855 @INC for perl v5.7.0: lib /usr/local/lib/perl5/5.7.0/i586-linux /usr/local/lib/perl5/5.7.0 /usr/local/lib/perl5/site_perl/5.7.0/i586-linux /usr/local/lib/perl5/site_perl/5.7.0 /usr/local/lib/perl5/site_perl . Environment for perl v5.7.0: HOME=/home/nick LANG=C LANGUAGE (unset) LD_LIBRARY_PATH (unset) LOGDIR (unset) PATH=/usr/local/bin:/usr/bin:/bin:/usr/bin/X11:/usr/games PERL_BADLANG (unset) SHELL=/bin/sh ```