summaryrefslogtreecommitdiff
path: root/system/perl-digest-sha1/perl-digest-sha1-check-object.patch
diff options
context:
space:
mode:
authorA. Wilcox <AWilcox@Wilcox-Tech.com>2018-06-26 05:56:36 -0500
committerA. Wilcox <AWilcox@Wilcox-Tech.com>2018-06-26 05:56:36 -0500
commiteaf000db48d9eba9437b682e92dfa3d235623613 (patch)
treea84e78babb69a87c5067b51edf68cc377cfc44b6 /system/perl-digest-sha1/perl-digest-sha1-check-object.patch
parentf45ba5475597853facdbbdb7bb242373ff43ffbd (diff)
downloadpackages-eaf000db48d9eba9437b682e92dfa3d235623613.tar.gz
packages-eaf000db48d9eba9437b682e92dfa3d235623613.tar.bz2
packages-eaf000db48d9eba9437b682e92dfa3d235623613.tar.xz
packages-eaf000db48d9eba9437b682e92dfa3d235623613.zip
system/perl-digest-sha1: pull in for git-email
Diffstat (limited to 'system/perl-digest-sha1/perl-digest-sha1-check-object.patch')
-rw-r--r--system/perl-digest-sha1/perl-digest-sha1-check-object.patch22
1 files changed, 22 insertions, 0 deletions
diff --git a/system/perl-digest-sha1/perl-digest-sha1-check-object.patch b/system/perl-digest-sha1/perl-digest-sha1-check-object.patch
new file mode 100644
index 000000000..110ef42d7
--- /dev/null
+++ b/system/perl-digest-sha1/perl-digest-sha1-check-object.patch
@@ -0,0 +1,22 @@
+https://rt.cpan.org/Public/Ticket/Attachment/WithHeaders/712715
+
+The get_sha_info() function in SHA1.xs does not check that its argument
+is an actual object. This means that segfaults can be generated by
+commands such as:
+
+$ perl -Mblib -e "use Digest::SHA1; print Digest::SHA1->add(q(a))->hexdigest"
+Segmentation fault
+
+diff -Naur Digest-SHA1-2.13/SHA1.xs Digest-SHA1-2.13.patched/SHA1.xs
+--- Digest-SHA1-2.13/SHA1.xs 2010-07-02 23:51:12.000000000 -0700
++++ Digest-SHA1-2.13.patched/SHA1.xs 2014-03-25 12:43:53.233272555 -0700
+@@ -372,7 +372,7 @@
+
+ static SHA_INFO* get_sha_info(pTHX_ SV* sv)
+ {
+- if (sv_derived_from(sv, "Digest::SHA1"))
++ if (sv_isobject(sv) && sv_derived_from(sv, "Digest::SHA1"))
+ return INT2PTR(SHA_INFO*, SvIV(SvRV(sv)));
+ croak("Not a reference to a Digest::SHA1 object");
+ return (SHA_INFO*)0; /* some compilers insist on a return value */
+
generated by cgit v1.2.3-70-g09d2 (git 2.46.0) at 2024-11-11 04:04:23 +0000