[libdbd-mysql-perl] 01/04: CVE-2014-9906: Fix use-after-free flaw

[Salvatore Bonaccorso]

This is an automated email from the git hooks/post-receive script.

carnil pushed a commit to branch jessie
in repository libdbd-mysql-perl.

commit a1c173dd4ea32fe7418535974ad1c4178e12bf75
Author: Salvatore Bonaccorso <carnil at debian.org>
Date:   Wed Jul 27 18:11:22 2016 +0200

    CVE-2014-9906: Fix use-after-free flaw
---
 debian/patches/CVE-2014-9906.patch | 53 ++++++++++++++++++++++++++++++++++++++
 debian/patches/series              |  1 +
 2 files changed, 54 insertions(+)

diff --git a/debian/patches/CVE-2014-9906.patch b/debian/patches/CVE-2014-9906.patch
new file mode 100644
index 0000000..ce2d5d1
--- /dev/null
+++ b/debian/patches/CVE-2014-9906.patch
@@ -0,0 +1,53 @@
+Description: CVE-2014-9906: Fix use-after-free flaw
+Origin: backport, c570f90b0aa6911ebf56da4595a5be86603c6923..283c5dfc42c530aab06ad032cf25b816c0e70780
+Bug: https://rt.cpan.org/Public/Bug/Display.html?id=97625
+Forwarded: not-needed
+Author: Salvatore Bonaccorso <carnil at debian.org>
+Last-Update: 2016-07-27
+Applied-Upstream: 4.029
+
+---
+ dbdimp.c | 14 +++++++++++---
+ 1 file changed, 11 insertions(+), 3 deletions(-)
+
+diff --git a/dbdimp.c b/dbdimp.c
+index 0aaa5f1..3b278d7 100644
+--- a/dbdimp.c
++++ b/dbdimp.c
+@@ -1996,6 +1996,7 @@ static int my_login(pTHX_ SV* dbh, imp_dbh_t *imp_dbh)
+   char* password;
+   char* mysql_socket;
+   int   result;
++  int fresh = 0;
+   D_imp_xxh(dbh);
+ 
+   /* TODO- resolve this so that it is set only if DBI is 1.607 */
+@@ -2044,12 +2045,15 @@ static int my_login(pTHX_ SV* dbh, imp_dbh_t *imp_dbh)
+ 		  port ? port : "NULL");
+ 
+   if (!imp_dbh->pmysql) {
++     fresh = 1;
+      Newz(908, imp_dbh->pmysql, 1, MYSQL);
+   }
+   result = mysql_dr_connect(dbh, imp_dbh->pmysql, mysql_socket, host, port, user,
+ 			  password, dbname, imp_dbh) ? TRUE : FALSE;
+-  if (!result)
++  if (fresh && !result) {
++      /* Prevent leaks, but do not free in case of a reconnect. See #97625 */
+       Safefree(imp_dbh->pmysql);
++  }
+   return result;
+ }
+ 
+@@ -2102,8 +2106,9 @@ int dbd_db_login(SV* dbh, imp_dbh_t* imp_dbh, char* dbname, char* user,
+ 
+   if (!my_login(aTHX_ dbh, imp_dbh))
+   {
+-    do_error(dbh, mysql_errno(imp_dbh->pmysql),
+-            mysql_error(imp_dbh->pmysql) ,mysql_sqlstate(imp_dbh->pmysql));
++    if(imp_dbh->pmysql)
++        do_error(dbh, mysql_errno(imp_dbh->pmysql),
++                mysql_error(imp_dbh->pmysql) ,mysql_sqlstate(imp_dbh->pmysql));
+     return FALSE;
+   }
+ 
diff --git a/debian/patches/series b/debian/patches/series
index cdba319..a191972 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -1 +1,2 @@
 pod-whatis.patch
+CVE-2014-9906.patch

-- 
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-perl/packages/libdbd-mysql-perl.git