[libdbd-mysql-perl] 02/04: CVE-2015-8949: Use after free when my_login fails

[Salvatore Bonaccorso]

This is an automated email from the git hooks/post-receive script.

carnil pushed a commit to branch jessie
in repository libdbd-mysql-perl.

commit af52ac6338c0efd9ea555b77f3e41660987bc7c3
Author: Salvatore Bonaccorso <carnil at debian.org>
Date:   Wed Jul 27 18:14:59 2016 +0200

    CVE-2015-8949: Use after free when my_login fails
---
 debian/patches/CVE-2015-8949.patch | 43 ++++++++++++++++++++++++++++++++++++++
 debian/patches/series              |  1 +
 2 files changed, 44 insertions(+)

diff --git a/debian/patches/CVE-2015-8949.patch b/debian/patches/CVE-2015-8949.patch
new file mode 100644
index 0000000..c7c971c
--- /dev/null
+++ b/debian/patches/CVE-2015-8949.patch
@@ -0,0 +1,43 @@
+Description: CVE-2015-8949: Use after free when my_login fails
+Origin: backport, https://github.com/perl5-dbi/DBD-mysql/commit/2e1cbd0034cf0041f832ba81d07c24db886782d8
+Bug: https://github.com/perl5-dbi/DBD-mysql/pull/45
+Forwarded: not-needed
+Author: Hanno <hanno at gentoo.org>
+Reviewed-by: Salvatore Bonaccorso <carnil at debian.org>
+Last-Update: 2016-07-27
+Applied-Upstream: 4.033_01
+
+---
+ dbdimp.c | 9 ++++-----
+ 1 file changed, 4 insertions(+), 5 deletions(-)
+
+--- a/dbdimp.c
++++ b/dbdimp.c
+@@ -2050,10 +2050,6 @@ static int my_login(pTHX_ SV* dbh, imp_d
+   }
+   result = mysql_dr_connect(dbh, imp_dbh->pmysql, mysql_socket, host, port, user,
+ 			  password, dbname, imp_dbh) ? TRUE : FALSE;
+-  if (fresh && !result) {
+-      /* Prevent leaks, but do not free in case of a reconnect. See #97625 */
+-      Safefree(imp_dbh->pmysql);
+-  }
+   return result;
+ }
+ 
+@@ -2106,9 +2102,12 @@ int dbd_db_login(SV* dbh, imp_dbh_t* imp
+ 
+   if (!my_login(aTHX_ dbh, imp_dbh))
+   {
+-    if(imp_dbh->pmysql)
++    if(imp_dbh->pmysql) {
+         do_error(dbh, mysql_errno(imp_dbh->pmysql),
+                 mysql_error(imp_dbh->pmysql) ,mysql_sqlstate(imp_dbh->pmysql));
++        Safefree(imp_dbh->pmysql);
++
++    }
+     return FALSE;
+   }
+ 
+-- 
+2.8.1
+
diff --git a/debian/patches/series b/debian/patches/series
index a191972..62cebaa 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -1,2 +1,3 @@
 pod-whatis.patch
 CVE-2014-9906.patch
+CVE-2015-8949.patch

-- 
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-perl/packages/libdbd-mysql-perl.git