projects / platform / upstream / perl.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 2c8ca68) | patch
avoid calling memset with a negative count
authorAndy Dougherty <doughera@lafayette.edu>
Thu, 27 Sep 2012 13:52:18 +0000 (09:52 -0400)
committerRicardo Signes <rjbs@cpan.org>
Wed, 17 Oct 2012 15:47:58 +0000 (11:47 -0400)
commit2709980d5a193ce6f3a16f0d19879a6560dcde44
tree0a112bc096e6ea9be74f2274005aed0606e38f8atree | snapshot
parent2c8ca683ba2cfa11ba67ed8364aabd92180ec161commit | diff
avoid calling memset with a negative count

Poorly written perl code that allows an attacker to specify the count to
perl's 'x' string repeat operator can already cause a memory exhaustion
denial-of-service attack. A flaw in versions of perl before 5.15.5 can
escalate that into a heap buffer overrun; coupled with versions of glibc
before 2.16, it possibly allows the execution of arbitrary code.

The flaw addressed to this commit has been assigned identifier
CVE-2012-5195.
util.c diff | blob | history
Domain: System / Base;