In perl.git, the branch tonyc/127743-cperl-storable-fixes has been updated <https://perl5.git.perl.org/perl.git/commitdiff/862c79b288b39ec55970c5a0d601f38a6e0a33c5?hp=06682a00b1b33d7ae62d117ac156ce40ac144202>
- Log ----------------------------------------------------------------- commit 862c79b288b39ec55970c5a0d601f38a6e0a33c5 Author: Tony Cook <t...@develop-help.com> Date: Mon Dec 4 15:49:27 2017 +1100 (perl #131990) treat the length for LSCALAR, LUTF8STR as unsigned Older Storable without 64-bit object might write such objects. A malicious file might also be provided with such a large length to cause a resource consumption attack (allocating large amounts of memory), but Storable explicitly doesn't protect against attacks. ----------------------------------------------------------------------- Summary of changes: dist/Storable/Storable.xs | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/dist/Storable/Storable.xs b/dist/Storable/Storable.xs index f10780fc7f..29d4c79963 100644 --- a/dist/Storable/Storable.xs +++ b/dist/Storable/Storable.xs @@ -5607,7 +5607,7 @@ static SV *get_lstring(pTHX_ stcxt_t *cxt, UV len, int isutf8, const char *cname */ static SV *retrieve_lscalar(pTHX_ stcxt_t *cxt, const char *cname) { - I32 len; + U32 len; RLEN(len); return get_lstring(aTHX_ cxt, len, 0, cname); } @@ -5656,7 +5656,7 @@ static SV *retrieve_utf8str(pTHX_ stcxt_t *cxt, const char *cname) */ static SV *retrieve_lutf8str(pTHX_ stcxt_t *cxt, const char *cname) { - int len; + U32 len; TRACEME(("retrieve_lutf8str")); -- Perl5 Master Repository