File perl-DBI-CVE-2019-20919.patch of Package perl-DBI.16626

Overview Repositories Revisions Requests Users Attributes Meta

File perl-DBI-CVE-2019-20919.patch of Package perl-DBI.16626

From eca7d7c8f43d96f6277e86d1000e842eb4cc67ff Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Petr=20P=C3=ADsa=C5=99?= <ppisar@redhat.com>
Date: Mon, 29 Jul 2019 15:22:31 +0200
Subject: [PATCH] Fix a NULL profile dereference in dbi_profile()

hv_fetch() documentation requires checking for NULL and the code does
that. But then calls SvOK(profile) uncoditionally two lines later.
This patch fixes it.
---
 DBI.xs | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

Index: DBI-1.628/DBI.xs
===================================================================
--- DBI-1.628.orig/DBI.xs
+++ DBI-1.628/DBI.xs
@@ -2828,8 +2828,12 @@ dbi_profile(SV *h, imp_xxh_t *imp_xxh, S
         mg_get(profile); /* FETCH */
     if (!profile || !SvROK(profile)) {
         DBIc_set(imp_xxh, DBIcf_Profile, 0); /* disable */
-        if (SvOK(profile) && !PL_dirty)
-            warn("Profile attribute isn't a hash ref (%s,%ld)", neatsvpv(profile,0), (long)SvTYPE(profile));
+        if (!PL_dirty) {
+            if (!profile)
+                warn("Profile attribute does not exist");
+            else if (SvOK(profile))
+                warn("Profile attribute isn't a hash ref (%s,%ld)", neatsvpv(profile,0), (long)SvTYPE(profile));
+        }
         return &PL_sv_undef;
     }

Places

File perl-DBI-CVE-2019-20919.patch of Package perl-DBI.16626

Places