Date: Wed, 27 Aug 1997 12:58:25 +0200 (SAT) From: Reinier Bezuidenhout <rbezuide@oskar.nanoteq.co.za> To: freebsd-bugs@freebsd.org Subject: Bug fix for 2.2-STABLE perl 4.0 Message-ID: <199708271058.MAA13508@oskar.nanoteq.co.za>
next in thread | raw e-mail | index | archive | help
Hi ...
I'm running the plexus perl web server, after I upgraded to
2.2-STABLE the server would no longer start with a
"Identifier too long" error log ...
I had a look at the source code and saw the changes made on the
8/8/97 to fix a buffer overflow problem as stated by a CERT
advisory. The fix was to add the length as a fourth parameter
to the function call scanident. After grepping throught the code
I saw that not all calls to "scanident" was updated to have the
fourth parameter and would thus result in a bogus value ...
I changed all the calls I could find and recompiled perl. It
seems to work fine now, Joerg, could you have a look at this?
Thanx
Reinier
The patch for toke.c
-------------------------------------------
*** toke.c.old Wed Aug 27 12:43:23 1997
--- toke.c Wed Aug 27 12:57:01 1997
***************
*** 1770,1786 ****
arg->arg_type = O_ITEM;
arg[1].arg_type = A_DOUBLE;
arg[1].arg_ptr.arg_str = str_smake(str);
! d = scanident(d,bufend,buf);
(void)stabent(buf,TRUE); /* make sure it's created */
for (; d < e; d++) {
if (*d == '\\')
d++;
else if (*d == '$' && d[1] && d[1] != '|' && d[1] != ')') {
! d = scanident(d,bufend,buf);
(void)stabent(buf,TRUE);
}
else if (*d == '@') {
! d = scanident(d,bufend,buf);
if (strEQ(buf,"ARGV") || strEQ(buf,"ENV") ||
strEQ(buf,"SIG") || strEQ(buf,"INC"))
(void)stabent(buf,TRUE);
--- 1770,1786 ----
arg->arg_type = O_ITEM;
arg[1].arg_type = A_DOUBLE;
arg[1].arg_ptr.arg_str = str_smake(str);
! d = scanident(d,bufend,buf,sizeof buf);
(void)stabent(buf,TRUE); /* make sure it's created */
for (; d < e; d++) {
if (*d == '\\')
d++;
else if (*d == '$' && d[1] && d[1] != '|' && d[1] != ')') {
! d = scanident(d,bufend,buf,sizeof buf);
(void)stabent(buf,TRUE);
}
else if (*d == '@') {
! d = scanident(d,bufend,buf,sizeof buf);
if (strEQ(buf,"ARGV") || strEQ(buf,"ENV") ||
strEQ(buf,"SIG") || strEQ(buf,"INC"))
(void)stabent(buf,TRUE);
***************
*** 1854,1868 ****
arg->arg_type = O_ITEM;
arg[1].arg_type = A_DOUBLE;
arg[1].arg_ptr.arg_str = str_smake(str);
! d = scanident(d,e,buf);
(void)stabent(buf,TRUE); /* make sure it's created */
for (; *d; d++) {
if (*d == '$' && d[1] && d[-1] != '\\' && d[1] != '|') {
! d = scanident(d,e,buf);
(void)stabent(buf,TRUE);
}
else if (*d == '@' && d[-1] != '\\') {
! d = scanident(d,e,buf);
if (strEQ(buf,"ARGV") || strEQ(buf,"ENV") ||
strEQ(buf,"SIG") || strEQ(buf,"INC"))
(void)stabent(buf,TRUE);
--- 1854,1868 ----
arg->arg_type = O_ITEM;
arg[1].arg_type = A_DOUBLE;
arg[1].arg_ptr.arg_str = str_smake(str);
! d = scanident(d,e,buf,sizeof buf);
(void)stabent(buf,TRUE); /* make sure it's created */
for (; *d; d++) {
if (*d == '$' && d[1] && d[-1] != '\\' && d[1] != '|') {
! d = scanident(d,e,buf,sizeof buf);
(void)stabent(buf,TRUE);
}
else if (*d == '@' && d[-1] != '\\') {
! d = scanident(d,e,buf,sizeof buf);
if (strEQ(buf,"ARGV") || strEQ(buf,"ENV") ||
strEQ(buf,"SIG") || strEQ(buf,"INC"))
(void)stabent(buf,TRUE);
***************
*** 2457,2463 ****
(*s == '@' && s+1 < send) ) {
if (s[1] == '#' && (isALPHA(s[2]) || s[2] == '_'))
*d++ = *s++;
! len = scanident(s,send,tokenbuf) - s;
if (*s == '$' || strEQ(tokenbuf,"ARGV")
|| strEQ(tokenbuf,"ENV")
|| strEQ(tokenbuf,"SIG")
--- 2457,2463 ----
(*s == '@' && s+1 < send) ) {
if (s[1] == '#' && (isALPHA(s[2]) || s[2] == '_'))
*d++ = *s++;
! len = scanident(s,send,tokenbuf,sizeof tokenbuf) - s;
if (*s == '$' || strEQ(tokenbuf,"ARGV")
|| strEQ(tokenbuf,"ENV")
|| strEQ(tokenbuf,"SIG")
***************
*** 2739,2745 ****
case '$':
str_ncat(str, t, s - t);
t = s;
! s = scanident(s,eol,tokenbuf);
str_ncat(str, t, s - t);
t = s;
if (s < eol && *s && index("$'\"",*s))
--- 2739,2745 ----
case '$':
str_ncat(str, t, s - t);
t = s;
! s = scanident(s,eol,tokenbuf,sizeof tokenbuf);
str_ncat(str, t, s - t);
t = s;
if (s < eol && *s && index("$'\"",*s))
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199708271058.MAA13508>