diff options
| author | Stig Palmquist <stig@stig.io> | 2021-03-30 12:31:27 +0200 |
|---|---|---|
| committer | Stig Palmquist <stig@stig.io> | 2021-03-30 12:31:27 +0200 |
| commit | 7365de5ace45ac979fae118b1666be38a472bf3c (patch) | |
| tree | 94b775903c44cb3e7e0228a2e877b09f1e809620 /pkgs/development/perl-modules | |
| parent | ff166608d2eb81d041faf0e8d39ca6a02c9fb24b (diff) | |
| download | nixpkgs-7365de5ace45ac979fae118b1666be38a472bf3c.tar nixpkgs-7365de5ace45ac979fae118b1666be38a472bf3c.tar.gz nixpkgs-7365de5ace45ac979fae118b1666be38a472bf3c.tar.bz2 nixpkgs-7365de5ace45ac979fae118b1666be38a472bf3c.tar.lz nixpkgs-7365de5ace45ac979fae118b1666be38a472bf3c.tar.xz nixpkgs-7365de5ace45ac979fae118b1666be38a472bf3c.tar.zst nixpkgs-7365de5ace45ac979fae118b1666be38a472bf3c.zip | |
perlPackages.NetCIDRLite: add patch to prevent leading zeroes in ipv4 octets
https://blog.urth.org/2021/03/29/security-issues-in-perl-ip-address-distros/
Diffstat (limited to 'pkgs/development/perl-modules')
| -rw-r--r-- | pkgs/development/perl-modules/Net-CIDR-Lite-prevent-leading-zeroes-ipv4.patch | 53 |
1 files changed, 53 insertions, 0 deletions
diff --git a/pkgs/development/perl-modules/Net-CIDR-Lite-prevent-leading-zeroes-ipv4.patch b/pkgs/development/perl-modules/Net-CIDR-Lite-prevent-leading-zeroes-ipv4.patch new file mode 100644 index 00000000000..337111b6c04 --- /dev/null +++ b/pkgs/development/perl-modules/Net-CIDR-Lite-prevent-leading-zeroes-ipv4.patch @@ -0,0 +1,53 @@ +From 734d31aa2f65b69f5558b9b0dd67af0461ca7f80 Mon Sep 17 00:00:00 2001 +From: Stig Palmquist <stig@stig.io> +Date: Tue, 30 Mar 2021 12:13:37 +0200 +Subject: [PATCH] Security: Prevent leading zeroes in ipv4 octets + +https://blog.urth.org/2021/03/29/security-issues-in-perl-ip-address-distros/ +Related to CVE-2021-28918 +--- + Lite.pm | 2 +- + t/base.t | 13 ++++++++++++- + 2 files changed, 13 insertions(+), 2 deletions(-) + +diff --git a/Lite.pm b/Lite.pm +index fd6df73..d44f881 100644 +--- a/Lite.pm ++++ b/Lite.pm +@@ -181,7 +181,7 @@ sub _pack_ipv4 { + my @nums = split /\./, shift(), -1; + return unless @nums == 4; + for (@nums) { +- return unless /^\d{1,3}$/ and $_ <= 255; ++ return unless /^\d{1,3}$/ and !/^0\d{1,2}$/ and $_ <= 255; + } + pack("CC*", 0, @nums); + } +diff --git a/t/base.t b/t/base.t +index cf32c5e..292456d 100644 +--- a/t/base.t ++++ b/t/base.t +@@ -8,7 +8,7 @@ + use Test; + use strict; + $|++; +-BEGIN { plan tests => 39 }; ++BEGIN { plan tests => 42 }; + use Net::CIDR::Lite; + ok(1); # If we made it this far, we are ok. + +@@ -133,3 +133,14 @@ ok(join(', ', @list_short_range), '10.0.0.1-2, 10.0.0.5'); + })->list_short_range; + ok(join(', ', @list_short_range), '10.0.0.250-255, 10.0.1.0-20, 10.0.1.22, 10.0.2.250-255, 10.0.3.0-255, 10.0.4.0-255, 10.0.5.0-8'); + ++ ++# Tests for vulnerability: https://blog.urth.org/2021/03/29/security-issues-in-perl-ip-address-distros/ ++eval { Net::CIDR::Lite->new("010.0.0.0/8") }; ++ok($@=~/Can't determine ip format/); ++ ++my $err_octal = Net::CIDR::Lite->new; ++eval { $err_octal->add("010.0.0.0/8") }; ++ok($@=~/Can't determine ip format/); ++ ++eval { $err_octal->add("10.01.0.0/8") }; ++ok($@=~/Can't determine ip format/); |