Ticket #2227: perl-5.10.0-fixes.diff

lib/File/CVE-2008-2827.t

@@ +1 @@
+#!perl -w
+
+# Test case derived from http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=487319
+
+my $foo = "foo-$$";
+my $bar = "bar-$$";
+
+die "Not clean [$foo] [$bar]" if -e $foo || -e $bar;
+
+eval {
+    symlink($foo, $bar) || die "Can't symlink $foo --> $bar";
+};
+if ($@) {
+    print "1..0 # Skipped: Only systems that can do symlinks are affected\n";
+    print "$@\n";
+    exit;
+}
+
+use Test;
+plan tests => 5;
+
+umask(0027);
+
+# touch foo
+open(my $fh, ">", $foo) || die "Can't create $foo\n";
+close($fh);
+
+my $m = (stat $foo)[2];
+ok(defined $m);
+
+require File::Path;
+ok(File::Path::rmtree($bar));
+ok(!-e $bar);
+
+# If the mode of $foo changed as a result of removing $bar then we are vulnerable
+ok($m, (stat $foo)[2]);
+
+unlink($foo);
+ok(!-e $foo);

lib/File/Path.pm

@@ -350 +350 @@
                 next ROOT_DIR;
             }
 
-            my $nperm = $perm & 07777 | 0600;
-            if ($nperm != $perm and not chmod $nperm, $root) {
-                if ($Force_Writeable) {
+            if ($Force_Writeable) {
+                my $nperm = $perm & 07777 | 0600;
+                if ($nperm != $perm and not chmod $nperm, $root) {
                     _error($arg, "cannot make file writeable", $canon);
                 }
             }

perl-5.10.0

@@ -1543 +1543 @@
     stash = GvSTASH(
         SvTYPE(mg->mg_obj) == SVt_PVGV
             ? (GV*)mg->mg_obj
-            : (GV*)SvMAGIC(mg->mg_obj)->mg_obj
+            : (GV*)mg_find(mg->mg_obj, PERL_MAGIC_isa)->mg_obj
     );
 
     mro_isa_changed_in(stash);