• David Mitchell's avatar
    Perl_my_setenv(); handle integer wrap · 479e665b
    David Mitchell authored
    RT #133204
    Wean this function off int/I32 and onto UV/Size_t.
    Also, replace all malloc-ish calls with a wrapper that does
    overflow checks,
    In particular, it was doing (nlen + vlen + 2) which could wrap when
    the combined length of the environment variable name and value
    exceeded around 0x7fffffff.
    The wrapper check function is probably overkill, but belt and braces...
    NB this function has several variant parts, #ifdef'ed by platform
    type; I have blindly changed the parts that aren't compiled under linux.
    [Backported to Perl 5.20 by Dominic Hargreaves for Debian;
    whitespace changes only]
    Origin: upstream
    Patch-Name: fixes/CVE-2018-18311.diff
util.c 139 KB