Security Advisories (9)

CVE-2020-14393 (2020-09-16)

A buffer overflow was found in perl-DBI < 1.643 in DBI.xs. A local attacker who is able to supply a string longer than 300 characters could cause an out-of-bounds write, affecting the availability of the service or integrity of data.

CVE-2020-14392 (2020-06-17)

An untrusted pointer dereference flaw was found in Perl-DBI < 1.643. A local attacker who is able to manipulate calls to dbd_db_login6_sv() could cause memory corruption, affecting the service's availability.

CVE-2019-20919 (2020-09-17)

An issue was discovered in the DBI module before 1.643 for Perl. The hv_fetch() documentation requires checking for NULL and the code does that. But, shortly thereafter, it calls SvOK(profile), causing a NULL pointer dereference.

CPANSA-DBI-2014-01 (2014-10-15)

DBD::File drivers open files from folders other than specifically passed using the f_dir attribute.

CVE-2005-0077 (2005-05-02)

Allows local users to overwrite arbitrary files via a symlink attack on a temporary PID file.

https://metacpan.org/changes/distribution/DBI

CVE-2014-10402 (2020-09-16)

An issue was discovered in the DBI module through 1.643 for Perl. DBD::File drivers can open files from folders other than those specifically passed via the f_dir attribute in the data source name (DSN). NOTE: this issue exists because of an incomplete fix for CVE-2014-10401.

CVE-2014-10401 (2020-09-11)

An issue was discovered in the DBI module before 1.632 for Perl. DBD::File drivers can open files from folders other than those specifically passed via the f_dir attribute.

CVE-2013-7491 (2020-09-11)

An issue was discovered in the DBI module before 1.628 for Perl. Stack corruption occurs when a user-defined function requires a non-trivial amount of memory and the Perl stack gets reallocated.

CVE-2013-7490 (2020-09-11)

An issue was discovered in the DBI module before 1.632 for Perl. Using many arguments to methods for Callbacks may lead to memory corruption.

NAME

DBI::ProfileDumper::Apache - capture DBI profiling data from Apache/mod_perl

SYNOPSIS

Add this line to your httpd.conf:

PerlSetEnv DBI_PROFILE DBI::ProfileDumper::Apache

Then restart your server. Access the code you wish to test using a web browser, then shutdown your server. This will create a set of dbi.prof.* files in your Apache log directory. Get a profiling report with dbiprof:

dbiprof /usr/local/apache/logs/dbi.prof.*

When you're ready to perform another profiling run, delete the old files

rm /usr/local/apache/logs/dbi.prof.*

and start again.

DESCRIPTION

This module interfaces DBI::ProfileDumper to Apache/mod_perl. Using this module you can collect profiling data from mod_perl applications. It works by creating a DBI::ProfileDumper data file for each Apache process. These files are created in your Apache log directory. You can then use dbiprof to analyze the profile files.

USAGE

LOADING THE MODULE

The easiest way to use this module is just to set the DBI_PROFILE environment variable in your httpd.conf:

PerlSetEnv DBI_PROFILE DBI::ProfileDumper::Apache

If you want to use one of DBI::Profile's other Path settings, you can use a string like:

PerlSetEnv DBI_PROFILE 2/DBI::ProfileDumper::Apache

It's also possible to use this module by setting the Profile attribute of any DBI handle:

$dbh->{Profile} = "DBI::ProfileDumper::Apache";

See DBI::ProfileDumper for more possibilities.

GATHERING PROFILE DATA

Once you have the module loaded, use your application as you normally would. Stop the webserver when your tests are complete. Profile data files will be produced when Apache exits and you'll see something like this in your error_log:

DBI::ProfileDumper::Apache writing to /usr/local/apache/logs/dbi.prof.2619

Now you can use dbiprof to examine the data:

dbiprof /usr/local/apache/logs/dbi.prof.*

By passing dbiprof a list of all generated files, dbiprof will automatically merge them into one result set. You can also pass dbiprof sorting and querying options, see dbiprof for details.

CLEANING UP

Once you've made some code changes, you're ready to start again. First, delete the old profile data files:

rm /usr/local/apache/logs/dbi.prof.*

Then restart your server and get back to work.

MEMORY USAGE

DBI::Profile can use a lot of memory for very active applications. It collects profiling data in memory for each distinct query your application runs. You can avoid this problem with a call like this:

$dbh->{Profile}->flush_to_disk() if $dbh->{Profile};

Calling flush_to_disk() will clear out the profile data and write it to disk. Put this someplace where it will run on every request, like a CleanupHandler, and your memory troubles should go away. Well, at least the ones caused by DBI::Profile anyway.

AUTHOR

Sam Tregar <sam@tregar.com>

COPYRIGHT AND LICENSE

This program is free software; you can redistribute it and/or modify it under the same terms as Perl 5 itself.

To install DBI, copy and paste the appropriate command in to your terminal.

cpanm

cpanm DBI

CPAN shell

perl -MCPAN -e shell
install DBI

For more information on module installation, please visit the detailed CPAN module installation guide.

	Global
`s`	Focus search bar
`?`	Bring up this help dialog

	GitHub
`g` `p`	Go to pull requests
`g` `i`	Go to GitHub issues (only if GitHub is preferred repository)

	POD
`g` `a`	Go to author
`g` `c`	Go to changes
`g` `i`	Go to issues
`g` `d`	Go to dist
`g` `r`	Go to repository/SCM
`g` `s`	Go to source
`g` `b`	Go to file browse

Search terms
module: (e.g. module:Plugin)
distribution: (e.g. distribution:Dancer auth)
author: (e.g. author:SONGMU Redis)
version: (e.g. version:1.00)