|
 |
cb67f2 |
From eb1ab619f3f36539e53e6a481a0aa168afa10596 Mon Sep 17 00:00:00 2001
|
|
|
cb67f2 |
From: ph10 <ph10@2f5784b3-3f2a-0410-8824-cb99058d5e15>
|
|
|
cb67f2 |
Date: Tue, 19 May 2015 16:02:06 +0000
|
|
|
cb67f2 |
Subject: [PATCH] Fix buffer overflow for lookbehind within mutually recursive
|
|
|
cb67f2 |
subroutines.
|
|
|
cb67f2 |
MIME-Version: 1.0
|
|
|
cb67f2 |
Content-Type: text/plain; charset=UTF-8
|
|
|
cb67f2 |
Content-Transfer-Encoding: 8bit
|
|
|
cb67f2 |
|
|
|
cb67f2 |
Ported to 8.32:
|
|
|
cb67f2 |
|
|
|
cb67f2 |
commit 9f2cf82ed9380bb4a726250833d6a0d295be8747
|
|
|
cb67f2 |
Author: ph10 <ph10@2f5784b3-3f2a-0410-8824-cb99058d5e15>
|
|
|
cb67f2 |
Date: Tue May 19 16:02:06 2015 +0000
|
|
|
cb67f2 |
|
|
|
cb67f2 |
Fix buffer overflow for lookbehind within mutually recursive subroutines.
|
|
|
cb67f2 |
|
|
|
cb67f2 |
git-svn-id: svn://vcs.exim.org/pcre/code/trunk@1560 2f5784b3-3f2a-0410-8824-cb99058d5e15
|
|
|
cb67f2 |
|
|
|
cb67f2 |
Signed-off-by: Petr Písař <ppisar@redhat.com>
|
|
|
cb67f2 |
---
|
|
|
cb67f2 |
pcre_compile.c | 2 +-
|
|
|
cb67f2 |
testdata/testinput2 | 3 +++
|
|
|
cb67f2 |
testdata/testoutput2 | 3 +++
|
|
|
cb67f2 |
3 files changed, 7 insertions(+), 1 deletion(-)
|
|
|
cb67f2 |
|
|
|
cb67f2 |
diff --git a/pcre_compile.c b/pcre_compile.c
|
|
|
cb67f2 |
index 0215861..7d203eb 100644
|
|
|
cb67f2 |
--- a/pcre_compile.c
|
|
|
cb67f2 |
+++ b/pcre_compile.c
|
|
|
cb67f2 |
@@ -1811,7 +1811,7 @@ for (;;)
|
|
|
cb67f2 |
case OP_ASSERTBACK:
|
|
|
cb67f2 |
case OP_ASSERTBACK_NOT:
|
|
|
cb67f2 |
do cc += GET(cc, 1); while (*cc == OP_ALT);
|
|
|
cb67f2 |
- cc += PRIV(OP_lengths)[*cc];
|
|
|
cb67f2 |
+ cc += 1 + LINK_SIZE;
|
|
|
cb67f2 |
break;
|
|
|
cb67f2 |
|
|
|
cb67f2 |
/* Skip over things that don't match chars */
|
|
|
cb67f2 |
diff --git a/testdata/testinput2 b/testdata/testinput2
|
|
|
cb67f2 |
index bb11212..1b83cf2 100644
|
|
|
cb67f2 |
--- a/testdata/testinput2
|
|
|
cb67f2 |
+++ b/testdata/testinput2
|
|
|
cb67f2 |
@@ -3822,4 +3822,7 @@ settings of the anchored and startline bits. --/
|
|
|
cb67f2 |
|
|
|
cb67f2 |
/(?J:(?|(:(?|(?'R')(\k'R')|((?'R')))H'Rk'Rf)|s(?'R')))/
|
|
|
cb67f2 |
|
|
|
cb67f2 |
+".*?\h.+.\.+\R*?\xd(?i)(?=!(?=b`b`b`\`b\xa9b!)`\a`bbbbbbbbbbbbb`bbbbbbbbbbbb*R\x85bbbbbbb\C?{((?2)(?))((
|
|
|
cb67f2 |
+\H){8(?<=(?1){29}\xa8bbbb\x16\xd\xc6^($(?
|
|
|
cb67f2 |
+
|
|
|
cb67f2 |
/-- End of testinput2 --/
|
|
|
cb67f2 |
diff --git a/testdata/testoutput2 b/testdata/testoutput2
|
|
|
cb67f2 |
index 2dd2381..e33b4e2 100644
|
|
|
cb67f2 |
--- a/testdata/testoutput2
|
|
|
cb67f2 |
+++ b/testdata/testoutput2
|
|
|
cb67f2 |
@@ -12519,4 +12519,7 @@ No match
|
|
|
cb67f2 |
|
|
|
cb67f2 |
/(?J:(?|(:(?|(?'R')(\k'R')|((?'R')))H'Rk'Rf)|s(?'R')))/
|
|
|
cb67f2 |
|
|
|
cb67f2 |
+".*?\h.+.\.+\R*?\xd(?i)(?=!(?=b`b`b`\`b\xa9b!)`\a`bbbbbbbbbbbbb`bbbbbbbbbbbb*R\x85bbbbbbb\C?{((?2)(?))((
|
|
|
cb67f2 |
+\H){8(?<=(?1){29}\xa8bbbb\x16\xd\xc6^($(?
|
|
|
cb67f2 |
+
|
|
|
cb67f2 |
/-- End of testinput2 --/
|
|
|
cb67f2 |
--
|
|
|
cb67f2 |
2.5.5
|
|
|
cb67f2 |
|