|
 |
08805a |
From 7a8c5efada4bd9e9b625b041184299d4aff06bd5 Mon Sep 17 00:00:00 2001
|
|
|
08805a |
From: ph10 <ph10@2f5784b3-3f2a-0410-8824-cb99058d5e15>
|
|
|
08805a |
Date: Sun, 8 Feb 2015 16:43:13 +0000
|
|
|
08805a |
Subject: [PATCH 1/3] Fix duplicate names memory calculation error.
|
|
|
08805a |
MIME-Version: 1.0
|
|
|
08805a |
Content-Type: text/plain; charset=UTF-8
|
|
|
08805a |
Content-Transfer-Encoding: 8bit
|
|
|
08805a |
|
|
|
08805a |
Ported to 8.32:
|
|
|
08805a |
|
|
|
08805a |
commit 46465068f53358d3ae6cca4d9db8d1ed3b9f1928
|
|
|
08805a |
Author: ph10 <ph10@2f5784b3-3f2a-0410-8824-cb99058d5e15>
|
|
|
08805a |
Date: Sun Feb 8 16:43:13 2015 +0000
|
|
|
08805a |
|
|
|
08805a |
Fix duplicate names memory calculation error.
|
|
|
08805a |
|
|
|
08805a |
git-svn-id: svn://vcs.exim.org/pcre/code/trunk@1521 2f5784b3-3f2a-0410-8824-cb99058d5e15
|
|
|
08805a |
|
|
|
08805a |
Signed-off-by: Petr Písař <ppisar@redhat.com>
|
|
|
08805a |
|
|
|
08805a |
XXX: Complete fix requires:
|
|
|
08805a |
|
|
|
08805a |
commit b9a4e4087ac610792118c6dc7c8e83ab313da1ed
|
|
|
08805a |
Author: ph10 <ph10@2f5784b3-3f2a-0410-8824-cb99058d5e15>
|
|
|
08805a |
Date: Tue Sep 3 10:10:59 2013 +0000
|
|
|
08805a |
|
|
|
08805a |
Refactor the code for creating the name/number table.
|
|
|
08805a |
|
|
|
08805a |
git-svn-id: svn://vcs.exim.org/pcre/code/trunk@1359 2f5784b3-3f2a-0410-8824-
|
|
|
08805a |
cb99058d5e15
|
|
|
08805a |
|
|
|
08805a |
Otherwise the CVE-2015-8385 is fixed by `Fix buffer overflow for named
|
|
|
08805a |
references in (?| situations' patch.
|
|
|
08805a |
|
|
|
08805a |
Signed-off-by: Petr Písař <ppisar@redhat.com>
|
|
|
08805a |
---
|
|
|
08805a |
pcre_compile.c | 6 ++++++
|
|
|
08805a |
testdata/testinput2 | 2 ++
|
|
|
08805a |
testdata/testoutput11-16 | 2 +-
|
|
|
08805a |
testdata/testoutput11-32 | 2 +-
|
|
|
08805a |
testdata/testoutput11-8 | 2 +-
|
|
|
08805a |
testdata/testoutput2 | 2 ++
|
|
|
08805a |
6 files changed, 13 insertions(+), 3 deletions(-)
|
|
|
08805a |
|
|
|
08805a |
diff --git a/pcre_compile.c b/pcre_compile.c
|
|
|
08805a |
index 86cd0c8..4506e56 100644
|
|
|
08805a |
--- a/pcre_compile.c
|
|
|
08805a |
+++ b/pcre_compile.c
|
|
|
08805a |
@@ -6294,6 +6294,12 @@ for (;; ptr++)
|
|
|
08805a |
(options & PCRE_EXTENDED) != 0, utf);
|
|
|
08805a |
cd->end_pattern = temp;
|
|
|
08805a |
if (recno < 0) recno = 0; /* Forward ref; set dummy number */
|
|
|
08805a |
+
|
|
|
08805a |
+ /* We have to allow for a named reference to a duplicated name (this
|
|
|
08805a |
+ cannot be determined until the second pass). This needs an extra
|
|
|
08805a |
+ 16-bit data item. */
|
|
|
08805a |
+
|
|
|
08805a |
+ *lengthptr += IMM2_SIZE;
|
|
|
08805a |
}
|
|
|
08805a |
|
|
|
08805a |
/* In the real compile, seek the name in the table. We check the name
|
|
|
08805a |
diff --git a/testdata/testinput2 b/testdata/testinput2
|
|
|
08805a |
index e6d0e87..53c4718 100644
|
|
|
08805a |
--- a/testdata/testinput2
|
|
|
08805a |
+++ b/testdata/testinput2
|
|
|
08805a |
@@ -3818,4 +3818,6 @@ settings of the anchored and startline bits. --/
|
|
|
08805a |
|
|
|
08805a |
/(((a\2)|(a*)\g<-1>))*a?/BZ
|
|
|
08805a |
|
|
|
08805a |
+/(?<N111>(?J)(?<N111>1(111111)11|)1|1|)(?(<N111>)1)/
|
|
|
08805a |
+
|
|
|
08805a |
/-- End of testinput2 --/
|
|
|
08805a |
diff --git a/testdata/testoutput11-16 b/testdata/testoutput11-16
|
|
|
08805a |
index de64e37..4115877 100644
|
|
|
08805a |
--- a/testdata/testoutput11-16
|
|
|
08805a |
+++ b/testdata/testoutput11-16
|
|
|
08805a |
@@ -232,7 +232,7 @@ Memory allocation (code space): 73
|
|
|
08805a |
------------------------------------------------------------------
|
|
|
08805a |
|
|
|
08805a |
/(?Pa)...(?P=a)bbb(?P>a)d/BM
|
|
|
08805a |
-Memory allocation (code space): 57
|
|
|
08805a |
+Memory allocation (code space): 61
|
|
|
08805a |
------------------------------------------------------------------
|
|
|
08805a |
0 24 Bra
|
|
|
08805a |
2 5 CBra 1
|
|
|
08805a |
diff --git a/testdata/testoutput11-32 b/testdata/testoutput11-32
|
|
|
08805a |
index 0d32e2f..3f66acd 100644
|
|
|
08805a |
--- a/testdata/testoutput11-32
|
|
|
08805a |
+++ b/testdata/testoutput11-32
|
|
|
08805a |
@@ -232,7 +232,7 @@ Memory allocation (code space): 155
|
|
|
08805a |
------------------------------------------------------------------
|
|
|
08805a |
|
|
|
08805a |
/(?Pa)...(?P=a)bbb(?P>a)d/BM
|
|
|
08805a |
-Memory allocation (code space): 117
|
|
|
08805a |
+Memory allocation (code space): 125
|
|
|
08805a |
------------------------------------------------------------------
|
|
|
08805a |
0 24 Bra
|
|
|
08805a |
2 5 CBra 1
|
|
|
08805a |
diff --git a/testdata/testoutput11-8 b/testdata/testoutput11-8
|
|
|
08805a |
index 9447fb6..27e2c65 100644
|
|
|
08805a |
--- a/testdata/testoutput11-8
|
|
|
08805a |
+++ b/testdata/testoutput11-8
|
|
|
08805a |
@@ -232,7 +232,7 @@ Memory allocation (code space): 45
|
|
|
08805a |
------------------------------------------------------------------
|
|
|
08805a |
|
|
|
08805a |
/(?Pa)...(?P=a)bbb(?P>a)d/BM
|
|
|
08805a |
-Memory allocation (code space): 34
|
|
|
08805a |
+Memory allocation (code space): 38
|
|
|
08805a |
------------------------------------------------------------------
|
|
|
08805a |
0 30 Bra
|
|
|
08805a |
3 7 CBra 1
|
|
|
08805a |
diff --git a/testdata/testoutput2 b/testdata/testoutput2
|
|
|
08805a |
index 2a2b577..b0b46d7 100644
|
|
|
08805a |
--- a/testdata/testoutput2
|
|
|
08805a |
+++ b/testdata/testoutput2
|
|
|
08805a |
@@ -12515,4 +12515,6 @@ No match
|
|
|
08805a |
End
|
|
|
08805a |
------------------------------------------------------------------
|
|
|
08805a |
|
|
|
08805a |
+/(?<N111>(?J)(?<N111>1(111111)11|)1|1|)(?(<N111>)1)/
|
|
|
08805a |
+
|
|
|
08805a |
/-- End of testinput2 --/
|
|
|
08805a |
--
|
|
|
08805a |
2.5.5
|
|
|
08805a |
|