|
 |
cb67f2 |
From 01611089a2be24b740e67d5fac8d7b44b2330302 Mon Sep 17 00:00:00 2001
|
|
|
cb67f2 |
From: ph10 <ph10@2f5784b3-3f2a-0410-8824-cb99058d5e15>
|
|
|
cb67f2 |
Date: Wed, 10 Feb 2016 19:13:17 +0000
|
|
|
cb67f2 |
Subject: [PATCH] Fix workspace overflow for (*ACCEPT) with deeply nested
|
|
|
cb67f2 |
parentheses.
|
|
|
cb67f2 |
MIME-Version: 1.0
|
|
|
cb67f2 |
Content-Type: text/plain; charset=UTF-8
|
|
|
cb67f2 |
Content-Transfer-Encoding: 8bit
|
|
|
cb67f2 |
|
|
|
cb67f2 |
Ported to 8.32:
|
|
|
cb67f2 |
|
|
|
cb67f2 |
commit 943a5105b9fe2842851003f692c7077a6cdbeefe
|
|
|
cb67f2 |
Author: ph10 <ph10@2f5784b3-3f2a-0410-8824-cb99058d5e15>
|
|
|
cb67f2 |
Date: Wed Feb 10 19:13:17 2016 +0000
|
|
|
cb67f2 |
|
|
|
cb67f2 |
Fix workspace overflow for (*ACCEPT) with deeply nested parentheses.
|
|
|
cb67f2 |
|
|
|
cb67f2 |
git-svn-id: svn://vcs.exim.org/pcre/code/trunk@1631 2f5784b3-3f2a-0410-8824-cb99058d5e15
|
|
|
cb67f2 |
|
|
|
cb67f2 |
Signed-off-by: Petr Písař <ppisar@redhat.com>
|
|
|
cb67f2 |
---
|
|
|
cb67f2 |
pcre_compile.c | 21 ++++++++++++++++++---
|
|
|
cb67f2 |
pcre_internal.h | 2 +-
|
|
|
cb67f2 |
pcreposix.c | 3 ++-
|
|
|
cb67f2 |
testdata/testinput11 | 2 ++
|
|
|
cb67f2 |
testdata/testoutput11-16 | 3 +++
|
|
|
cb67f2 |
testdata/testoutput11-32 | 3 +++
|
|
|
cb67f2 |
testdata/testoutput11-8 | 3 +++
|
|
|
cb67f2 |
7 files changed, 32 insertions(+), 5 deletions(-)
|
|
|
cb67f2 |
|
|
|
cb67f2 |
diff --git a/pcre_compile.c b/pcre_compile.c
|
|
|
cb67f2 |
index 8eb4b0f..746dc70 100644
|
|
|
cb67f2 |
--- a/pcre_compile.c
|
|
|
cb67f2 |
+++ b/pcre_compile.c
|
|
|
cb67f2 |
@@ -508,6 +508,7 @@ static const char error_texts[] =
|
|
|
cb67f2 |
"name is too long in (*MARK), (*PRUNE), (*SKIP), or (*THEN)\0"
|
|
|
cb67f2 |
"character value in \\u.... sequence is too large\0"
|
|
|
cb67f2 |
"invalid UTF-32 string\0"
|
|
|
cb67f2 |
+ "regular expression is too complicated\0"
|
|
|
cb67f2 |
;
|
|
|
cb67f2 |
|
|
|
cb67f2 |
/* Table to identify digits and hex digits. This is used when compiling
|
|
|
cb67f2 |
@@ -3881,7 +3882,8 @@ for (;; ptr++)
|
|
|
cb67f2 |
if (code > cd->start_workspace + cd->workspace_size -
|
|
|
cb67f2 |
WORK_SIZE_SAFETY_MARGIN) /* Check for overrun */
|
|
|
cb67f2 |
{
|
|
|
cb67f2 |
- *errorcodeptr = ERR52;
|
|
|
cb67f2 |
+ *errorcodeptr = (code >= cd->start_workspace + cd->workspace_size)?
|
|
|
cb67f2 |
+ ERR52 : ERR87;
|
|
|
cb67f2 |
goto FAILED;
|
|
|
cb67f2 |
}
|
|
|
cb67f2 |
|
|
|
cb67f2 |
@@ -5701,8 +5703,21 @@ for (;; ptr++)
|
|
|
cb67f2 |
cd->had_accept = TRUE;
|
|
|
cb67f2 |
for (oc = cd->open_caps; oc != NULL; oc = oc->next)
|
|
|
cb67f2 |
{
|
|
|
cb67f2 |
- *code++ = OP_CLOSE;
|
|
|
cb67f2 |
- PUT2INC(code, 0, oc->number);
|
|
|
cb67f2 |
+ if (lengthptr != NULL)
|
|
|
cb67f2 |
+ {
|
|
|
cb67f2 |
+#ifdef COMPILE_PCRE8
|
|
|
cb67f2 |
+ *lengthptr += 1 + IMM2_SIZE;
|
|
|
cb67f2 |
+#elif defined COMPILE_PCRE16
|
|
|
cb67f2 |
+ *lengthptr += 2 + IMM2_SIZE;
|
|
|
cb67f2 |
+#elif defined COMPILE_PCRE32
|
|
|
cb67f2 |
+ *lengthptr += 4 + IMM2_SIZE;
|
|
|
cb67f2 |
+#endif
|
|
|
cb67f2 |
+ }
|
|
|
cb67f2 |
+ else
|
|
|
cb67f2 |
+ {
|
|
|
cb67f2 |
+ *code++ = OP_CLOSE;
|
|
|
cb67f2 |
+ PUT2INC(code, 0, oc->number);
|
|
|
cb67f2 |
+ }
|
|
|
cb67f2 |
}
|
|
|
cb67f2 |
setverb = *code++ =
|
|
|
cb67f2 |
(cd->assert_depth > 0)? OP_ASSERT_ACCEPT : OP_ACCEPT;
|
|
|
cb67f2 |
diff --git a/pcre_internal.h b/pcre_internal.h
|
|
|
cb67f2 |
index 536b3d8..157de08 100644
|
|
|
cb67f2 |
--- a/pcre_internal.h
|
|
|
cb67f2 |
+++ b/pcre_internal.h
|
|
|
cb67f2 |
@@ -2270,7 +2270,7 @@ enum { ERR0, ERR1, ERR2, ERR3, ERR4, ERR5, ERR6, ERR7, ERR8, ERR9,
|
|
|
cb67f2 |
ERR40, ERR41, ERR42, ERR43, ERR44, ERR45, ERR46, ERR47, ERR48, ERR49,
|
|
|
cb67f2 |
ERR50, ERR51, ERR52, ERR53, ERR54, ERR55, ERR56, ERR57, ERR58, ERR59,
|
|
|
cb67f2 |
ERR60, ERR61, ERR62, ERR63, ERR64, ERR65, ERR66, ERR67, ERR68, ERR69,
|
|
|
cb67f2 |
- ERR70, ERR71, ERR72, ERR73, ERR74, ERR75, ERR76, ERR77, ERRCOUNT };
|
|
|
cb67f2 |
+ ERR70, ERR71, ERR72, ERR73, ERR74, ERR75, ERR76, ERR77, ERR87, ERRCOUNT };
|
|
|
cb67f2 |
|
|
|
cb67f2 |
/* JIT compiling modes. The function list is indexed by them. */
|
|
|
cb67f2 |
enum { JIT_COMPILE, JIT_PARTIAL_SOFT_COMPILE, JIT_PARTIAL_HARD_COMPILE,
|
|
|
cb67f2 |
diff --git a/pcreposix.c b/pcreposix.c
|
|
|
cb67f2 |
index 15195c0..700676c 100644
|
|
|
cb67f2 |
--- a/pcreposix.c
|
|
|
cb67f2 |
+++ b/pcreposix.c
|
|
|
cb67f2 |
@@ -162,7 +162,8 @@ static const int eint[] = {
|
|
|
cb67f2 |
/* 75 */
|
|
|
cb67f2 |
REG_BADPAT, /* overlong MARK name */
|
|
|
cb67f2 |
REG_BADPAT, /* character value in \u.... sequence is too large */
|
|
|
cb67f2 |
- REG_BADPAT /* invalid UTF-32 string (should not occur) */
|
|
|
cb67f2 |
+ REG_BADPAT, /* invalid UTF-32 string (should not occur) */
|
|
|
cb67f2 |
+ REG_BADPAT /* pattern too complicated */
|
|
|
cb67f2 |
};
|
|
|
cb67f2 |
|
|
|
cb67f2 |
/* Table of texts corresponding to POSIX error codes */
|
|
|
cb67f2 |
diff --git a/testdata/testinput11 b/testdata/testinput11
|
|
|
cb67f2 |
index 7e8e542..014c722 100644
|
|
|
cb67f2 |
--- a/testdata/testinput11
|
|
|
cb67f2 |
+++ b/testdata/testinput11
|
|
|
cb67f2 |
@@ -134,4 +134,6 @@ is required for these tests. --/
|
|
|
cb67f2 |
|
|
|
cb67f2 |
/(((a\2)|(a*)\g<-1>))*a?/B
|
|
|
cb67f2 |
|
|
|
cb67f2 |
+/([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00](*ACCEPT)/
|
|
|
cb67f2 |
+
|
|
|
cb67f2 |
/-- End of testinput11 --/
|
|
|
cb67f2 |
diff --git a/testdata/testoutput11-16 b/testdata/testoutput11-16
|
|
|
cb67f2 |
index 3cb3049..6ae9e2f 100644
|
|
|
cb67f2 |
--- a/testdata/testoutput11-16
|
|
|
cb67f2 |
+++ b/testdata/testoutput11-16
|
|
|
cb67f2 |
@@ -734,4 +734,7 @@ Memory allocation (code space): 14
|
|
|
cb67f2 |
41 End
|
|
|
cb67f2 |
------------------------------------------------------------------
|
|
|
cb67f2 |
|
|
|
cb67f2 |
+/([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00](*ACCEPT)/
|
|
|
cb67f2 |
+Failed: regular expression is too complicated at offset 490
|
|
|
cb67f2 |
+
|
|
|
cb67f2 |
/-- End of testinput11 --/
|
|
|
cb67f2 |
diff --git a/testdata/testoutput11-32 b/testdata/testoutput11-32
|
|
|
cb67f2 |
index 10dee82..124e3d1 100644
|
|
|
cb67f2 |
--- a/testdata/testoutput11-32
|
|
|
cb67f2 |
+++ b/testdata/testoutput11-32
|
|
|
cb67f2 |
@@ -734,4 +734,7 @@ Memory allocation (code space): 28
|
|
|
cb67f2 |
41 End
|
|
|
cb67f2 |
------------------------------------------------------------------
|
|
|
cb67f2 |
|
|
|
cb67f2 |
+/([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00](*ACCEPT)/
|
|
|
cb67f2 |
+Failed: missing ) at offset 509
|
|
|
cb67f2 |
+
|
|
|
cb67f2 |
/-- End of testinput11 --/
|
|
|
cb67f2 |
diff --git a/testdata/testoutput11-8 b/testdata/testoutput11-8
|
|
|
cb67f2 |
index a1bd60a..36f6e64 100644
|
|
|
cb67f2 |
--- a/testdata/testoutput11-8
|
|
|
cb67f2 |
+++ b/testdata/testoutput11-8
|
|
|
cb67f2 |
@@ -734,4 +734,7 @@ Memory allocation (code space): 10
|
|
|
cb67f2 |
60 End
|
|
|
cb67f2 |
------------------------------------------------------------------
|
|
|
cb67f2 |
|
|
|
cb67f2 |
+/([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00](*ACCEPT)/
|
|
|
cb67f2 |
+Failed: missing ) at offset 509
|
|
|
cb67f2 |
+
|
|
|
cb67f2 |
/-- End of testinput11 --/
|
|
|
cb67f2 |
--
|
|
|
cb67f2 |
2.5.5
|
|
|
cb67f2 |
|