rpms / pcre

Clone
Source Code
GIT

Files

  1.   08805af9676ffb786741a62c444d6ed550329225
  2.   SOURCES
  3.   pcre-8.32-Fix-buffer-overflow-for-forward-reference-within-bac.patch
Blob Blame History Raw 
From 644e923aee63090fd4f68169940327d9eebedc33 Mon Sep 17 00:00:00 2001
From: ph10 <ph10@2f5784b3-3f2a-0410-8824-cb99058d5e15>
Date: Tue, 23 Jun 2015 16:34:53 +0000
Subject: [PATCH] Fix buffer overflow for forward reference within backward
 assertion with excess closing parenthesis. Bugzilla 1651.
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

This is upstream commit ported to 8.32:

commit 764692f9aea9eab50fdba6cb537441d8b34c6c37
Author: ph10 <ph10@2f5784b3-3f2a-0410-8824-cb99058d5e15>
Date:   Tue Jun 23 16:34:53 2015 +0000

    Fix buffer overflow for forward reference within backward assertion with excess
    closing parenthesis. Bugzilla 1651.

    git-svn-id: svn://vcs.exim.org/pcre/code/trunk@1571 2f5784b3-3f2a-0410-8824-cb99058d5e15

It fixes CVE-2015-5073.

Signed-off-by: Petr Písař <ppisar@redhat.com>
---
 pcre_compile.c       | 2 +-
 testdata/testinput2  | 2 ++
 testdata/testoutput2 | 3 +++
 3 files changed, 6 insertions(+), 1 deletion(-)

diff --git a/pcre_compile.c b/pcre_compile.c
index d570447..aa7f4d6 100644
--- a/pcre_compile.c
+++ b/pcre_compile.c
@@ -8275,7 +8275,7 @@ OP_RECURSE that are not fixed length get a diagnosic with a useful offset. The
 exceptional ones forgo this. We scan the pattern to check that they are fixed
 length, and set their lengths. */
 
-if (cd->check_lookbehind)
+if (errorcode == 0 && cd->check_lookbehind)
   {
   pcre_uchar *cc = (pcre_uchar *)codestart;
 
diff --git a/testdata/testinput2 b/testdata/testinput2
index fc6fe2f..2f460dc 100644
--- a/testdata/testinput2
+++ b/testdata/testinput2
@@ -3827,4 +3827,6 @@ settings of the anchored and startline bits. --/
 
 /^(?:(?(1)x|)+)+$()/BZ
 
+/(?=di(?<=(?1))|(?=(.))))/
+
 /-- End of testinput2 --/
diff --git a/testdata/testoutput2 b/testdata/testoutput2
index 63b39c2..3c09fdf 100644
--- a/testdata/testoutput2
+++ b/testdata/testoutput2
@@ -12540,4 +12540,7 @@ No match
         End
 ------------------------------------------------------------------
 
+/(?=di(?<=(?1))|(?=(.))))/
+Failed: unmatched parentheses at offset 23
+
 /-- End of testinput2 --/
-- 
2.5.5

Powered by Pagure 5.14.1

SSH Hostkey/Fingerprint | Documentation