Merge pull request #12878 from leenaars/patch-3
pcre: 8.37 with patches -> 8.38
This commit is contained in:
commit
508ab8e949
@ -1,87 +0,0 @@
|
||||
From 68ff1beb43bb3d4d8838f3285c97023d1e50513a Mon Sep 17 00:00:00 2001
|
||||
From: ph10 <ph10@2f5784b3-3f2a-0410-8824-cb99058d5e15>
|
||||
Date: Fri, 15 May 2015 17:17:03 +0000
|
||||
Subject: [PATCH] Fix buffer overflow for named recursive back reference when
|
||||
the name is duplicated.
|
||||
MIME-Version: 1.0
|
||||
Content-Type: text/plain; charset=UTF-8
|
||||
Content-Transfer-Encoding: 8bit
|
||||
|
||||
Upstream commit ported to pcre-8.37:
|
||||
|
||||
commit 4b79af6b4cbeb5326ae5e4d83f3e935e00286c19
|
||||
Author: ph10 <ph10@2f5784b3-3f2a-0410-8824-cb99058d5e15>
|
||||
Date: Fri May 15 17:17:03 2015 +0000
|
||||
|
||||
Fix buffer overflow for named recursive back reference when the name is
|
||||
duplicated.
|
||||
|
||||
git-svn-id: svn://vcs.exim.org/pcre/code/trunk@1558 2f5784b3-3f2a-0410-8824-cb99058d5e15
|
||||
|
||||
This fixes CVE-2015-3210.
|
||||
|
||||
Signed-off-by: Petr Písař <ppisar@redhat.com>
|
||||
---
|
||||
pcre_compile.c | 16 ++++++++++++++--
|
||||
testdata/testinput2 | 2 ++
|
||||
testdata/testoutput2 | 2 ++
|
||||
3 files changed, 18 insertions(+), 2 deletions(-)
|
||||
|
||||
diff --git a/pcre_compile.c b/pcre_compile.c
|
||||
index 0efad26..6f06912 100644
|
||||
--- a/pcre_compile.c
|
||||
+++ b/pcre_compile.c
|
||||
@@ -7173,14 +7173,26 @@ for (;; ptr++)
|
||||
number. If the name is not found, set the value to 0 for a forward
|
||||
reference. */
|
||||
|
||||
+ recno = 0;
|
||||
ng = cd->named_groups;
|
||||
for (i = 0; i < cd->names_found; i++, ng++)
|
||||
{
|
||||
if (namelen == ng->length &&
|
||||
STRNCMP_UC_UC(name, ng->name, namelen) == 0)
|
||||
- break;
|
||||
+ {
|
||||
+ open_capitem *oc;
|
||||
+ recno = ng->number;
|
||||
+ if (is_recurse) break;
|
||||
+ for (oc = cd->open_caps; oc != NULL; oc = oc->next)
|
||||
+ {
|
||||
+ if (oc->number == recno)
|
||||
+ {
|
||||
+ oc->flag = TRUE;
|
||||
+ break;
|
||||
+ }
|
||||
+ }
|
||||
+ }
|
||||
}
|
||||
- recno = (i < cd->names_found)? ng->number : 0;
|
||||
|
||||
/* Count named back references. */
|
||||
|
||||
diff --git a/testdata/testinput2 b/testdata/testinput2
|
||||
index 58fe53b..83bb471 100644
|
||||
--- a/testdata/testinput2
|
||||
+++ b/testdata/testinput2
|
||||
@@ -4152,4 +4152,6 @@ backtracking verbs. --/
|
||||
|
||||
/((?2){73}(?2))((?1))/
|
||||
|
||||
+"(?J)(?'d'(?'d'\g{d}))"
|
||||
+
|
||||
/-- End of testinput2 --/
|
||||
diff --git a/testdata/testoutput2 b/testdata/testoutput2
|
||||
index b718df0..7dff52a 100644
|
||||
--- a/testdata/testoutput2
|
||||
+++ b/testdata/testoutput2
|
||||
@@ -14423,4 +14423,6 @@ Failed: lookbehind assertion is not fixed length at offset 17
|
||||
|
||||
/((?2){73}(?2))((?1))/
|
||||
|
||||
+"(?J)(?'d'(?'d'\g{d}))"
|
||||
+
|
||||
/-- End of testinput2 --/
|
||||
--
|
||||
2.4.3
|
||||
|
@ -1,68 +0,0 @@
|
||||
From 354e1f8e921dcb9cf2f3a5eac93cd826d01a7d8a Mon Sep 17 00:00:00 2001
|
||||
From: ph10 <ph10@2f5784b3-3f2a-0410-8824-cb99058d5e15>
|
||||
Date: Tue, 23 Jun 2015 16:34:53 +0000
|
||||
Subject: [PATCH] Fix buffer overflow for forward reference within backward
|
||||
assertion with excess closing parenthesis. Bugzilla 1651.
|
||||
MIME-Version: 1.0
|
||||
Content-Type: text/plain; charset=UTF-8
|
||||
Content-Transfer-Encoding: 8bit
|
||||
|
||||
This is upstream commit ported to 8.37:
|
||||
|
||||
commit 764692f9aea9eab50fdba6cb537441d8b34c6c37
|
||||
Author: ph10 <ph10@2f5784b3-3f2a-0410-8824-cb99058d5e15>
|
||||
Date: Tue Jun 23 16:34:53 2015 +0000
|
||||
|
||||
Fix buffer overflow for forward reference within backward assertion with excess
|
||||
closing parenthesis. Bugzilla 1651.
|
||||
|
||||
git-svn-id: svn://vcs.exim.org/pcre/code/trunk@1571 2f5784b3-3f2a-0410-8824-cb99058d5e15
|
||||
|
||||
It fixes CVE-2015-5073.
|
||||
|
||||
Signed-off-by: Petr Písař <ppisar@redhat.com>
|
||||
---
|
||||
pcre_compile.c | 2 +-
|
||||
testdata/testinput2 | 2 ++
|
||||
testdata/testoutput2 | 3 +++
|
||||
3 files changed, 6 insertions(+), 1 deletion(-)
|
||||
|
||||
diff --git a/pcre_compile.c b/pcre_compile.c
|
||||
index 6f06912..b66b1f6 100644
|
||||
--- a/pcre_compile.c
|
||||
+++ b/pcre_compile.c
|
||||
@@ -9392,7 +9392,7 @@ OP_RECURSE that are not fixed length get a diagnosic with a useful offset. The
|
||||
exceptional ones forgo this. We scan the pattern to check that they are fixed
|
||||
length, and set their lengths. */
|
||||
|
||||
-if (cd->check_lookbehind)
|
||||
+if (errorcode == 0 && cd->check_lookbehind)
|
||||
{
|
||||
pcre_uchar *cc = (pcre_uchar *)codestart;
|
||||
|
||||
diff --git a/testdata/testinput2 b/testdata/testinput2
|
||||
index 83bb471..5cc9ce6 100644
|
||||
--- a/testdata/testinput2
|
||||
+++ b/testdata/testinput2
|
||||
@@ -4154,4 +4154,6 @@ backtracking verbs. --/
|
||||
|
||||
"(?J)(?'d'(?'d'\g{d}))"
|
||||
|
||||
+/(?=di(?<=(?1))|(?=(.))))/
|
||||
+
|
||||
/-- End of testinput2 --/
|
||||
diff --git a/testdata/testoutput2 b/testdata/testoutput2
|
||||
index 7dff52a..4decb8d 100644
|
||||
--- a/testdata/testoutput2
|
||||
+++ b/testdata/testoutput2
|
||||
@@ -14425,4 +14425,7 @@ Failed: lookbehind assertion is not fixed length at offset 17
|
||||
|
||||
"(?J)(?'d'(?'d'\g{d}))"
|
||||
|
||||
+/(?=di(?<=(?1))|(?=(.))))/
|
||||
+Failed: unmatched parentheses at offset 23
|
||||
+
|
||||
/-- End of testinput2 --/
|
||||
--
|
||||
2.4.3
|
||||
|
@ -5,17 +5,15 @@
|
||||
with stdenv.lib;
|
||||
|
||||
stdenv.mkDerivation rec {
|
||||
name = "pcre-8.37";
|
||||
name = "pcre-8.38";
|
||||
|
||||
src = fetchurl {
|
||||
url = "ftp://ftp.csx.cam.ac.uk/pub/software/programming/pcre/${name}.tar.bz2";
|
||||
sha256 = "17bqykp604p7376wj3q2nmjdhrb6v1ny8q08zdwi7qvc02l9wrsi";
|
||||
sha256 = "1pvra19ljkr5ky35y2iywjnsckrs9ch2anrf5b0dc91hw8v2vq5r";
|
||||
};
|
||||
|
||||
patches =
|
||||
[ ./cve-2015-3210.patch
|
||||
./cve-2015-5073.patch
|
||||
];
|
||||
[ ];
|
||||
|
||||
outputs = [ "out" "doc" "man" ];
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user