Fix a non-diagnosis of missing assection after (?(?C) that could corrupt process stack
This commit is contained in:
parent
eabd8d5446
commit
973bc3361d
101
pcre-8.38-Fix-non-diagnosis-of-missing-assertion-after-C.patch
Normal file
101
pcre-8.38-Fix-non-diagnosis-of-missing-assertion-after-C.patch
Normal file
@ -0,0 +1,101 @@
|
|||||||
|
From b3db1b7de5cfaa026ec2bc4a393129461a0f5c57 Mon Sep 17 00:00:00 2001
|
||||||
|
From: ph10 <ph10@2f5784b3-3f2a-0410-8824-cb99058d5e15>
|
||||||
|
Date: Sat, 27 Feb 2016 18:44:41 +0000
|
||||||
|
Subject: [PATCH] Fix non-diagnosis of missing assertion after (?(?C).
|
||||||
|
MIME-Version: 1.0
|
||||||
|
Content-Type: text/plain; charset=UTF-8
|
||||||
|
Content-Transfer-Encoding: 8bit
|
||||||
|
|
||||||
|
git-svn-id: svn://vcs.exim.org/pcre/code/trunk@1638 2f5784b3-3f2a-0410-8824-cb99058d5e15
|
||||||
|
|
||||||
|
Petr Písař: Ported to 8.38.
|
||||||
|
|
||||||
|
diff --git a/pcre_compile.c b/pcre_compile.c
|
||||||
|
index 4ffea0c..254c629 100644
|
||||||
|
--- a/pcre_compile.c
|
||||||
|
+++ b/pcre_compile.c
|
||||||
|
@@ -485,7 +485,7 @@ static const char error_texts[] =
|
||||||
|
"lookbehind assertion is not fixed length\0"
|
||||||
|
"malformed number or name after (?(\0"
|
||||||
|
"conditional group contains more than two branches\0"
|
||||||
|
- "assertion expected after (?(\0"
|
||||||
|
+ "assertion expected after (?( or (?(?C)\0"
|
||||||
|
"(?R or (?[+-]digits must be followed by )\0"
|
||||||
|
/* 30 */
|
||||||
|
"unknown POSIX class name\0"
|
||||||
|
@@ -6771,6 +6771,15 @@ for (;; ptr++)
|
||||||
|
for (i = 3;; i++) if (!IS_DIGIT(ptr[i])) break;
|
||||||
|
if (ptr[i] == CHAR_RIGHT_PARENTHESIS)
|
||||||
|
tempptr += i + 1;
|
||||||
|
+
|
||||||
|
+ /* tempptr should now be pointing to the opening parenthesis of the
|
||||||
|
+ assertion condition. */
|
||||||
|
+
|
||||||
|
+ if (*tempptr != CHAR_LEFT_PARENTHESIS)
|
||||||
|
+ {
|
||||||
|
+ *errorcodeptr = ERR28;
|
||||||
|
+ goto FAILED;
|
||||||
|
+ }
|
||||||
|
}
|
||||||
|
|
||||||
|
/* For conditions that are assertions, check the syntax, and then exit
|
||||||
|
diff --git a/testdata/testinput2 b/testdata/testinput2
|
||||||
|
index c805f5f..75e402e 100644
|
||||||
|
--- a/testdata/testinput2
|
||||||
|
+++ b/testdata/testinput2
|
||||||
|
@@ -4241,4 +4241,6 @@ backtracking verbs. --/
|
||||||
|
|
||||||
|
/((?J)(?'R'(?'R'(?'R'(?'R'(?'R'(?|(\k'R'))))))))/
|
||||||
|
|
||||||
|
+/\N(?(?C)0?!.)*/
|
||||||
|
+
|
||||||
|
/-- End of testinput2 --/
|
||||||
|
diff --git a/testdata/testoutput2 b/testdata/testoutput2
|
||||||
|
index 800a72f..5e88d1a 100644
|
||||||
|
--- a/testdata/testoutput2
|
||||||
|
+++ b/testdata/testoutput2
|
||||||
|
@@ -555,13 +555,13 @@ Failed: malformed number or name after (?( at offset 4
|
||||||
|
Failed: malformed number or name after (?( at offset 4
|
||||||
|
|
||||||
|
/(?(?i))/
|
||||||
|
-Failed: assertion expected after (?( at offset 3
|
||||||
|
+Failed: assertion expected after (?( or (?(?C) at offset 3
|
||||||
|
|
||||||
|
/(?(abc))/
|
||||||
|
Failed: reference to non-existent subpattern at offset 7
|
||||||
|
|
||||||
|
/(?(?<ab))/
|
||||||
|
-Failed: assertion expected after (?( at offset 3
|
||||||
|
+Failed: assertion expected after (?( or (?(?C) at offset 3
|
||||||
|
|
||||||
|
/((?s)blah)\s+\1/I
|
||||||
|
Capturing subpattern count = 1
|
||||||
|
@@ -7870,7 +7870,7 @@ No match
|
||||||
|
Failed: malformed number or name after (?( at offset 6
|
||||||
|
|
||||||
|
/(?(''))/
|
||||||
|
-Failed: assertion expected after (?( at offset 4
|
||||||
|
+Failed: assertion expected after (?( or (?(?C) at offset 4
|
||||||
|
|
||||||
|
/(?('R')stuff)/
|
||||||
|
Failed: reference to non-existent subpattern at offset 7
|
||||||
|
@@ -14346,7 +14346,7 @@ No match
|
||||||
|
"((?2)+)((?1))"
|
||||||
|
|
||||||
|
"(?(?<E>.*!.*)?)"
|
||||||
|
-Failed: assertion expected after (?( at offset 3
|
||||||
|
+Failed: assertion expected after (?( or (?(?C) at offset 3
|
||||||
|
|
||||||
|
"X((?2)()*+){2}+"BZ
|
||||||
|
------------------------------------------------------------------
|
||||||
|
@@ -14667,4 +14667,7 @@ No match
|
||||||
|
|
||||||
|
/((?J)(?'R'(?'R'(?'R'(?'R'(?'R'(?|(\k'R'))))))))/
|
||||||
|
|
||||||
|
+/\N(?(?C)0?!.)*/
|
||||||
|
+Failed: assertion expected after (?( or (?(?C) at offset 4
|
||||||
|
+
|
||||||
|
/-- End of testinput2 --/
|
||||||
|
--
|
||||||
|
2.5.0
|
||||||
|
|
10
pcre.spec
10
pcre.spec
@ -2,7 +2,7 @@
|
|||||||
#%%global rcversion RC1
|
#%%global rcversion RC1
|
||||||
Name: pcre
|
Name: pcre
|
||||||
Version: 8.38
|
Version: 8.38
|
||||||
Release: %{?rcversion:0.}8%{?rcversion:.%rcversion}%{?dist}
|
Release: %{?rcversion:0.}9%{?rcversion:.%rcversion}%{?dist}
|
||||||
%global myversion %{version}%{?rcversion:-%rcversion}
|
%global myversion %{version}%{?rcversion:-%rcversion}
|
||||||
Summary: Perl-compatible regular expression library
|
Summary: Perl-compatible regular expression library
|
||||||
Group: System Environment/Libraries
|
Group: System Environment/Libraries
|
||||||
@ -81,6 +81,9 @@ Patch14: pcre-8.38-Yet-another-duplicate-name-bugfix-by-overestimating-.patch
|
|||||||
# globally with an ovector less than 2, bug #1312786, upstream bug #1777,
|
# globally with an ovector less than 2, bug #1312786, upstream bug #1777,
|
||||||
# fixed in upstream after 8.38
|
# fixed in upstream after 8.38
|
||||||
Patch15: pcre-8.38-Fix-pcretest-loop-for-global-matching-with-an-ovecto.patch
|
Patch15: pcre-8.38-Fix-pcretest-loop-for-global-matching-with-an-ovecto.patch
|
||||||
|
# Fix a non-diagnosis of missing assection after (?(?C) that could corrupt
|
||||||
|
# process stack, upstream bug #1780, fixed in upstream after 8.38
|
||||||
|
Patch16: pcre-8.38-Fix-non-diagnosis-of-missing-assertion-after-C.patch
|
||||||
BuildRequires: readline-devel
|
BuildRequires: readline-devel
|
||||||
BuildRequires: autoconf
|
BuildRequires: autoconf
|
||||||
BuildRequires: automake
|
BuildRequires: automake
|
||||||
@ -145,6 +148,7 @@ Utilities demonstrating PCRE capabilities like pcregrep or pcretest.
|
|||||||
%patch13 -p1
|
%patch13 -p1
|
||||||
%patch14 -p1
|
%patch14 -p1
|
||||||
%patch15 -p1
|
%patch15 -p1
|
||||||
|
%patch16 -p1
|
||||||
# Because of rpath patch
|
# Because of rpath patch
|
||||||
libtoolize --copy --force
|
libtoolize --copy --force
|
||||||
autoreconf -vif
|
autoreconf -vif
|
||||||
@ -216,6 +220,10 @@ make %{?_smp_mflags} check VERBOSE=yes
|
|||||||
%{_mandir}/man1/pcretest.*
|
%{_mandir}/man1/pcretest.*
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Mon Feb 29 2016 Petr Pisar <ppisar@redhat.com> - 8.38-9
|
||||||
|
- Fix a non-diagnosis of missing assection after (?(?C) that could corrupt
|
||||||
|
process stack (upstream bug #1780)
|
||||||
|
|
||||||
* Mon Feb 29 2016 Petr Pisar <ppisar@redhat.com> - 8.38-8
|
* Mon Feb 29 2016 Petr Pisar <ppisar@redhat.com> - 8.38-8
|
||||||
- Fix CVE-2016-1283 (a heap buffer overflow in handling of nested duplicate
|
- Fix CVE-2016-1283 (a heap buffer overflow in handling of nested duplicate
|
||||||
named groups with a nested back reference) (bug #1295386)
|
named groups with a nested back reference) (bug #1295386)
|
||||||
|
Loading…
Reference in New Issue
Block a user