rpms/pcre
6
0
Fork 0
Code Issues Pull Requests Releases Activity

Fix a non-diagnosis of missing assection after (?(?C) that could corrupt process stack

Browse Source
This commit is contained in:
Petr Písař 2016-02-29 13:59:32 +01:00
parent eabd8d5446
commit 973bc3361d
2 changed files with 110 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

101
pcre-8.38-Fix-non-diagnosis-of-missing-assertion-after-C.patch Normal file
View File

@ -0,0 +1,101 @@
From b3db1b7de5cfaa026ec2bc4a393129461a0f5c57 Mon Sep 17 00:00:00 2001
From: ph10 <ph10@2f5784b3-3f2a-0410-8824-cb99058d5e15>
Date: Sat, 27 Feb 2016 18:44:41 +0000
Subject: [PATCH] Fix non-diagnosis of missing assertion after (?(?C).
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
git-svn-id: svn://vcs.exim.org/pcre/code/trunk@1638 2f5784b3-3f2a-0410-8824-cb99058d5e15
Petr Písař: Ported to 8.38.
diff --git a/pcre_compile.c b/pcre_compile.c
index 4ffea0c..254c629 100644
--- a/pcre_compile.c
+++ b/pcre_compile.c
@@ -485,7 +485,7 @@ static const char error_texts[] =
"lookbehind assertion is not fixed length\0"
"malformed number or name after (?(\0"
"conditional group contains more than two branches\0"
- "assertion expected after (?(\0"
+ "assertion expected after (?( or (?(?C)\0"
"(?R or (?[+-]digits must be followed by )\0"
/* 30 */
"unknown POSIX class name\0"
@@ -6771,6 +6771,15 @@ for (;; ptr++)
for (i = 3;; i++) if (!IS_DIGIT(ptr[i])) break;
if (ptr[i] == CHAR_RIGHT_PARENTHESIS)
tempptr += i + 1;
+
+ /* tempptr should now be pointing to the opening parenthesis of the
+ assertion condition. */
+
+ if (*tempptr != CHAR_LEFT_PARENTHESIS)
+ {
+ *errorcodeptr = ERR28;
+ goto FAILED;
+ }
}
/* For conditions that are assertions, check the syntax, and then exit
diff --git a/testdata/testinput2 b/testdata/testinput2
index c805f5f..75e402e 100644
--- a/testdata/testinput2
+++ b/testdata/testinput2
@@ -4241,4 +4241,6 @@ backtracking verbs. --/
/((?J)(?'R'(?'R'(?'R'(?'R'(?'R'(?|(\k'R'))))))))/
+/\N(?(?C)0?!.)*/
+
/-- End of testinput2 --/
diff --git a/testdata/testoutput2 b/testdata/testoutput2
index 800a72f..5e88d1a 100644
--- a/testdata/testoutput2
+++ b/testdata/testoutput2
@@ -555,13 +555,13 @@ Failed: malformed number or name after (?( at offset 4
Failed: malformed number or name after (?( at offset 4
/(?(?i))/
-Failed: assertion expected after (?( at offset 3
+Failed: assertion expected after (?( or (?(?C) at offset 3
/(?(abc))/
Failed: reference to non-existent subpattern at offset 7
/(?(?<ab))/
-Failed: assertion expected after (?( at offset 3
+Failed: assertion expected after (?( or (?(?C) at offset 3
/((?s)blah)\s+\1/I
Capturing subpattern count = 1
@@ -7870,7 +7870,7 @@ No match
Failed: malformed number or name after (?( at offset 6
/(?(''))/
-Failed: assertion expected after (?( at offset 4
+Failed: assertion expected after (?( or (?(?C) at offset 4
/(?('R')stuff)/
Failed: reference to non-existent subpattern at offset 7
@@ -14346,7 +14346,7 @@ No match
"((?2)+)((?1))"
"(?(?<E>.*!.*)?)"
-Failed: assertion expected after (?( at offset 3
+Failed: assertion expected after (?( or (?(?C) at offset 3
"X((?2)()*+){2}+"BZ
------------------------------------------------------------------
@@ -14667,4 +14667,7 @@ No match
/((?J)(?'R'(?'R'(?'R'(?'R'(?'R'(?|(\k'R'))))))))/
+/\N(?(?C)0?!.)*/
+Failed: assertion expected after (?( or (?(?C) at offset 4
+
/-- End of testinput2 --/
--
2.5.0

10
pcre.spec
View File

@ -2,7 +2,7 @@
#%%global rcversion RC1 #%%global rcversion RC1
Name: pcre Name: pcre
Version: 8.38 Version: 8.38
Release: %{?rcversion:0.}8%{?rcversion:.%rcversion}%{?dist} Release: %{?rcversion:0.}9%{?rcversion:.%rcversion}%{?dist}
%global myversion %{version}%{?rcversion:-%rcversion} %global myversion %{version}%{?rcversion:-%rcversion}
Summary: Perl-compatible regular expression library Summary: Perl-compatible regular expression library
Group: System Environment/Libraries Group: System Environment/Libraries
@ -81,6 +81,9 @@ Patch14: pcre-8.38-Yet-another-duplicate-name-bugfix-by-overestimating-.patch
# globally with an ovector less than 2, bug #1312786, upstream bug #1777, # globally with an ovector less than 2, bug #1312786, upstream bug #1777,
# fixed in upstream after 8.38 # fixed in upstream after 8.38
Patch15: pcre-8.38-Fix-pcretest-loop-for-global-matching-with-an-ovecto.patch Patch15: pcre-8.38-Fix-pcretest-loop-for-global-matching-with-an-ovecto.patch
# Fix a non-diagnosis of missing assection after (?(?C) that could corrupt
# process stack, upstream bug #1780, fixed in upstream after 8.38
Patch16: pcre-8.38-Fix-non-diagnosis-of-missing-assertion-after-C.patch
BuildRequires: readline-devel BuildRequires: readline-devel
BuildRequires: autoconf BuildRequires: autoconf
BuildRequires: automake BuildRequires: automake
@ -145,6 +148,7 @@ Utilities demonstrating PCRE capabilities like pcregrep or pcretest.
%patch13 -p1 %patch13 -p1
%patch14 -p1 %patch14 -p1
%patch15 -p1 %patch15 -p1
%patch16 -p1
# Because of rpath patch # Because of rpath patch
libtoolize --copy --force libtoolize --copy --force
autoreconf -vif autoreconf -vif
@ -216,6 +220,10 @@ make %{?_smp_mflags} check VERBOSE=yes
%{_mandir}/man1/pcretest.* %{_mandir}/man1/pcretest.*
%changelog %changelog
* Mon Feb 29 2016 Petr Pisar <ppisar@redhat.com> - 8.38-9
- Fix a non-diagnosis of missing assection after (?(?C) that could corrupt
process stack (upstream bug #1780)
* Mon Feb 29 2016 Petr Pisar <ppisar@redhat.com> - 8.38-8 * Mon Feb 29 2016 Petr Pisar <ppisar@redhat.com> - 8.38-8
- Fix CVE-2016-1283 (a heap buffer overflow in handling of nested duplicate - Fix CVE-2016-1283 (a heap buffer overflow in handling of nested duplicate
named groups with a nested back reference) (bug #1295386) named groups with a nested back reference) (bug #1295386)