Fix a heap buffer overflow in pcretest causing infinite loop when matching globally with an ovector less than 2
This commit is contained in:
Petr Písař
parent
0e2bfdf9b8
commit
eabd8d5446
@ -0,0 +1,33 @@
|
|||||||
|
From 0fc2edb79b3815c6511fd75c36a57893e4acaee6 Mon Sep 17 00:00:00 2001
|
||||||
|
From: ph10 <ph10@2f5784b3-3f2a-0410-8824-cb99058d5e15>
|
||||||
|
Date: Sat, 27 Feb 2016 17:55:24 +0000
|
||||||
|
Subject: [PATCH] Fix pcretest loop for global matching with an ovector size
|
||||||
|
less than 2.
|
||||||
|
MIME-Version: 1.0
|
||||||
|
Content-Type: text/plain; charset=UTF-8
|
||||||
|
Content-Transfer-Encoding: 8bit
|
||||||
|
|
||||||
|
git-svn-id: svn://vcs.exim.org/pcre/code/trunk@1637 2f5784b3-3f2a-0410-8824-cb99058d5e15
|
||||||
|
|
||||||
|
Petr Písař: Ported to 8.38.
|
||||||
|
|
||||||
|
diff --git a/pcretest.c b/pcretest.c
|
||||||
|
index 63869fd..78ef517 100644
|
||||||
|
--- a/pcretest.c
|
||||||
|
+++ b/pcretest.c
|
||||||
|
@@ -5617,6 +5617,12 @@ while (!done)
|
||||||
|
break;
|
||||||
|
}
|
||||||
|
|
||||||
|
+ if (use_size_offsets < 2)
|
||||||
|
+ {
|
||||||
|
+ fprintf(outfile, "Cannot do global matching with an ovector size < 2\n");
|
||||||
|
+ break;
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
/* If we have matched an empty string, first check to see if we are at
|
||||||
|
the end of the subject. If so, the /g loop is over. Otherwise, mimic what
|
||||||
|
Perl's /g options does. This turns out to be rather cunning. First we set
|
||||||
|
--
|
||||||
|
2.5.0
|
||||||
|
|
||||||
@ -77,6 +77,10 @@ Patch13: pcre-8.38-Fix-workspace-overflow-for-ACCEPT-with-deeply-nested.patch
|
|||||||
# groups with a nested back reference), bug #1295386, upstream bug #1767,
|
# groups with a nested back reference), bug #1295386, upstream bug #1767,
|
||||||
# fixed in upstream after 8.38
|
# fixed in upstream after 8.38
|
||||||
Patch14: pcre-8.38-Yet-another-duplicate-name-bugfix-by-overestimating-.patch
|
Patch14: pcre-8.38-Yet-another-duplicate-name-bugfix-by-overestimating-.patch
|
||||||
|
# Fix a heap buffer overflow in pcretest causing infinite loop when matching
|
||||||
|
# globally with an ovector less than 2, bug #1312786, upstream bug #1777,
|
||||||
|
# fixed in upstream after 8.38
|
||||||
|
Patch15: pcre-8.38-Fix-pcretest-loop-for-global-matching-with-an-ovecto.patch
|
||||||
BuildRequires: readline-devel
|
BuildRequires: readline-devel
|
||||||
BuildRequires: autoconf
|
BuildRequires: autoconf
|
||||||
BuildRequires: automake
|
BuildRequires: automake
|
||||||
@ -140,6 +144,7 @@ Utilities demonstrating PCRE capabilities like pcregrep or pcretest.
|
|||||||
%patch12 -p1
|
%patch12 -p1
|
||||||
%patch13 -p1
|
%patch13 -p1
|
||||||
%patch14 -p1
|
%patch14 -p1
|
||||||
|
%patch15 -p1
|
||||||
# Because of rpath patch
|
# Because of rpath patch
|
||||||
libtoolize --copy --force
|
libtoolize --copy --force
|
||||||
autoreconf -vif
|
autoreconf -vif
|
||||||
@ -214,6 +219,8 @@ make %{?_smp_mflags} check VERBOSE=yes
|
|||||||
* Mon Feb 29 2016 Petr Pisar <ppisar@redhat.com> - 8.38-8
|
* Mon Feb 29 2016 Petr Pisar <ppisar@redhat.com> - 8.38-8
|
||||||
- Fix CVE-2016-1283 (a heap buffer overflow in handling of nested duplicate
|
- Fix CVE-2016-1283 (a heap buffer overflow in handling of nested duplicate
|
||||||
named groups with a nested back reference) (bug #1295386)
|
named groups with a nested back reference) (bug #1295386)
|
||||||
|
- Fix a heap buffer overflow in pcretest causing infinite loop when matching
|
||||||
|
globally with an ovector less than 2 (bug #1312786)
|
||||||
|
|
||||||
* Thu Feb 11 2016 Petr Pisar <ppisar@redhat.com> - 8.38-7
|
* Thu Feb 11 2016 Petr Pisar <ppisar@redhat.com> - 8.38-7
|
||||||
- Fix pcretest for expressions with a callout inside a look-behind assertion
|
- Fix pcretest for expressions with a callout inside a look-behind assertion
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user