pcre: add a patch fixing CVE-2014-8964
Patch taken from the Debian package. Signed-off-by: Baruch Siach <baruch@tkos.co.il> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
This commit is contained in:
Baruch Siach
Peter Korsgaard
parent
6fd86d80e2
commit
753a2937f6
25
package/pcre/0003-fix-CVE-2014-8964.patch
Normal file
25
package/pcre/0003-fix-CVE-2014-8964.patch
Normal file
|
|
@ -0,0 +1,25 @@
|
|||
Description: CVE-2014-8964, heap buffer overflow
|
||||
Heap buffer overflow if an assertion with a zero minimum repeat is used as
|
||||
the condition in a conditional group.
|
||||
Origin: upstream http://bugs.exim.org/show_bug.cgi?id=1546
|
||||
Bug: http://bugs.exim.org/show_bug.cgi?id=1546
|
||||
Applied-Upstream: Yes, after 8.36
|
||||
|
||||
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
|
||||
---
|
||||
This patch header follows DEP-3: http://dep.debian.net/deps/dep3/
|
||||
--- a/pcre_exec.c
|
||||
+++ b/pcre_exec.c
|
||||
@@ -1404,8 +1404,11 @@
|
||||
condition = TRUE;
|
||||
|
||||
/* Advance ecode past the assertion to the start of the first branch,
|
||||
- but adjust it so that the general choosing code below works. */
|
||||
+ but adjust it so that the general choosing code below works. If the
|
||||
+ assertion has a quantifier that allows zero repeats we must skip over
|
||||
+ the BRAZERO. This is a lunatic thing to do, but somebody did! */
|
||||
|
||||
+ if (*ecode == OP_BRAZERO) ecode++;
|
||||
ecode += GET(ecode, 1);
|
||||
while (*ecode == OP_ALT) ecode += GET(ecode, 1);
|
||||
ecode += 1 + LINK_SIZE - PRIV(OP_lengths)[condcode];
|
||||
Loading…
Reference in a new issue