From 656ff36b75f24b7f58cdc79362a8a975460fb1db Mon Sep 17 00:00:00 2001 From: Natanael Copa Date: Sun, 25 Jan 2015 10:30:30 +0000 Subject: main/pcre: security fix for CVE-2014-8964 ref #3731 --- main/pcre/CVE-2014-8964.patch | 68 +++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 68 insertions(+) create mode 100644 main/pcre/CVE-2014-8964.patch (limited to 'main/pcre/CVE-2014-8964.patch') diff --git a/main/pcre/CVE-2014-8964.patch b/main/pcre/CVE-2014-8964.patch new file mode 100644 index 0000000000..1fb303624d --- /dev/null +++ b/main/pcre/CVE-2014-8964.patch @@ -0,0 +1,68 @@ +From 48d2472840efc4dc54dfc698d64aa086332a9033 Mon Sep 17 00:00:00 2001 +From: ph10 +Date: Wed, 19 Nov 2014 20:57:13 +0000 +Subject: [PATCH] Fix zero-repeat assertion condition bug. +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +git-svn-id: svn://vcs.exim.org/pcre/code/trunk@1513 2f5784b3-3f2a-0410-8824-cb99058d5e15 +Signed-off-by: Petr Písař + +Petr Pisar: Ported to 8.36. + +diff --git a/pcre_exec.c b/pcre_exec.c +index fdf7067..bb5620d 100644 +--- a/pcre_exec.c ++++ b/pcre_exec.c +@@ -1404,8 +1404,11 @@ for (;;) + condition = TRUE; + + /* Advance ecode past the assertion to the start of the first branch, +- but adjust it so that the general choosing code below works. */ +- ++ but adjust it so that the general choosing code below works. If the ++ assertion has a quantifier that allows zero repeats we must skip over ++ the BRAZERO. This is a lunatic thing to do, but somebody did! */ ++ ++ if (*ecode == OP_BRAZERO) ecode++; + ecode += GET(ecode, 1); + while (*ecode == OP_ALT) ecode += GET(ecode, 1); + ecode += 1 + LINK_SIZE - PRIV(OP_lengths)[condcode]; +diff --git a/testdata/testinput2 b/testdata/testinput2 +index c6816bf..015422e 100644 +--- a/testdata/testinput2 ++++ b/testdata/testinput2 +@@ -4078,4 +4078,10 @@ backtracking verbs. --/ + + /\x{whatever}/ + ++"((?=(?(?=(?(?=(?(?=())))*)))))" ++ a ++ ++"(?(?=)?==)(((((((((?=)))))))))" ++ a ++ + /-- End of testinput2 --/ +diff --git a/testdata/testoutput2 b/testdata/testoutput2 +index 1e87026..9a1b14e 100644 +--- a/testdata/testoutput2 ++++ b/testdata/testoutput2 +@@ -14206,4 +14206,14 @@ Failed: digits missing in \x{} or \o{} at offset 3 + /\x{whatever}/ + Failed: non-hex character in \x{} (closing brace missing?) at offset 3 + ++"((?=(?(?=(?(?=(?(?=())))*)))))" ++ a ++ 0: ++ 1: ++ 2: ++ ++"(?(?=)?==)(((((((((?=)))))))))" ++ a ++No match ++ + /-- End of testinput2 --/ +-- +1.9.3 + -- cgit v1.2.3