author | April Chin <april.chin@oracle.com> |
Fri, 10 Jul 2015 08:56:04 -0700 | |
branch | s11u2-sru |
changeset 4620 | e3a4a6201724 |
permissions | -rw-r--r-- |
4620
e3a4a6201724
21290075 update pcre to version 8.37
April Chin <april.chin@oracle.com>
parents:
diff
changeset
|
1 |
Patch from upstream: |
e3a4a6201724
21290075 update pcre to version 8.37
April Chin <april.chin@oracle.com>
parents:
diff
changeset
|
2 |
http://vcs.pcre.org/pcre?view=revision&revision=1571 |
e3a4a6201724
21290075 update pcre to version 8.37
April Chin <april.chin@oracle.com>
parents:
diff
changeset
|
3 |
to fix CVE-2015-5073 for this upstream bug |
e3a4a6201724
21290075 update pcre to version 8.37
April Chin <april.chin@oracle.com>
parents:
diff
changeset
|
4 |
https://bugs.exim.org/show_bug.cgi?id=1651 |
e3a4a6201724
21290075 update pcre to version 8.37
April Chin <april.chin@oracle.com>
parents:
diff
changeset
|
5 |
|
e3a4a6201724
21290075 update pcre to version 8.37
April Chin <april.chin@oracle.com>
parents:
diff
changeset
|
6 |
This patch may be removed when pcre is upgraded from version 8.37 |
e3a4a6201724
21290075 update pcre to version 8.37
April Chin <april.chin@oracle.com>
parents:
diff
changeset
|
7 |
|
e3a4a6201724
21290075 update pcre to version 8.37
April Chin <april.chin@oracle.com>
parents:
diff
changeset
|
8 |
--- pcre-8.37-orig/ChangeLog 2015-06-29 09:12:15.694261234 -0700 |
e3a4a6201724
21290075 update pcre to version 8.37
April Chin <april.chin@oracle.com>
parents:
diff
changeset
|
9 |
+++ pcre-8.37/ChangeLog 2015-06-29 09:29:45.739958088 -0700 |
e3a4a6201724
21290075 update pcre to version 8.37
April Chin <april.chin@oracle.com>
parents:
diff
changeset
|
10 |
@@ -27,6 +27,10 @@ Changes since Version 8.37 |
e3a4a6201724
21290075 update pcre to version 8.37
April Chin <april.chin@oracle.com>
parents:
diff
changeset
|
11 |
an empty string was repeated, it was not identified as matching an empty |
e3a4a6201724
21290075 update pcre to version 8.37
April Chin <april.chin@oracle.com>
parents:
diff
changeset
|
12 |
string itself. For example: /^(?:(?(1)x|)+)+$()/. |
e3a4a6201724
21290075 update pcre to version 8.37
April Chin <april.chin@oracle.com>
parents:
diff
changeset
|
13 |
|
e3a4a6201724
21290075 update pcre to version 8.37
April Chin <april.chin@oracle.com>
parents:
diff
changeset
|
14 |
+6. A pattern with an unmatched closing parenthesis that contained a backward |
e3a4a6201724
21290075 update pcre to version 8.37
April Chin <april.chin@oracle.com>
parents:
diff
changeset
|
15 |
+ assertion which itself contained a forward reference caused buffer |
e3a4a6201724
21290075 update pcre to version 8.37
April Chin <april.chin@oracle.com>
parents:
diff
changeset
|
16 |
+ overflow. And example pattern is: /(?=di(?<=(?1))|(?=(.))))/. |
e3a4a6201724
21290075 update pcre to version 8.37
April Chin <april.chin@oracle.com>
parents:
diff
changeset
|
17 |
+ |
e3a4a6201724
21290075 update pcre to version 8.37
April Chin <april.chin@oracle.com>
parents:
diff
changeset
|
18 |
|
e3a4a6201724
21290075 update pcre to version 8.37
April Chin <april.chin@oracle.com>
parents:
diff
changeset
|
19 |
Version 8.37 28-April-2015 |
e3a4a6201724
21290075 update pcre to version 8.37
April Chin <april.chin@oracle.com>
parents:
diff
changeset
|
20 |
-------------------------- |
e3a4a6201724
21290075 update pcre to version 8.37
April Chin <april.chin@oracle.com>
parents:
diff
changeset
|
21 |
--- pcre-8.37-orig/pcre_compile.c 2015-06-29 09:12:15.695805136 -0700 |
e3a4a6201724
21290075 update pcre to version 8.37
April Chin <april.chin@oracle.com>
parents:
diff
changeset
|
22 |
+++ pcre-8.37/pcre_compile.c 2015-06-29 09:17:13.527304409 -0700 |
e3a4a6201724
21290075 update pcre to version 8.37
April Chin <april.chin@oracle.com>
parents:
diff
changeset
|
23 |
@@ -9406,7 +9406,7 @@ OP_RECURSE that are not fixed length get |
e3a4a6201724
21290075 update pcre to version 8.37
April Chin <april.chin@oracle.com>
parents:
diff
changeset
|
24 |
exceptional ones forgo this. We scan the pattern to check that they are fixed |
e3a4a6201724
21290075 update pcre to version 8.37
April Chin <april.chin@oracle.com>
parents:
diff
changeset
|
25 |
length, and set their lengths. */ |
e3a4a6201724
21290075 update pcre to version 8.37
April Chin <april.chin@oracle.com>
parents:
diff
changeset
|
26 |
|
e3a4a6201724
21290075 update pcre to version 8.37
April Chin <april.chin@oracle.com>
parents:
diff
changeset
|
27 |
-if (cd->check_lookbehind) |
e3a4a6201724
21290075 update pcre to version 8.37
April Chin <april.chin@oracle.com>
parents:
diff
changeset
|
28 |
+if (errorcode == 0 && cd->check_lookbehind) |
e3a4a6201724
21290075 update pcre to version 8.37
April Chin <april.chin@oracle.com>
parents:
diff
changeset
|
29 |
{ |
e3a4a6201724
21290075 update pcre to version 8.37
April Chin <april.chin@oracle.com>
parents:
diff
changeset
|
30 |
pcre_uchar *cc = (pcre_uchar *)codestart; |
e3a4a6201724
21290075 update pcre to version 8.37
April Chin <april.chin@oracle.com>
parents:
diff
changeset
|
31 |
|
e3a4a6201724
21290075 update pcre to version 8.37
April Chin <april.chin@oracle.com>
parents:
diff
changeset
|
32 |
--- pcre-8.37-orig/testdata/testinput2 2015-06-29 09:12:15.696414562 -0700 |
e3a4a6201724
21290075 update pcre to version 8.37
April Chin <april.chin@oracle.com>
parents:
diff
changeset
|
33 |
+++ pcre-8.37/testdata/testinput2 2015-06-29 09:24:55.146760633 -0700 |
e3a4a6201724
21290075 update pcre to version 8.37
April Chin <april.chin@oracle.com>
parents:
diff
changeset
|
34 |
@@ -4170,4 +4170,6 @@ backtracking verbs. --/ |
e3a4a6201724
21290075 update pcre to version 8.37
April Chin <april.chin@oracle.com>
parents:
diff
changeset
|
35 |
|
e3a4a6201724
21290075 update pcre to version 8.37
April Chin <april.chin@oracle.com>
parents:
diff
changeset
|
36 |
/^(?:(?(1)x|)+)+$()/BZ |
e3a4a6201724
21290075 update pcre to version 8.37
April Chin <april.chin@oracle.com>
parents:
diff
changeset
|
37 |
|
e3a4a6201724
21290075 update pcre to version 8.37
April Chin <april.chin@oracle.com>
parents:
diff
changeset
|
38 |
+/(?=di(?<=(?1))|(?=(.))))/ |
e3a4a6201724
21290075 update pcre to version 8.37
April Chin <april.chin@oracle.com>
parents:
diff
changeset
|
39 |
+ |
e3a4a6201724
21290075 update pcre to version 8.37
April Chin <april.chin@oracle.com>
parents:
diff
changeset
|
40 |
/-- End of testinput2 --/ |
e3a4a6201724
21290075 update pcre to version 8.37
April Chin <april.chin@oracle.com>
parents:
diff
changeset
|
41 |
--- pcre-8.37-orig/testdata/testoutput2 2015-06-29 09:12:15.698016242 -0700 |
e3a4a6201724
21290075 update pcre to version 8.37
April Chin <april.chin@oracle.com>
parents:
diff
changeset
|
42 |
+++ pcre-8.37/testdata/testoutput2 2015-06-29 09:26:11.171270088 -0700 |
e3a4a6201724
21290075 update pcre to version 8.37
April Chin <april.chin@oracle.com>
parents:
diff
changeset
|
43 |
@@ -14474,4 +14474,7 @@ Failed: reference to non-existent subpat |
e3a4a6201724
21290075 update pcre to version 8.37
April Chin <april.chin@oracle.com>
parents:
diff
changeset
|
44 |
End |
e3a4a6201724
21290075 update pcre to version 8.37
April Chin <april.chin@oracle.com>
parents:
diff
changeset
|
45 |
------------------------------------------------------------------ |
e3a4a6201724
21290075 update pcre to version 8.37
April Chin <april.chin@oracle.com>
parents:
diff
changeset
|
46 |
|
e3a4a6201724
21290075 update pcre to version 8.37
April Chin <april.chin@oracle.com>
parents:
diff
changeset
|
47 |
+/(?=di(?<=(?1))|(?=(.))))/ |
e3a4a6201724
21290075 update pcre to version 8.37
April Chin <april.chin@oracle.com>
parents:
diff
changeset
|
48 |
+Failed: unmatched parentheses at offset 23 |
e3a4a6201724
21290075 update pcre to version 8.37
April Chin <april.chin@oracle.com>
parents:
diff
changeset
|
49 |
+ |
e3a4a6201724
21290075 update pcre to version 8.37
April Chin <april.chin@oracle.com>
parents:
diff
changeset
|
50 |
/-- End of testinput2 --/ |