Mercurial Mercurial > upstream > oracle > userland-gate / comparison
summary | shortlog | changelog | graph | tags | bookmarks | branches | files | changeset | file | latest | revisions | annotate | diff | comparison | raw | help
Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
components/pcre/patches/06-CVE-2015-5073.patch
changeset 4558 12e319bad844
equal deleted inserted replaced
4555:06361ec5b84f 4558:12e319bad844 
       
     1 Patch from upstream:
 
       
     2 http://vcs.pcre.org/pcre?view=revision&revision=1571
 
       
     3 to fix CVE-2015-5073 for this upstream bug
 
       
     4 https://bugs.exim.org/show_bug.cgi?id=1651
 
       
     5 
       
     6 This patch may be removed when pcre is upgraded from version 8.37
 
       
     7 
       
     8 --- pcre-8.37-orig/ChangeLog	2015-06-29 09:12:15.694261234 -0700
 
       
     9 +++ pcre-8.37/ChangeLog	2015-06-29 09:29:45.739958088 -0700
 
       
    10 @@ -27,6 +27,10 @@ Changes since Version 8.37
 
       
    11      an empty string was repeated, it was not identified as matching an empty
 
       
    12      string itself. For example: /^(?:(?(1)x|)+)+$()/.
 
       
    13  
       
    14 +6.  A pattern with an unmatched closing parenthesis that contained a backward 
       
    15 +    assertion which itself contained a forward reference caused buffer 
       
    16 +    overflow. And example pattern is: /(?=di(?<=(?1))|(?=(.))))/.
 
       
    17 +
 
       
    18  
       
    19  Version 8.37 28-April-2015
 
       
    20  --------------------------
 
       
    21 --- pcre-8.37-orig/pcre_compile.c	2015-06-29 09:12:15.695805136 -0700
 
       
    22 +++ pcre-8.37/pcre_compile.c	2015-06-29 09:17:13.527304409 -0700
 
       
    23 @@ -9406,7 +9406,7 @@ OP_RECURSE that are not fixed length get
 
       
    24  exceptional ones forgo this. We scan the pattern to check that they are fixed
 
       
    25  length, and set their lengths. */
 
       
    26  
       
    27 -if (cd->check_lookbehind)
 
       
    28 +if (errorcode == 0 && cd->check_lookbehind)
 
       
    29    {
 
       
    30    pcre_uchar *cc = (pcre_uchar *)codestart;
 
       
    31  
       
    32 --- pcre-8.37-orig/testdata/testinput2	2015-06-29 09:12:15.696414562 -0700
 
       
    33 +++ pcre-8.37/testdata/testinput2	2015-06-29 09:24:55.146760633 -0700
 
       
    34 @@ -4170,4 +4170,6 @@ backtracking verbs. --/
 
       
    35  
       
    36  /^(?:(?(1)x|)+)+$()/BZ
 
       
    37  
       
    38 +/(?=di(?<=(?1))|(?=(.))))/
 
       
    39 +
 
       
    40  /-- End of testinput2 --/
 
       
    41 --- pcre-8.37-orig/testdata/testoutput2	2015-06-29 09:12:15.698016242 -0700
 
       
    42 +++ pcre-8.37/testdata/testoutput2	2015-06-29 09:26:11.171270088 -0700
 
       
    43 @@ -14474,4 +14474,7 @@ Failed: reference to non-existent subpat
 
       
    44          End
 
       
    45  ------------------------------------------------------------------
 
       
    46  
       
    47 +/(?=di(?<=(?1))|(?=(.))))/
 
       
    48 +Failed: unmatched parentheses at offset 23
 
       
    49 +
 
       
    50  /-- End of testinput2 --/
upstream/oracle/userland-gate