Mercurial Mercurial > upstream > oracle > userland-gate / file revision
summary | shortlog | changelog | graph | tags | bookmarks | branches | files | changeset | file | latest | revisions | annotate | diff | comparison | raw | help
Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
components/pcre/patches/04-pcre_compile.c.patch
author Drew Fisher <drew.fisher@oracle.com>
Thu, 29 Sep 2016 08:21:19 -0700
branchs11u3-sru
changeset 7115 0c932cebfc40
parent 5552 4e17dd2a1b16
permissions -rw-r--r--
24737607 problem in PYTHON-MOD/DJANGO

This patch fixes CVE-2016-1283, filed upstream as:

  https://bugs.exim.org/show_bug.cgi?id=1767

See also:

  http://www.cvedetails.com/cve-details.php?t=1&cve_id=cve-2016-1283

This problem has already been fixed upstream in the svn code repository at:

  svn://vcs.exim.org/pcre/code/trunk

--- pcre-8.38/pcre_compile.c.orig	2016-03-02 10:28:48.735223798 -0800
+++ pcre-8.38/pcre_compile.c	2016-03-02 10:30:50.856995461 -0800
@@ -7274,7 +7274,12 @@
           so far in order to get the number. If the name is not found, leave
           the value of recno as 0 for a forward reference. */
 
-          else
+          /* This patch (removing "else") fixes a problem when a reference is
+          to multiple identically named nested groups from within the nest.
+          Once again, it is not the "proper" fix, and it results in an
+          over-allocation of memory. */
+
+          /* else */
             {
             ng = cd->named_groups;
             for (i = 0; i < cd->names_found; i++, ng++)
upstream/oracle/userland-gate