21330611 problem in LIBRARY/PCRE
authorApril Chin <april.chin@oracle.com>
Mon, 29 Jun 2015 13:31:18 -0700
changeset 4558 12e319bad844
parent 4555 06361ec5b84f
child 4559 b8f0fb772f16
21330611 problem in LIBRARY/PCRE
components/pcre/patches/06-CVE-2015-5073.patch
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/components/pcre/patches/06-CVE-2015-5073.patch	Mon Jun 29 13:31:18 2015 -0700
@@ -0,0 +1,50 @@
+Patch from upstream:
+http://vcs.pcre.org/pcre?view=revision&revision=1571
+to fix CVE-2015-5073 for this upstream bug
+https://bugs.exim.org/show_bug.cgi?id=1651
+
+This patch may be removed when pcre is upgraded from version 8.37
+
+--- pcre-8.37-orig/ChangeLog	2015-06-29 09:12:15.694261234 -0700
++++ pcre-8.37/ChangeLog	2015-06-29 09:29:45.739958088 -0700
[email protected]@ -27,6 +27,10 @@ Changes since Version 8.37
+     an empty string was repeated, it was not identified as matching an empty
+     string itself. For example: /^(?:(?(1)x|)+)+$()/.
+ 
++6.  A pattern with an unmatched closing parenthesis that contained a backward 
++    assertion which itself contained a forward reference caused buffer 
++    overflow. And example pattern is: /(?=di(?<=(?1))|(?=(.))))/.
++
+ 
+ Version 8.37 28-April-2015
+ --------------------------
+--- pcre-8.37-orig/pcre_compile.c	2015-06-29 09:12:15.695805136 -0700
++++ pcre-8.37/pcre_compile.c	2015-06-29 09:17:13.527304409 -0700
[email protected]@ -9406,7 +9406,7 @@ OP_RECURSE that are not fixed length get
+ exceptional ones forgo this. We scan the pattern to check that they are fixed
+ length, and set their lengths. */
+ 
+-if (cd->check_lookbehind)
++if (errorcode == 0 && cd->check_lookbehind)
+   {
+   pcre_uchar *cc = (pcre_uchar *)codestart;
+ 
+--- pcre-8.37-orig/testdata/testinput2	2015-06-29 09:12:15.696414562 -0700
++++ pcre-8.37/testdata/testinput2	2015-06-29 09:24:55.146760633 -0700
[email protected]@ -4170,4 +4170,6 @@ backtracking verbs. --/
+ 
+ /^(?:(?(1)x|)+)+$()/BZ
+ 
++/(?=di(?<=(?1))|(?=(.))))/
++
+ /-- End of testinput2 --/
+--- pcre-8.37-orig/testdata/testoutput2	2015-06-29 09:12:15.698016242 -0700
++++ pcre-8.37/testdata/testoutput2	2015-06-29 09:26:11.171270088 -0700
[email protected]@ -14474,4 +14474,7 @@ Failed: reference to non-existent subpat
+         End
+ ------------------------------------------------------------------
+ 
++/(?=di(?<=(?1))|(?=(.))))/
++Failed: unmatched parentheses at offset 23
++
+ /-- End of testinput2 --/