aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorGravatar Baruch Siach <baruch@tkos.co.il>2017-03-31 14:09:36 +0300
committerGravatar Peter Korsgaard <peter@korsgaard.com>2017-03-31 13:26:03 +0200
commit3143910eec12a5b23e853b3177bf316ac186b87a (patch)
treeecab109834d026c610aa0800aeef3ed033ad180f
parent26fb7c875853e0cc221d978537b257d70dc1c146 (diff)
downloadbuildroot-3143910eec12a5b23e853b3177bf316ac186b87a.tar.gz
buildroot-3143910eec12a5b23e853b3177bf316ac186b87a.tar.bz2
pcre: add upstream security fixes
Take Debian adapted patches of upstream. Fixes: CVE-2017-6004: crafted regular expression may cause denial of service CVE-2017-7186: invalid Unicode property lookup may cause denial of service Signed-off-by: Baruch Siach <baruch@tkos.co.il> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
-rw-r--r--package/pcre/0003-CVE-2017-6004.patch21
-rw-r--r--package/pcre/0004-CVE-2017-7186.patch60
2 files changed, 81 insertions, 0 deletions
diff --git a/package/pcre/0003-CVE-2017-6004.patch b/package/pcre/0003-CVE-2017-6004.patch
new file mode 100644
index 0000000000..d0b6d51ba7
--- /dev/null
+++ b/package/pcre/0003-CVE-2017-6004.patch
@@ -0,0 +1,21 @@
+Description: CVE-2017-6004: crafted regular expression may cause denial of service
+Origin: upstream, https://vcs.pcre.org/pcre/code/trunk/pcre_jit_compile.c?r1=1676&r2=1680&view=patch
+Bug: https://bugs.exim.org/show_bug.cgi?id=2035
+Bug-Debian: https://bugs.debian.org/855405
+Forwarded: not-needed
+Author: Salvatore Bonaccorso <carnil@debian.org>
+Last-Update: 2017-02-17
+
+Signed-off-by: Baruch Siach <baruch@tkos.co.il>
+
+--- a/pcre_jit_compile.c
++++ b/pcre_jit_compile.c
+@@ -8111,7 +8111,7 @@ if (opcode == OP_COND || opcode == OP_SC
+
+ if (*matchingpath == OP_FAIL)
+ stacksize = 0;
+- if (*matchingpath == OP_RREF)
++ else if (*matchingpath == OP_RREF)
+ {
+ stacksize = GET2(matchingpath, 1);
+ if (common->currententry == NULL)
diff --git a/package/pcre/0004-CVE-2017-7186.patch b/package/pcre/0004-CVE-2017-7186.patch
new file mode 100644
index 0000000000..980923ae4c
--- /dev/null
+++ b/package/pcre/0004-CVE-2017-7186.patch
@@ -0,0 +1,60 @@
+Description: Upstream fix for CVE-2017-7186 (Upstream rev 1688)
+ Fix Unicode property crash for 32-bit characters greater than 0x10ffff.
+Author: Matthew Vernon <matthew@debian.org>
+X-Dgit-Generated: 2:8.39-3 c4c2c7c4f74d53b263af2471d8e11db88096bd13
+
+Signed-off-by: Baruch Siach <baruch@tkos.co.il>
+---
+
+--- pcre3-8.39.orig/pcre_internal.h
++++ pcre3-8.39/pcre_internal.h
+@@ -2772,6 +2772,9 @@ extern const pcre_uint8 PRIV(ucd_stage1
+ extern const pcre_uint16 PRIV(ucd_stage2)[];
+ extern const pcre_uint32 PRIV(ucp_gentype)[];
+ extern const pcre_uint32 PRIV(ucp_gbtable)[];
++#ifdef COMPILE_PCRE32
++extern const ucd_record PRIV(dummy_ucd_record)[];
++#endif
+ #ifdef SUPPORT_JIT
+ extern const int PRIV(ucp_typerange)[];
+ #endif
+@@ -2780,9 +2783,15 @@ extern const int PRIV(ucp_typera
+ /* UCD access macros */
+
+ #define UCD_BLOCK_SIZE 128
+-#define GET_UCD(ch) (PRIV(ucd_records) + \
++#define REAL_GET_UCD(ch) (PRIV(ucd_records) + \
+ PRIV(ucd_stage2)[PRIV(ucd_stage1)[(int)(ch) / UCD_BLOCK_SIZE] * \
+ UCD_BLOCK_SIZE + (int)(ch) % UCD_BLOCK_SIZE])
++
++#ifdef COMPILE_PCRE32
++#define GET_UCD(ch) ((ch > 0x10ffff)? PRIV(dummy_ucd_record) : REAL_GET_UCD(ch))
++#else
++#define GET_UCD(ch) REAL_GET_UCD(ch)
++#endif
+
+ #define UCD_CHARTYPE(ch) GET_UCD(ch)->chartype
+ #define UCD_SCRIPT(ch) GET_UCD(ch)->script
+--- pcre3-8.39.orig/pcre_ucd.c
++++ pcre3-8.39/pcre_ucd.c
+@@ -38,6 +38,20 @@ const pcre_uint16 PRIV(ucd_stage2)[] = {
+ const pcre_uint32 PRIV(ucd_caseless_sets)[] = {0};
+ #else
+
++/* If the 32-bit library is run in non-32-bit mode, character values
++greater than 0x10ffff may be encountered. For these we set up a
++special record. */
++
++#ifdef COMPILE_PCRE32
++const ucd_record PRIV(dummy_ucd_record)[] = {{
++ ucp_Common, /* script */
++ ucp_Cn, /* type unassigned */
++ ucp_gbOther, /* grapheme break property */
++ 0, /* case set */
++ 0, /* other case */
++ }};
++#endif
++
+ /* When recompiling tables with a new Unicode version, please check the
+ types in this structure definition from pcre_internal.h (the actual
+ field names will be different):