aboutsummaryrefslogtreecommitdiff
path: root/package/pcre
diff options
context:
space:
mode:
authorGravatar Baruch Siach <baruch@tkos.co.il>2014-12-13 20:34:04 +0200
committerGravatar Peter Korsgaard <peter@korsgaard.com>2014-12-13 22:13:09 +0100
commit753a2937f663d6e7dc630319ae903dc595b0ddd9 (patch)
treea807b435d80e9e105684577223160669a24822fa /package/pcre
parent6fd86d80e2d2a842e398a8038655f8a38b255efd (diff)
downloadbuildroot-753a2937f663d6e7dc630319ae903dc595b0ddd9.tar.gz
buildroot-753a2937f663d6e7dc630319ae903dc595b0ddd9.tar.bz2
pcre: add a patch fixing CVE-2014-8964
Patch taken from the Debian package. Signed-off-by: Baruch Siach <baruch@tkos.co.il> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Diffstat (limited to 'package/pcre')
-rw-r--r--package/pcre/0003-fix-CVE-2014-8964.patch25
1 files changed, 25 insertions, 0 deletions
diff --git a/package/pcre/0003-fix-CVE-2014-8964.patch b/package/pcre/0003-fix-CVE-2014-8964.patch
new file mode 100644
index 0000000000..bfc586034e
--- /dev/null
+++ b/package/pcre/0003-fix-CVE-2014-8964.patch
@@ -0,0 +1,25 @@
+Description: CVE-2014-8964, heap buffer overflow
+ Heap buffer overflow if an assertion with a zero minimum repeat is used as
+ the condition in a conditional group.
+Origin: upstream http://bugs.exim.org/show_bug.cgi?id=1546
+Bug: http://bugs.exim.org/show_bug.cgi?id=1546
+Applied-Upstream: Yes, after 8.36
+
+Signed-off-by: Baruch Siach <baruch@tkos.co.il>
+---
+This patch header follows DEP-3: http://dep.debian.net/deps/dep3/
+--- a/pcre_exec.c
++++ b/pcre_exec.c
+@@ -1404,8 +1404,11 @@
+ condition = TRUE;
+
+ /* Advance ecode past the assertion to the start of the first branch,
+- but adjust it so that the general choosing code below works. */
++ but adjust it so that the general choosing code below works. If the
++ assertion has a quantifier that allows zero repeats we must skip over
++ the BRAZERO. This is a lunatic thing to do, but somebody did! */
+
++ if (*ecode == OP_BRAZERO) ecode++;
+ ecode += GET(ecode, 1);
+ while (*ecode == OP_ALT) ecode += GET(ecode, 1);
+ ecode += 1 + LINK_SIZE - PRIV(OP_lengths)[condcode];