From 4fe0d7c310697029e273ad522729bd911695f5f4 Mon Sep 17 00:00:00 2001 From: Petr Písař Date: Jan 30 2018 09:17:32 +0000 Subject: Fix out-of-bounds read for partial matching of /./ against an empty string when the newline type is CRLF --- diff --git a/pcre-8.41-Fix-out-of-bounds-read-for-partial-matching-of-.-aga.patch b/pcre-8.41-Fix-out-of-bounds-read-for-partial-matching-of-.-aga.patch new file mode 100644 index 0000000..35ec0a0 --- /dev/null +++ b/pcre-8.41-Fix-out-of-bounds-read-for-partial-matching-of-.-aga.patch @@ -0,0 +1,39 @@ +From 4ffc344ddf6246bf8d19c94c58af0853ae6768a7 Mon Sep 17 00:00:00 2001 +From: ph10 +Date: Mon, 29 Jan 2018 14:45:51 +0000 +Subject: [PATCH] Fix out-of-bounds read for partial matching of /./ against an + empty string when the newline type is CRLF. +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +git-svn-id: svn://vcs.exim.org/pcre/code/trunk@1723 2f5784b3-3f2a-0410-8824-cb99058d5e15 +Signed-off-by: Petr Písař +--- + pcre_exec.c | 4 ++-- + +diff --git a/pcre_exec.c b/pcre_exec.c +index 1a9bdd5..1993cb3 100644 +--- a/pcre_exec.c ++++ b/pcre_exec.c +@@ -6,7 +6,7 @@ + and semantics are as close as possible to those of the Perl 5 language. + + Written by Philip Hazel +- Copyright (c) 1997-2014 University of Cambridge ++ Copyright (c) 1997-2018 University of Cambridge + + ----------------------------------------------------------------------------- + Redistribution and use in source and binary forms, with or without +@@ -2305,7 +2305,7 @@ for (;;) + case OP_ANY: + if (IS_NEWLINE(eptr)) RRETURN(MATCH_NOMATCH); + if (md->partial != 0 && +- eptr + 1 >= md->end_subject && ++ eptr == md->end_subject - 1 && + NLBLOCK->nltype == NLTYPE_FIXED && + NLBLOCK->nllen == 2 && + UCHAR21TEST(eptr) == NLBLOCK->nl[0]) +-- +2.13.6 + diff --git a/pcre.spec b/pcre.spec index 3d024bd..34127fe 100644 --- a/pcre.spec +++ b/pcre.spec @@ -2,7 +2,7 @@ #%%global rcversion RC1 Name: pcre Version: 8.41 -Release: %{?rcversion:0.}4%{?rcversion:.%rcversion}%{?dist} +Release: %{?rcversion:0.}5%{?rcversion:.%rcversion}%{?dist} %global myversion %{version}%{?rcversion:-%rcversion} Summary: Perl-compatible regular expression library ## Source package only: @@ -47,6 +47,9 @@ Patch5: pcre-8.41-Change-pcregrep-linenumbers-and-counts-to-long-ints.patch # Fix incorrect first matching character when a backreference with zero minimum # repeat starts a pattern, upstream bug #2209, in upstream after 8.41 Patch6: pcre-8.41-Fix-wrong-first-character-when-a-backreference-with-.patch +# Fix out-of-bounds read for partial matching of /./ against an empty string +# when the newline type is CRLF, upstream bug #2226, in upstream after 8.41 +Patch7: pcre-8.41-Fix-out-of-bounds-read-for-partial-matching-of-.-aga.patch BuildRequires: readline-devel BuildRequires: autoconf BuildRequires: automake @@ -135,6 +138,7 @@ Utilities demonstrating PCRE capabilities like pcregrep or pcretest. %patch4 -p1 %patch5 -p1 %patch6 -p1 +%patch7 -p1 # Because of rpath patch libtoolize --copy --force autoreconf -vif @@ -236,6 +240,10 @@ make %{?_smp_mflags} check VERBOSE=yes %{_mandir}/man1/pcretest.* %changelog +* Tue Jan 30 2018 Petr Pisar - 8.41-5 +- Fix out-of-bounds read for partial matching of /./ against an empty string + when the newline type is CRLF (upstream bug #2226) + * Fri Jan 12 2018 Petr Pisar - 8.41-4 - Allow pcregrep match counter to handle values larger than 2147483647 (upstream bug #2208)