From eabd8d5446c2f62f21d2c488c0644015e572997c Mon Sep 17 00:00:00 2001 From: Petr Písař Date: Feb 29 2016 12:27:49 +0000 Subject: Fix a heap buffer overflow in pcretest causing infinite loop when matching globally with an ovector less than 2 --- diff --git a/pcre-8.38-Fix-pcretest-loop-for-global-matching-with-an-ovecto.patch b/pcre-8.38-Fix-pcretest-loop-for-global-matching-with-an-ovecto.patch new file mode 100644 index 0000000..6cdb8c6 --- /dev/null +++ b/pcre-8.38-Fix-pcretest-loop-for-global-matching-with-an-ovecto.patch @@ -0,0 +1,33 @@ +From 0fc2edb79b3815c6511fd75c36a57893e4acaee6 Mon Sep 17 00:00:00 2001 +From: ph10 +Date: Sat, 27 Feb 2016 17:55:24 +0000 +Subject: [PATCH] Fix pcretest loop for global matching with an ovector size + less than 2. +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +git-svn-id: svn://vcs.exim.org/pcre/code/trunk@1637 2f5784b3-3f2a-0410-8824-cb99058d5e15 + +Petr Písař: Ported to 8.38. + +diff --git a/pcretest.c b/pcretest.c +index 63869fd..78ef517 100644 +--- a/pcretest.c ++++ b/pcretest.c +@@ -5617,6 +5617,12 @@ while (!done) + break; + } + ++ if (use_size_offsets < 2) ++ { ++ fprintf(outfile, "Cannot do global matching with an ovector size < 2\n"); ++ break; ++ } ++ + /* If we have matched an empty string, first check to see if we are at + the end of the subject. If so, the /g loop is over. Otherwise, mimic what + Perl's /g options does. This turns out to be rather cunning. First we set +-- +2.5.0 + diff --git a/pcre.spec b/pcre.spec index e4c18a8..42c7d83 100644 --- a/pcre.spec +++ b/pcre.spec @@ -77,6 +77,10 @@ Patch13: pcre-8.38-Fix-workspace-overflow-for-ACCEPT-with-deeply-nested.patch # groups with a nested back reference), bug #1295386, upstream bug #1767, # fixed in upstream after 8.38 Patch14: pcre-8.38-Yet-another-duplicate-name-bugfix-by-overestimating-.patch +# Fix a heap buffer overflow in pcretest causing infinite loop when matching +# globally with an ovector less than 2, bug #1312786, upstream bug #1777, +# fixed in upstream after 8.38 +Patch15: pcre-8.38-Fix-pcretest-loop-for-global-matching-with-an-ovecto.patch BuildRequires: readline-devel BuildRequires: autoconf BuildRequires: automake @@ -140,6 +144,7 @@ Utilities demonstrating PCRE capabilities like pcregrep or pcretest. %patch12 -p1 %patch13 -p1 %patch14 -p1 +%patch15 -p1 # Because of rpath patch libtoolize --copy --force autoreconf -vif @@ -214,6 +219,8 @@ make %{?_smp_mflags} check VERBOSE=yes * Mon Feb 29 2016 Petr Pisar - 8.38-8 - Fix CVE-2016-1283 (a heap buffer overflow in handling of nested duplicate named groups with a nested back reference) (bug #1295386) +- Fix a heap buffer overflow in pcretest causing infinite loop when matching + globally with an ovector less than 2 (bug #1312786) * Thu Feb 11 2016 Petr Pisar - 8.38-7 - Fix pcretest for expressions with a callout inside a look-behind assertion