a7681d29dc
* gnu/packages/pcre.scm (pcre)[replacement]: New field. (pcre-fixed): New variable. * gnu/packages/patches/pcre-CVE-2016-3191.patch: New file. * gnu-system.am (dist_patch_DATA): Add it.
151 lines
7.4 KiB
Diff
151 lines
7.4 KiB
Diff
Fix for CVE-2016-3191.
|
|
See <https://bugzilla.redhat.com/show_bug.cgi?id=1311503>.
|
|
This is svn r1631 at <svn://vcs.exim.org/pcre/code>.
|
|
|
|
Index: trunk/testdata/testoutput11-16
|
|
===================================================================
|
|
--- trunk/testdata/testoutput11-16 (revision 1630)
|
|
+++ trunk/testdata/testoutput11-16 (revision 1631)
|
|
@@ -765,4 +765,7 @@
|
|
25 End
|
|
------------------------------------------------------------------
|
|
|
|
+/([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00](*ACCEPT)/
|
|
+Failed: regular expression is too complicated at offset 490
|
|
+
|
|
/-- End of testinput11 --/
|
|
Index: trunk/testdata/testinput11
|
|
===================================================================
|
|
--- trunk/testdata/testinput11 (revision 1630)
|
|
+++ trunk/testdata/testinput11 (revision 1631)
|
|
@@ -138,4 +138,6 @@
|
|
|
|
/.((?2)(?R)\1)()/B
|
|
|
|
+/([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00](*ACCEPT)/
|
|
+
|
|
/-- End of testinput11 --/
|
|
Index: trunk/testdata/testoutput11-8
|
|
===================================================================
|
|
--- trunk/testdata/testoutput11-8 (revision 1630)
|
|
+++ trunk/testdata/testoutput11-8 (revision 1631)
|
|
@@ -765,4 +765,7 @@
|
|
38 End
|
|
------------------------------------------------------------------
|
|
|
|
+/([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00](*ACCEPT)/
|
|
+Failed: missing ) at offset 509
|
|
+
|
|
/-- End of testinput11 --/
|
|
Index: trunk/testdata/testoutput11-32
|
|
===================================================================
|
|
--- trunk/testdata/testoutput11-32 (revision 1630)
|
|
+++ trunk/testdata/testoutput11-32 (revision 1631)
|
|
@@ -765,4 +765,7 @@
|
|
25 End
|
|
------------------------------------------------------------------
|
|
|
|
+/([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00](*ACCEPT)/
|
|
+Failed: missing ) at offset 509
|
|
+
|
|
/-- End of testinput11 --/
|
|
Index: trunk/pcre_internal.h
|
|
===================================================================
|
|
--- trunk/pcre_internal.h (revision 1630)
|
|
+++ trunk/pcre_internal.h (revision 1631)
|
|
@@ -7,7 +7,7 @@
|
|
and semantics are as close as possible to those of the Perl 5 language.
|
|
|
|
Written by Philip Hazel
|
|
- Copyright (c) 1997-2014 University of Cambridge
|
|
+ Copyright (c) 1997-2016 University of Cambridge
|
|
|
|
-----------------------------------------------------------------------------
|
|
Redistribution and use in source and binary forms, with or without
|
|
@@ -2289,7 +2289,7 @@
|
|
ERR50, ERR51, ERR52, ERR53, ERR54, ERR55, ERR56, ERR57, ERR58, ERR59,
|
|
ERR60, ERR61, ERR62, ERR63, ERR64, ERR65, ERR66, ERR67, ERR68, ERR69,
|
|
ERR70, ERR71, ERR72, ERR73, ERR74, ERR75, ERR76, ERR77, ERR78, ERR79,
|
|
- ERR80, ERR81, ERR82, ERR83, ERR84, ERR85, ERR86, ERRCOUNT };
|
|
+ ERR80, ERR81, ERR82, ERR83, ERR84, ERR85, ERR86, ERR87, ERRCOUNT };
|
|
|
|
/* JIT compiling modes. The function list is indexed by them. */
|
|
|
|
Index: trunk/pcre_compile.c
|
|
===================================================================
|
|
--- trunk/pcre_compile.c (revision 1630)
|
|
+++ trunk/pcre_compile.c (revision 1631)
|
|
@@ -6,7 +6,7 @@
|
|
and semantics are as close as possible to those of the Perl 5 language.
|
|
|
|
Written by Philip Hazel
|
|
- Copyright (c) 1997-2014 University of Cambridge
|
|
+ Copyright (c) 1997-2016 University of Cambridge
|
|
|
|
-----------------------------------------------------------------------------
|
|
Redistribution and use in source and binary forms, with or without
|
|
@@ -560,6 +560,7 @@
|
|
/* 85 */
|
|
"parentheses are too deeply nested (stack check)\0"
|
|
"digits missing in \\x{} or \\o{}\0"
|
|
+ "regular expression is too complicated\0"
|
|
;
|
|
|
|
/* Table to identify digits and hex digits. This is used when compiling
|
|
@@ -4591,7 +4592,8 @@
|
|
if (code > cd->start_workspace + cd->workspace_size -
|
|
WORK_SIZE_SAFETY_MARGIN) /* Check for overrun */
|
|
{
|
|
- *errorcodeptr = ERR52;
|
|
+ *errorcodeptr = (code >= cd->start_workspace + cd->workspace_size)?
|
|
+ ERR52 : ERR87;
|
|
goto FAILED;
|
|
}
|
|
|
|
@@ -6626,8 +6628,21 @@
|
|
cd->had_accept = TRUE;
|
|
for (oc = cd->open_caps; oc != NULL; oc = oc->next)
|
|
{
|
|
- *code++ = OP_CLOSE;
|
|
- PUT2INC(code, 0, oc->number);
|
|
+ if (lengthptr != NULL)
|
|
+ {
|
|
+#ifdef COMPILE_PCRE8
|
|
+ *lengthptr += 1 + IMM2_SIZE;
|
|
+#elif defined COMPILE_PCRE16
|
|
+ *lengthptr += 2 + IMM2_SIZE;
|
|
+#elif defined COMPILE_PCRE32
|
|
+ *lengthptr += 4 + IMM2_SIZE;
|
|
+#endif
|
|
+ }
|
|
+ else
|
|
+ {
|
|
+ *code++ = OP_CLOSE;
|
|
+ PUT2INC(code, 0, oc->number);
|
|
+ }
|
|
}
|
|
setverb = *code++ =
|
|
(cd->assert_depth > 0)? OP_ASSERT_ACCEPT : OP_ACCEPT;
|
|
Index: trunk/pcreposix.c
|
|
===================================================================
|
|
--- trunk/pcreposix.c (revision 1630)
|
|
+++ trunk/pcreposix.c (revision 1631)
|
|
@@ -6,7 +6,7 @@
|
|
and semantics are as close as possible to those of the Perl 5 language.
|
|
|
|
Written by Philip Hazel
|
|
- Copyright (c) 1997-2014 University of Cambridge
|
|
+ Copyright (c) 1997-2016 University of Cambridge
|
|
|
|
-----------------------------------------------------------------------------
|
|
Redistribution and use in source and binary forms, with or without
|
|
@@ -173,7 +173,8 @@
|
|
REG_BADPAT, /* group name must start with a non-digit */
|
|
/* 85 */
|
|
REG_BADPAT, /* parentheses too deeply nested (stack check) */
|
|
- REG_BADPAT /* missing digits in \x{} or \o{} */
|
|
+ REG_BADPAT, /* missing digits in \x{} or \o{} */
|
|
+ REG_BADPAT /* pattern too complicated */
|
|
};
|
|
|
|
/* Table of texts corresponding to POSIX error codes */
|