pcre: fix CVE-2015-3210
- should fix eap buffer overflow in pcre_compile2() / compile_regex() Signed-off-by: heil <heil@terminal-consulting.de>
This commit is contained in:
heil
parent
535e9ef92c
commit
f109732f56
2 changed files with 33 additions and 1 deletions
|
|
@ -9,7 +9,7 @@ include $(TOPDIR)/rules.mk
|
||||||
|
|
||||||
PKG_NAME:=pcre
|
PKG_NAME:=pcre
|
||||||
PKG_VERSION:=8.37
|
PKG_VERSION:=8.37
|
||||||
PKG_RELEASE:=1
|
PKG_RELEASE:=2
|
||||||
|
|
||||||
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.bz2
|
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.bz2
|
||||||
PKG_SOURCE_URL:=@SF/pcre
|
PKG_SOURCE_URL:=@SF/pcre
|
||||||
|
|
|
||||||
32
libs/pcre/patches/100-pcre-cve-2015-3210.patch
Normal file
32
libs/pcre/patches/100-pcre-cve-2015-3210.patch
Normal file
|
|
@ -0,0 +1,32 @@
|
||||||
|
Index: pcre-8.37/pcre_compile.c
|
||||||
|
===================================================================
|
||||||
|
--- a/pcre_compile.c
|
||||||
|
+++ b/pcre_compile.c
|
||||||
|
@@ -7177,14 +7177,26 @@
|
||||||
|
number. If the name is not found, set the value to 0 for a forward
|
||||||
|
reference. */
|
||||||
|
|
||||||
|
+ recno = 0;
|
||||||
|
ng = cd->named_groups;
|
||||||
|
for (i = 0; i < cd->names_found; i++, ng++)
|
||||||
|
{
|
||||||
|
if (namelen == ng->length &&
|
||||||
|
STRNCMP_UC_UC(name, ng->name, namelen) == 0)
|
||||||
|
- break;
|
||||||
|
+ {
|
||||||
|
+ open_capitem *oc;
|
||||||
|
+ recno = ng->number;
|
||||||
|
+ if (is_recurse) break;
|
||||||
|
+ for (oc = cd->open_caps; oc != NULL; oc = oc->next)
|
||||||
|
+ {
|
||||||
|
+ if (oc->number == recno)
|
||||||
|
+ {
|
||||||
|
+ oc->flag = TRUE;
|
||||||
|
+ break;
|
||||||
|
+ }
|
||||||
|
+ }
|
||||||
|
+ }
|
||||||
|
}
|
||||||
|
- recno = (i < cd->names_found)? ng->number : 0;
|
||||||
|
|
||||||
|
/* Count named back references. */
|
||||||
Loading…
Reference in a new issue