pcre: fix CVE-2015-3210

- should fix eap buffer overflow in pcre_compile2() / compile_regex() Signed-off-by: heil <heil@terminal-consulting.de>
2015-06-08 18:14:46 +02:00 · 2015-06-08 18:14:46 +02:00 · f109732f56
commit f109732f56
parent 535e9ef92c
2 changed files with 33 additions and 1 deletions
--- a/libs/pcre/Makefile
+++ b/libs/pcre/Makefile
@ -9,7 +9,7 @@ include $(TOPDIR)/rules.mk

 PKG_NAME:=pcre
 PKG_VERSION:=8.37
-PKG_RELEASE:=1
+PKG_RELEASE:=2

 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.bz2
 PKG_SOURCE_URL:=@SF/pcre
--- a/libs/pcre/patches/100-pcre-cve-2015-3210.patch
+++ b/libs/pcre/patches/100-pcre-cve-2015-3210.patch
@ -0,0 +1,32 @@
+Index: pcre-8.37/pcre_compile.c
+===================================================================
+--- a/pcre_compile.c
+++ b/pcre_compile.c
+@@ -7177,14 +7177,26 @@
+           number. If the name is not found, set the value to 0 for a forward
+           reference. */
+ 
+          recno = 0;
+           ng = cd->named_groups;
+           for (i = 0; i < cd->names_found; i++, ng++)
+             {
+             if (namelen == ng->length &&
+                 STRNCMP_UC_UC(name, ng->name, namelen) == 0)
+-              break;
+              {
+              open_capitem *oc;
+              recno = ng->number;
+              if (is_recurse) break;
+              for (oc = cd->open_caps; oc != NULL; oc = oc->next)         
+                {          
+                if (oc->number == recno)                                     
+                  {               
+                  oc->flag = TRUE;                                      
+                  break;
+                  }                                                         
+                }                          
+              }    
+             }
+-          recno = (i < cd->names_found)? ng->number : 0;
+ 
+           /* Count named back references. */