diff options
author | Ivo De Decker <ivodd@debian.org> | 2014-12-06 18:58:19 +0000 |
---|---|---|
committer | Ivo De Decker <ivodd@debian.org> | 2014-12-06 18:58:19 +0000 |
commit | dd986e8b547c0dde924c4b566ad0894ad4f1beb9 (patch) | |
tree | a87ee49df2a732f2be8d1b3c9e46a341e6fb8698 /debian/patches/cve-2014-8964.patch |
pcre3 (2:8.35-3.3) unstable; urgency=medium
* Non-maintainer upload.
* Upstream patch for heap buffer overflow, CVE-2014-8964, taken from
1:8.36-1 (Closes: #770478)
Thanks to Salvatore Bonaccorso for the reminder.
# imported from the archive
Diffstat (limited to 'debian/patches/cve-2014-8964.patch')
-rw-r--r-- | debian/patches/cve-2014-8964.patch | 23 |
1 files changed, 23 insertions, 0 deletions
diff --git a/debian/patches/cve-2014-8964.patch b/debian/patches/cve-2014-8964.patch new file mode 100644 index 0000000..64786a0 --- /dev/null +++ b/debian/patches/cve-2014-8964.patch @@ -0,0 +1,23 @@ +Description: CVE-2014-8964, heap buffer overflow + Heap buffer overflow if an assertion with a zero minimum repeat is used as + the condition in a conditional group. +Origin: upstream http://bugs.exim.org/show_bug.cgi?id=1546 +Bug: http://bugs.exim.org/show_bug.cgi?id=1546 +Applied-Upstream: Yes, after 8.36 +--- +This patch header follows DEP-3: http://dep.debian.net/deps/dep3/ +--- a/pcre_exec.c ++++ b/pcre_exec.c +@@ -1404,8 +1404,11 @@ + condition = TRUE; + + /* Advance ecode past the assertion to the start of the first branch, +- but adjust it so that the general choosing code below works. */ ++ but adjust it so that the general choosing code below works. If the ++ assertion has a quantifier that allows zero repeats we must skip over ++ the BRAZERO. This is a lunatic thing to do, but somebody did! */ + ++ if (*ecode == OP_BRAZERO) ecode++; + ecode += GET(ecode, 1); + while (*ecode == OP_ALT) ecode += GET(ecode, 1); + ecode += 1 + LINK_SIZE - PRIV(OP_lengths)[condcode]; |