aboutsummaryrefslogtreecommitdiff
path: root/gnu/packages/patches/pcre2-CVE-2017-8786.patch
blob: 6071d58f07f4365e0fc5328794729513fff875da (about) (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
Fix CVE-2017-8786:

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8786
https://bugs.exim.org/show_bug.cgi?id=2079
https://blogs.gentoo.org/ago/2017/04/29/libpcre-heap-based-buffer-overflow-write-in-pcre2test-c/

Patch copied from upstream source repository:

https://vcs.pcre.org/pcre2?view=revision&revision=696
https://vcs.pcre.org/pcre2?view=revision&revision=697

--- trunk/doc/pcre2api.3	2017/03/21 16:48:40	695
+++ trunk/doc/pcre2api.3	2017/03/21 17:46:21	696
@@ -1,4 +1,4 @@
-.TH PCRE2API 3 "24 December 2016" "PCRE2 10.23"
+.TH PCRE2API 3 "21 March 2017" "PCRE2 10.30"
 .SH NAME
 PCRE2 - Perl-compatible regular expressions (revised API)
 .sp
@@ -2633,8 +2633,8 @@
 A text message for an error code from any PCRE2 function (compile, match, or
 auxiliary) can be obtained by calling \fBpcre2_get_error_message()\fP. The code
 is passed as the first argument, with the remaining two arguments specifying a
-code unit buffer and its length, into which the text message is placed. Note
-that the message is returned in code units of the appropriate width for the
+code unit buffer and its length in code units, into which the text message is
+placed. The message is returned in code units of the appropriate width for the
 library that is being used.
 .P
 The returned message is terminated with a trailing zero, and the function
@@ -3321,6 +3321,6 @@
 .rs
 .sp
 .nf
-Last updated: 23 December 2016
-Copyright (c) 1997-2016 University of Cambridge.
+Last updated: 21 March 2017
+Copyright (c) 1997-2017 University of Cambridge.
 .fi
--- trunk/src/pcre2_error.c	2017/03/21 16:48:40	695
+++ trunk/src/pcre2_error.c	2017/03/21 17:46:21	696
@@ -271,7 +271,7 @@
 Arguments:
   enumber       error number
   buffer        where to put the message (zero terminated)
-  size          size of the buffer
+  size          size of the buffer in code units
 
 Returns:        length of message if all is well
                 negative on error
--- trunk/src/pcre2test.c	2017/03/21 17:46:21	696
+++ trunk/src/pcre2test.c	2017/03/21 18:36:13	697
@@ -1017,9 +1017,9 @@
   if (test_mode == PCRE8_MODE) \
     r = pcre2_get_error_message_8(a,G(b,8),G(G(b,8),_size)); \
   else if (test_mode == PCRE16_MODE) \
-    r = pcre2_get_error_message_16(a,G(b,16),G(G(b,16),_size)); \
+    r = pcre2_get_error_message_16(a,G(b,16),G(G(b,16),_size/2)); \
   else \
-    r = pcre2_get_error_message_32(a,G(b,32),G(G(b,32),_size))
+    r = pcre2_get_error_message_32(a,G(b,32),G(G(b,32),_size/4))
 
 #define PCRE2_GET_OVECTOR_COUNT(a,b) \
   if (test_mode == PCRE8_MODE) \
@@ -1399,6 +1399,9 @@
 
 /* ----- Common macros for two-mode cases ----- */
 
+#define BYTEONE (BITONE/8)
+#define BYTETWO (BITTWO/8)
+
 #define CASTFLD(t,a,b) \
   ((test_mode == G(G(PCRE,BITONE),_MODE))? (t)(G(a,BITONE)->b) : \
     (t)(G(a,BITTWO)->b))
@@ -1481,9 +1484,9 @@
 
 #define PCRE2_GET_ERROR_MESSAGE(r,a,b) \
   if (test_mode == G(G(PCRE,BITONE),_MODE)) \
-    r = G(pcre2_get_error_message_,BITONE)(a,G(b,BITONE),G(G(b,BITONE),_size)); \
+    r = G(pcre2_get_error_message_,BITONE)(a,G(b,BITONE),G(G(b,BITONE),_size/BYTEONE)); \
   else \
-    r = G(pcre2_get_error_message_,BITTWO)(a,G(b,BITTWO),G(G(b,BITTWO),_size))
+    r = G(pcre2_get_error_message_,BITTWO)(a,G(b,BITTWO),G(G(b,BITTWO),_size/BYTETWO))
 
 #define PCRE2_GET_OVECTOR_COUNT(a,b) \
   if (test_mode == G(G(PCRE,BITONE),_MODE)) \
@@ -1904,7 +1907,7 @@
 #define PCRE2_DFA_MATCH(a,b,c,d,e,f,g,h,i,j) \
   a = pcre2_dfa_match_16(G(b,16),(PCRE2_SPTR16)c,d,e,f,G(g,16),h,i,j)
 #define PCRE2_GET_ERROR_MESSAGE(r,a,b) \
-  r = pcre2_get_error_message_16(a,G(b,16),G(G(b,16),_size))
+  r = pcre2_get_error_message_16(a,G(b,16),G(G(b,16),_size/2))
 #define PCRE2_GET_OVECTOR_COUNT(a,b) a = pcre2_get_ovector_count_16(G(b,16))
 #define PCRE2_GET_STARTCHAR(a,b) a = pcre2_get_startchar_16(G(b,16))
 #define PCRE2_JIT_COMPILE(r,a,b) r = pcre2_jit_compile_16(G(a,16),b)
@@ -2000,7 +2003,7 @@
 #define PCRE2_DFA_MATCH(a,b,c,d,e,f,g,h,i,j) \
   a = pcre2_dfa_match_32(G(b,32),(PCRE2_SPTR32)c,d,e,f,G(g,32),h,i,j)
 #define PCRE2_GET_ERROR_MESSAGE(r,a,b) \
-  r = pcre2_get_error_message_32(a,G(b,32),G(G(b,32),_size))
+  r = pcre2_get_error_message_32(a,G(b,32),G(G(b,32),_size/4))
 #define PCRE2_GET_OVECTOR_COUNT(a,b) a = pcre2_get_ovector_count_32(G(b,32))
 #define PCRE2_GET_STARTCHAR(a,b) a = pcre2_get_startchar_32(G(b,32))
 #define PCRE2_JIT_COMPILE(r,a,b) r = pcre2_jit_compile_32(G(a,32),b)
--- trunk/src/pcre2test.c	2017/03/21 16:48:40	695
+++ trunk/src/pcre2test.c	2017/03/21 17:46:21	696
@@ -2889,7 +2889,7 @@
   {
   if (pbuffer32 != NULL) free(pbuffer32);
   pbuffer32_size = 4*len + 4;
-  if (pbuffer32_size < 256) pbuffer32_size = 256;
+  if (pbuffer32_size < 512) pbuffer32_size = 512;
   pbuffer32 = (uint32_t *)malloc(pbuffer32_size);
   if (pbuffer32 == NULL)
     {
@@ -7600,7 +7600,8 @@
   int errcode;
   char *endptr;
 
-/* Ensure the relevant non-8-bit buffer is available. */
+/* Ensure the relevant non-8-bit buffer is available. Ensure that it is at 
+least 128 code units, because it is used for retrieving error messages. */
 
 #ifdef SUPPORT_PCRE2_16
   if (test_mode == PCRE16_MODE)
@@ -7620,7 +7621,7 @@
 #ifdef SUPPORT_PCRE2_32
   if (test_mode == PCRE32_MODE)
     {
-    pbuffer32_size = 256;
+    pbuffer32_size = 512;
     pbuffer32 = (uint32_t *)malloc(pbuffer32_size);
     if (pbuffer32 == NULL)
       {
--- trunk/testdata/testinput2	2017/03/21 16:48:40	695
+++ trunk/testdata/testinput2	2017/03/21 17:46:21	696
@@ -5017,4 +5017,6 @@
 
 /(?<!\1((?U)1((?U))))(*F)/never_backslash_c,alt_bsux,anchored,extended
 
+/\g{3/
+
 # End of testinput2 
--- trunk/testdata/testoutput2	2017/03/21 16:48:40	695
+++ trunk/testdata/testoutput2	2017/03/21 17:46:21	696
@@ -15570,6 +15570,9 @@
 
 /(?<!\1((?U)1((?U))))(*F)/never_backslash_c,alt_bsux,anchored,extended
 
+/\g{3/
+Failed: error 157 at offset 2: \g is not followed by a braced, angle-bracketed, or quoted name/number or by a plain number
+
 # End of testinput2 
 Error -63: PCRE2_ERROR_BADDATA (unknown error number)
 Error -62: bad serialized data