rpms/pcre/FC-3 pcre-4.5-CAN-2005-2491.patch, NONE, 1.1 pcre.spec, 1.10, 1.11
fedora-cvs-commits at redhat.com
fedora-cvs-commits at redhat.com
Fri Aug 19 13:31:17 UTC 2005
- Previous message (by thread): rpms/iproute/devel .cvsignore, 1.11, 1.12 iproute.spec, 1.28, 1.29 sources, 1.11, 1.12
- Next message (by thread): rpms/pcre/FC-4 pcre-5.0-CAN-2005-2491.patch, NONE, 1.1 pcre.spec, 1.13, 1.14
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
Author: than
Update of /cvs/dist/rpms/pcre/FC-3
In directory cvs.devel.redhat.com:/tmp/cvs-serv32738
Modified Files:
pcre.spec
Added Files:
pcre-4.5-CAN-2005-2491.patch
Log Message:
backport patch to fix heap overflow, CAN-2005-2491, #166330
pcre-4.5-CAN-2005-2491.patch:
pcre.c | 29 ++++++++++++++++++++---------
1 files changed, 20 insertions(+), 9 deletions(-)
--- NEW FILE pcre-4.5-CAN-2005-2491.patch ---
--- pcre-4.5/pcre.c.tn 2003-12-10 17:45:44.000000000 +0100
+++ pcre-4.5/pcre.c 2005-08-19 15:11:17.000000000 +0200
@@ -1047,7 +1047,18 @@
int min = 0;
int max = -1;
+/* Read the minimum value and do a paranoid check: a negative value indicates
+an integer overflow. */
+
while ((digitab[*p] & ctype_digit) != 0) min = min * 10 + *p++ - '0';
+if (min < 0 || min > 65535)
+ {
+ *errorptr = ERR5;
+ return p;
+ }
+
+/* Read the maximum value if there is one, and again do a paranoid on its size.
+Also, max must not be less than min. */
if (*p == '}') max = min; else
{
@@ -1055,6 +1066,11 @@
{
max = 0;
while((digitab[*p] & ctype_digit) != 0) max = max * 10 + *p++ - '0';
+ if (max < 0 || max > 65535)
+ {
+ *errorptr = ERR5;
+ return p;
+ }
if (max < min)
{
*errorptr = ERR4;
@@ -1063,16 +1079,11 @@
}
}
-/* Do paranoid checks, then fill in the required variables, and pass back the
-pointer to the terminating '}'. */
+/* Fill in the required variables, and pass back the pointer to the terminating
+'}'. */
-if (min > 65535 || max > 65535)
- *errorptr = ERR5;
-else
- {
- *minp = min;
- *maxp = max;
- }
+*minp = min;
+*maxp = max;
return p;
}
Index: pcre.spec
===================================================================
RCS file: /cvs/dist/rpms/pcre/FC-3/pcre.spec,v
retrieving revision 1.10
retrieving revision 1.11
diff -u -r1.10 -r1.11
--- pcre.spec 16 Aug 2005 15:37:08 -0000 1.10
+++ pcre.spec 19 Aug 2005 13:31:14 -0000 1.11
@@ -1,10 +1,11 @@
Name: pcre
Version: 4.5
-Release: 3.1
+Release: 3.1.1.fc3
Summary: Perl-compatible regular expression library
URL: http://www.pcre.org/
Source: ftp://ftp.csx.cam.ac.uk/pub/software/programming/pcre/%{name}-%{version}.tar.bz2
Patch: pcre-3.9-libtool.patch
+Patch1: pcre-4.5-CAN-2005-2491.patch
License: distributable
Group: System Environment/Libraries
Prefix: %{_prefix}
@@ -31,6 +32,8 @@
%prep
%setup -q
%patch -p1 -b .libtool
+%patch1 -p1 -b .CAN-2005-2491
+
%configure --includedir=%{_includedir}/%{name} --enable-utf8
%build
@@ -77,6 +80,9 @@
%{_bindir}/pcre-config
%changelog
+* Fri Aug 19 2005 Than Ngo <than at redhat.com> 4.5-3.1.1.fc3
+- backport patch to fix heap overflow, CAN-2005-2491, #166330
+
* Tue Aug 16 2005 Than Ngo <than at redhat.com> 4.5-3.1
- add symlinks for header files #154692
- Previous message (by thread): rpms/iproute/devel .cvsignore, 1.11, 1.12 iproute.spec, 1.28, 1.29 sources, 1.11, 1.12
- Next message (by thread): rpms/pcre/FC-4 pcre-5.0-CAN-2005-2491.patch, NONE, 1.1 pcre.spec, 1.13, 1.14
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
More information about the fedora-cvs-commits
mailing list