------- You are receiving this mail because: -------
You are on the CC list for the bug.
http://bugs.exim.org/show_bug.cgi?id=1503
Zoltan Herczeg <hzmester@???> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |hzmester@???
--- Comment #1 from Zoltan Herczeg <hzmester@???> 2014-07-11 14:50:41 ---
Hi,
this is a nice catch! It cause could_be_empty_branch() to recursively call
itself forever (Note: the functions detects whether a bracket matches an empty
string or not). This case probably needs an extra check.
Few comments though:
It is well known that PCRE can be made to exhaust the stack. There are stack
limit checks for that in the code. Not this one though, because this is simply
a bug.
I don't think you can exploit this in any other way than crashing the program.
I know how buffer overflow works, and this doesn't seem that case, because
could_be_empty_branch() never returns. So no matter how you put data on the
stack (which you couldn't btw), it will never be executed. Instead the program
will simply crash when the bottom of the stack is reached.
--
Configure bugmail:
http://bugs.exim.org/userprefs.cgi?tab=email