[pcre-dev] [Bug 1651] PCRE Library Heap Overflow Vulnerabili…

Top Pagina
Delete this message
Auteur: admin
Datum:  
Aan: pcre-dev
Onderwerp: [pcre-dev] [Bug 1651] PCRE Library Heap Overflow Vulnerability in find_fixedlength()
https://bugs.exim.org/show_bug.cgi?id=1651

Philip Hazel <ph10@???> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
         Resolution|---                         |FIXED
             Status|NEW                         |RESOLVED


--- Comment #1 from Philip Hazel <ph10@???> ---
The length of the pattern was not relevant. This pattern also broke it:

/(?=di(?<=(?1))|(?=(.))))/

The important thing was the excess closing parenthesis. It should never have
been calling find_fixedlength in this circumstance. I have committed the patch.
It is so trivial that I reproduce it here as well:

--- pcre_compile.c      (revision 1569)
+++ pcre_compile.c      (working copy)
@@ -9449,7 +9449,7 @@
 exceptional ones forgo this. We scan the pattern to check that they are fixed
 length, and set their lengths. */


-if (cd->check_lookbehind)
+if (errorcode == 0 && cd->check_lookbehind)
{
pcre_uchar *cc = (pcre_uchar *)codestart;

--
You are receiving this mail because:
You are on the CC list for the bug.