Attachment 475124 Details for Bug 614052 – Patch for CVE-2017-7245

[patch] Patch for CVE-2017-7245

CVE-2017-7245.patch (text/plain), 1.35 KB, created by Thomas Deutschmann (RETIRED) on 2017-06-03 21:06:01 UTC

(hide)

Description:

Filename:

MIME Type:

Creator: Thomas Deutschmann (RETIRED)

Created: 2017-06-03 21:06:01 UTC

Size: 1.35 KB

patch

obsolete

>Index: pcretest.c
>===================================================================
>--- pcretest.c	(revision 1690)
>+++ pcretest.c	(revision 1691)
>@@ -426,11 +426,11 @@
> #define PCRE_COPY_NAMED_SUBSTRING32(rc, re, bptr, offsets, count, \
>     namesptr, cbuffer, size) \
>   rc = pcre32_copy_named_substring((pcre32 *)re, (PCRE_SPTR32)bptr, offsets, \
>-    count, (PCRE_SPTR32)namesptr, (PCRE_UCHAR32 *)cbuffer, size/2)
>+    count, (PCRE_SPTR32)namesptr, (PCRE_UCHAR32 *)cbuffer, size/4)
> 
> #define PCRE_COPY_SUBSTRING32(rc, bptr, offsets, count, i, cbuffer, size) \
>   rc = pcre32_copy_substring((PCRE_SPTR32)bptr, offsets, count, i, \
>-    (PCRE_UCHAR32 *)cbuffer, size/2)
>+    (PCRE_UCHAR32 *)cbuffer, size/4)
> 
> #define PCRE_DFA_EXEC32(count, re, extra, bptr, len, start_offset, options, \
>     offsets, size_offsets, workspace, size_workspace) \
>Index: ChangeLog
>===================================================================
>--- ChangeLog	(revision 1690)
>+++ ChangeLog	(revision 1691)
>@@ -37,7 +37,10 @@
> 8. The alternative matching function, pcre_dfa_exec() misbehaved if it
> encountered a character class with a possessive repeat, for example [a-f]{3}+.
> 
>+9. When pcretest called pcre_copy_substring() in 32-bit mode, it set the buffer 
>+length incorrectly, which could result in buffer overflow.
> 
>+
> Version 8.40 11-January-2017
> ----------------------------
>

Actions: View | Diff

Attachments on bug 614052: 475124