Go to:
Gentoo Home
Documentation
Forums
Lists
Bugs
Planet
Store
Wiki
Get Gentoo!
Gentoo's Bugzilla – Attachment 138282 Details for
Bug 198373
dev-lang/python =2.3.* < 2.3.6-r4 Potential issues in embedded PCRE
Home
|
New
–
[Ex]
|
Browse
|
Search
|
Privacy Policy
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
python-CVE-2006-7228-pcre.patch
python-CVE-2006-7228-pcre.patch (text/plain), 1.89 KB, created by
Robert Buchholz (RETIRED)
on 2007-12-11 21:55:00 UTC
(
hide
)
Description:
python-CVE-2006-7228-pcre.patch
Filename:
MIME Type:
Creator:
Robert Buchholz (RETIRED)
Created:
2007-12-11 21:55:00 UTC
Size:
1.89 KB
patch
obsolete
>diff -rup Python-2.3.4-orig/Modules/pypcre.c Python-2.3.4/Modules/pypcre.c >--- Python-2.3.4-orig/Modules/pypcre.c 2007-11-20 09:09:49.000000000 -0500 >+++ Python-2.3.4/Modules/pypcre.c 2007-11-20 09:39:28.000000000 -0500 >@@ -2318,7 +2318,7 @@ if an "extended" flag setting appears la > clever for #-comments. */ > > ptr = (const uschar *)(pattern - 1); >-while ((c = *(++ptr)) != 0) >+while (((c = *(++ptr)) != 0) && (length > 0) && (length <= 65535)) > { > int min, max; > int class_charcount; >@@ -2602,8 +2602,23 @@ while ((c = *(++ptr)) != 0) > to do before the first copy if the minimum is zero. */ > > if (minval == 0) length++; >- else if (minval > 1) length += (minval - 1) * duplength; >- if (maxval > minval) length += (maxval - minval) * (duplength + 1); >+ else if (minval > 1) >+ { >+ size_t tmp = (minval - 1) * duplength; >+ >+ if (duplength != (tmp / (minval - 1))) >+ goto PCRE_OVER_FLOW_ERROR_RETURN; >+ length += tmp; >+ } >+ if (maxval > minval) >+ { >+ size_t tmp = (maxval - minval) * (duplength + 1); >+ >+ if ((duplength + 1) != (tmp / (maxval - minval))) >+ goto PCRE_OVER_FLOW_ERROR_RETURN; >+ >+ length += tmp; >+ } > } > continue; > >@@ -2656,14 +2671,15 @@ while ((c = *(++ptr)) != 0) > } > } > >-length += 4; /* For final KET and END */ >- >-if (length > 65539) >+if ((length > 65535) || (length < 3)) > { >+ PCRE_OVER_FLOW_ERROR_RETURN: > *errorptr = ERR20; > return NULL; > } > >+length += 4; /* For final KET and END */ >+ > /* Compute the size of data block needed and get it, either from malloc or > externally provided function. We specify "code[0]" in the offsetof() expression > rather than just "code", because it has been reported that one broken compiler >Only in Python-2.3.4/Modules: pypcre.c~ >Only in Python-2.3.4/Modules: pypcre.c.CVE-2006-7228-pcre
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=138282">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 198373
: 138282 |
138283
