packages/pcre
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

!8 fix CVE-2020-14155

Browse Source 
Merge pull request !8 from xu_ping/master
This commit is contained in:
openeuler-ci-bot 2020-06-28 10:18:13 +08:00 committed by Gitee
commit c53328345a
2 changed files with 65 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

55
CVE-2020-14155.patch Normal file
View File

@ -0,0 +1,55 @@
From 3a9026509f9c1745f378595e55e5024361ad152d Mon Sep 17 00:00:00 2001
From: ph10 <ph10@2f5784b3-3f2a-0410-8824-cb99058d5e15>
Date: Mon, 10 Feb 2020 17:17:34 +0000
Subject: [PATCH] Check the size of the number after (?C as it is read, in
order to avoid integer overflow.
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
git-svn-id: svn://vcs.exim.org/pcre/code/trunk@1761 2f5784b3-3f2a-0410-8824-cb99058d5e15
Petr Písař: Ported to 8.43.
---
pcre_compile.c | 14 ++++++++------
diff --git a/pcre_compile.c b/pcre_compile.c
index 079d30a..1e3d6c3 100644
--- a/pcre_compile.c
+++ b/pcre_compile.c
@@ -6,7 +6,7 @@
and semantics are as close as possible to those of the Perl 5 language.
Written by Philip Hazel
- Copyright (c) 1997-2018 University of Cambridge
+ Copyright (c) 1997-2020 University of Cambridge
-----------------------------------------------------------------------------
Redistribution and use in source and binary forms, with or without
@@ -7130,17 +7130,19 @@ for (;; ptr++)
int n = 0;
ptr++;
while(IS_DIGIT(*ptr))
+ {
n = n * 10 + *ptr++ - CHAR_0;
+ if (n > 255)
+ {
+ *errorcodeptr = ERR38;
+ goto FAILED;
+ }
+ }
if (*ptr != CHAR_RIGHT_PARENTHESIS)
{
*errorcodeptr = ERR39;
goto FAILED;
}
- if (n > 255)
- {
- *errorcodeptr = ERR38;
- goto FAILED;
- }
*code++ = n;
PUT(code, 0, (int)(ptr - cd->start_pattern + 1)); /* Pattern offset */
PUT(code, LINK_SIZE, 0); /* Default length */
--
2.21.1

11
pcre.spec
View File

@ -1,6 +1,6 @@
Name: pcre Name: pcre
Version: 8.43 Version: 8.43
Release: 5 Release: 6
Summary: Perl Compatible Regular Expressions Summary: Perl Compatible Regular Expressions
## Source package only: ## Source package only:
# INSTALL: FSFAP # INSTALL: FSFAP
@ -26,6 +26,9 @@ Summary: Perl Compatible Regular Expressions
License: BSD License: BSD
URL: http://www.pcre.org/ URL: http://www.pcre.org/
Source0: https://ftp.pcre.org/pub/pcre/%{name}-%{version}.tar.bz2 Source0: https://ftp.pcre.org/pub/pcre/%{name}-%{version}.tar.bz2
Patch0000: CVE-2020-14155.patch
BuildRequires: readline-devel autoconf automake coreutils BuildRequires: readline-devel autoconf automake coreutils
BuildRequires: gcc git gcc-c++ glibc-common libtool make BuildRequires: gcc git gcc-c++ glibc-common libtool make
BuildRequires: bash diffutils grep BuildRequires: bash diffutils grep
@ -114,6 +117,12 @@ make check VERBOSE=yes
%{_mandir}/man3/* %{_mandir}/man3/*
%changelog %changelog
* Wed Jun 24 2020 xuping <xuping21@huawei.com> - 8.43-6
- Type: cves
- ID: CVE-2020-14155
- SUG: NA
- DESC: fix CVE-2020-14155
* Sat Jan 11 2020 openEuler Buildteam <buildteam@openeuler.org> - 8.43-5 * Sat Jan 11 2020 openEuler Buildteam <buildteam@openeuler.org> - 8.43-5
- Type: enhancement - Type: enhancement
- ID: NA - ID: NA