Check-in Number:
|
5208 | |
Date: |
2005-Oct-03 09:40:05 (local)
2005-Oct-03 07:40:05 (UTC) |
User: | rse |
Branch: | |
Comment: |
Security Fix to str_pcre.c (CAN-2005-2491, partially only) |
Tickets: |
|
Inspections: |
|
Files: |
|
ossp-pkg/str/ChangeLog 1.54 -> 1.55
--- ChangeLog 2005/10/03 07:35:51 1.54
+++ ChangeLog 2005/10/03 07:40:05 1.55
@@ -11,6 +11,9 @@
Changes between 0.9.10 and 0.9.11 (24-Jan-2004 to 03-Oct-2005):
+ *) Security Fix to str_pcre.c (CAN-2005-2491, partially only)
+ [Ralf S. Engelschall <rse@engelschall.com>]
+
*) Fixed isnan(3) & isinf(3) related compile-time warnings.
[Ralf S. Engelschall <rse@engelschall.com>]
|
|
ossp-pkg/str/str_pcre.c 1.8 -> 1.9
--- str_pcre.c 2003/01/06 19:13:47 1.8
+++ str_pcre.c 2005/10/03 07:40:05 1.9
@@ -674,6 +674,10 @@
while ((cd->ctypes[*p] & ctype_digit) != 0)
min = min * 10 + *p++ - '0';
+ if (min < 0 || min > 65535) {
+ *errorptr = ERR5;
+ return p;
+ }
if (*p == '}')
max = min;
@@ -682,6 +686,10 @@
max = 0;
while ((cd->ctypes[*p] & ctype_digit) != 0)
max = max * 10 + *p++ - '0';
+ if (max < 0 || max > 65535) {
+ *errorptr = ERR5;
+ return p;
+ }
if (max < min) {
*errorptr = ERR4;
return p;
|
|