|
Check-in Number:
|
5216 | |
| Date: |
2005-Oct-03 10:05:55 (local)
2005-Oct-03 08:05:55 (UTC) |
| User: | rse |
| Branch: | |
| Comment: |
Apply PCRE security fix (CAN-2005-2491, partially only) |
| Tickets: |
|
| Inspections: |
|
| Files: |
|
ossp-pkg/l2/ChangeLog 1.29 -> 1.30
--- ChangeLog 2005/10/03 08:00:16 1.29
+++ ChangeLog 2005/10/03 08:05:55 1.30
@@ -18,6 +18,9 @@
*) Imported OSSP sa 1.2.5
[Ralf S. Engelschall <rse@engelschall.com>]
+ *) Apply PCRE security fix (CAN-2005-2491, partially only)
+ [Ralf S. Engelschall <rse@engelschall.com>]
+
Changes between 0.9.9 and 0.9.10 (01-Feb-2005 to 18-Feb-2005)
*) Synchronize l2_ut_format.[ch] with OSSP cfg and especially
|
|
ossp-pkg/l2/l2_ut_pcre.c 1.7 -> 1.8
--- l2_ut_pcre.c 2003/01/06 11:41:52 1.7
+++ l2_ut_pcre.c 2005/10/03 08:05:55 1.8
@@ -674,6 +674,10 @@
while ((cd->ctypes[*p] & ctype_digit) != 0)
min = min * 10 + *p++ - '0';
+ if (min < 0 || min > 65535) {
+ *errorptr = ERR5;
+ return p;
+ }
if (*p == '}')
max = min;
@@ -682,6 +686,10 @@
max = 0;
while ((cd->ctypes[*p] & ctype_digit) != 0)
max = max * 10 + *p++ - '0';
+ if (max < 0 || max > 65535) {
+ *errorptr = ERR5;
+ return p;
+ }
if (max < min) {
*errorptr = ERR4;
return p;
|
|
