Index: ossp-pkg/str/ChangeLog
RCS File: /v/ossp/cvs/ossp-pkg/str/ChangeLog,v
rcsdiff -q -kk '-r1.54' '-r1.55' -u '/v/ossp/cvs/ossp-pkg/str/ChangeLog,v' 2>/dev/null
--- ChangeLog	2005/10/03 07:35:51	1.54
+++ ChangeLog	2005/10/03 07:40:05	1.55
@@ -11,6 +11,9 @@
 
  Changes between 0.9.10 and 0.9.11 (24-Jan-2004 to 03-Oct-2005):
 
+   *) Security Fix to str_pcre.c (CAN-2005-2491, partially only)
+      [Ralf S. Engelschall <rse@engelschall.com>]
+
    *) Fixed isnan(3) & isinf(3) related compile-time warnings.
       [Ralf S. Engelschall <rse@engelschall.com>]
 
Index: ossp-pkg/str/str_pcre.c
RCS File: /v/ossp/cvs/ossp-pkg/str/str_pcre.c,v
rcsdiff -q -kk '-r1.8' '-r1.9' -u '/v/ossp/cvs/ossp-pkg/str/str_pcre.c,v' 2>/dev/null
--- str_pcre.c	2003/01/06 19:13:47	1.8
+++ str_pcre.c	2005/10/03 07:40:05	1.9
@@ -674,6 +674,10 @@
 
 	while ((cd->ctypes[*p] & ctype_digit) != 0)
 		min = min * 10 + *p++ - '0';
+	if (min < 0 || min > 65535) {
+	    *errorptr = ERR5;
+	    return p;
+	}
 
 	if (*p == '}')
 		max = min;
@@ -682,6 +686,10 @@
 			max = 0;
 			while ((cd->ctypes[*p] & ctype_digit) != 0)
 				max = max * 10 + *p++ - '0';
+			if (max < 0 || max > 65535) {
+			    *errorptr = ERR5;
+			    return p;
+			}
 			if (max < min) {
 				*errorptr = ERR4;
 				return p;