3143910eec
Take Debian adapted patches of upstream. Fixes: CVE-2017-6004: crafted regular expression may cause denial of service CVE-2017-7186: invalid Unicode property lookup may cause denial of service Signed-off-by: Baruch Siach <baruch@tkos.co.il> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
22 lines
759 B
Diff
22 lines
759 B
Diff
Description: CVE-2017-6004: crafted regular expression may cause denial of service
|
|
Origin: upstream, https://vcs.pcre.org/pcre/code/trunk/pcre_jit_compile.c?r1=1676&r2=1680&view=patch
|
|
Bug: https://bugs.exim.org/show_bug.cgi?id=2035
|
|
Bug-Debian: https://bugs.debian.org/855405
|
|
Forwarded: not-needed
|
|
Author: Salvatore Bonaccorso <carnil@debian.org>
|
|
Last-Update: 2017-02-17
|
|
|
|
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
|
|
|
|
--- a/pcre_jit_compile.c
|
|
+++ b/pcre_jit_compile.c
|
|
@@ -8111,7 +8111,7 @@ if (opcode == OP_COND || opcode == OP_SC
|
|
|
|
if (*matchingpath == OP_FAIL)
|
|
stacksize = 0;
|
|
- if (*matchingpath == OP_RREF)
|
|
+ else if (*matchingpath == OP_RREF)
|
|
{
|
|
stacksize = GET2(matchingpath, 1);
|
|
if (common->currententry == NULL)
|