diff options
| author | Remi Collet <remi@remirepo.net> | 2019-10-08 16:03:04 +0200 |
|---|---|---|
| committer | Remi Collet <remi@remirepo.net> | 2019-10-08 16:03:04 +0200 |
| commit | f5bf8f9d9f7bd1bd24685ce744ce735e9d4fd387 (patch) | |
| tree | 05d681578480fe62578c8c826b118fb1690513f5 | |
| parent | 878f8eba8157373b87c59b7178c200fd1ffae5bd (diff) | |
fix heap-buffer-overflow using upstream patch
| -rw-r--r-- | 15c4228aa2ffa02140a99912dd3177df0b1841c6.patch | 37 | ||||
| -rw-r--r-- | oniguruma.spec | 7 |
2 files changed, 43 insertions, 1 deletions
diff --git a/15c4228aa2ffa02140a99912dd3177df0b1841c6.patch b/15c4228aa2ffa02140a99912dd3177df0b1841c6.patch new file mode 100644 index 0000000..88dd8e8 --- /dev/null +++ b/15c4228aa2ffa02140a99912dd3177df0b1841c6.patch @@ -0,0 +1,37 @@ +From 15c4228aa2ffa02140a99912dd3177df0b1841c6 Mon Sep 17 00:00:00 2001 +From: "K.Kosako" <kkosako0@gmail.com> +Date: Fri, 4 Oct 2019 19:54:40 +0900 +Subject: [PATCH] fix #156: Heap buffer overflow in match_at() with + case-insensitive match + +--- + src/regcomp.c | 2 +- + src/regexec.c | 1 + + 2 files changed, 2 insertions(+), 1 deletion(-) + +diff --git a/src/regcomp.c b/src/regcomp.c +index cd379a2..52f6f01 100644 +--- a/src/regcomp.c ++++ b/src/regcomp.c +@@ -734,8 +734,8 @@ add_compile_string(UChar* s, int mb_len, int str_len, + COP(reg)->exact_n.s = p; + } + else { ++ xmemset(COP(reg)->exact.s, 0, sizeof(COP(reg)->exact.s)); + xmemcpy(COP(reg)->exact.s, s, (size_t )byte_len); +- COP(reg)->exact.s[byte_len] = '\0'; + } + + return 0; +diff --git a/src/regexec.c b/src/regexec.c +index e471491..4bcd8a9 100644 +--- a/src/regexec.c ++++ b/src/regexec.c +@@ -2889,6 +2889,7 @@ match_at(regex_t* reg, const UChar* str, const UChar* end, + DATA_ENSURE(0); + q = lowbuf; + while (len-- > 0) { ++ if (ps >= endp) goto fail; + if (*ps != *q) goto fail; + ps++; q++; + } diff --git a/oniguruma.spec b/oniguruma.spec index 17cdec2..6cb224a 100644 --- a/oniguruma.spec +++ b/oniguruma.spec @@ -24,7 +24,7 @@ Name: %{libname} Name: %{libname}%{soname} %endif Version: 6.9.3 -Release: 2%{?dist} +Release: 3%{?dist} Summary: Regular expressions library License: BSD @@ -32,6 +32,7 @@ URL: https://github.com/kkos/oniguruma/ Source0: https://github.com/kkos/oniguruma/releases/download/v%{version}/onig-%{version}.tar.gz Patch0: https://github.com/kkos/oniguruma/commit/d3e402928b6eb3327f8f7d59a9edfa622fec557b.patch +Patch1: https://github.com/kkos/oniguruma/commit/15c4228aa2ffa02140a99912dd3177df0b1841c6.patch BuildRequires: gcc @@ -69,6 +70,7 @@ developing applications that use %{name}. %setup -q -n onig-%{version} %{__sed} -i.multilib -e 's|-L@libdir@||' onig-config.in %patch0 -p1 -b .up +%patch1 -p1 -b .up1 %if 0 for f in \ @@ -144,6 +146,9 @@ find $RPM_BUILD_ROOT -name '*.la' \ %changelog +* Tue Oct 8 2019 Remi Collet <remi@remirepo.net> -6.9.3-3 +- fix heap-buffer-overflow using upstream patch + * Thu Sep 26 2019 Remi Collet <remi@remirepo.net> -6.9.3-2 - fix heap-buffer-overflow using upstream patch https://bugzilla.redhat.com/1755880 |