diff options
Diffstat (limited to 'php-onigurama.patch')
-rw-r--r-- | php-onigurama.patch | 181 |
1 files changed, 0 insertions, 181 deletions
diff --git a/php-onigurama.patch b/php-onigurama.patch deleted file mode 100644 index f4e3c1f..0000000 --- a/php-onigurama.patch +++ /dev/null @@ -1,181 +0,0 @@ -From 1e0c4386ab87c6f6392933450130470cbd1a2b19 Mon Sep 17 00:00:00 2001 -From: Remi Collet <remi@php.net> -Date: Tue, 30 May 2017 15:35:42 +0200 -Subject: [PATCH] Patch from the upstream git - https://github.com/kkos/oniguruma/issues/55 (CVE-2017-9226) - b4bf968ad52afe14e60a2dc8a95d3555c543353a Modified for onig 5.9.6 - f015fbdd95f76438cd86366467bb2b39870dd7c6 Modified for onig 5.9.6 - -Thanks to Mamoru TASAKA <mtasaka@fedoraproject.org> ---- - ext/mbstring/oniguruma/regparse.c | 8 ++++++-- - 1 file changed, 6 insertions(+), 2 deletions(-) - -diff --git a/ext/mbstring/oniguruma/regparse.c b/ext/mbstring/oniguruma/regparse.c -index bf72300..c6822e6 100644 ---- a/ext/mbstring/oniguruma/regparse.c -+++ b/ext/mbstring/oniguruma/regparse.c -@@ -3064,7 +3064,7 @@ fetch_token_in_cc(OnigToken* tok, UChar** src, UChar* end, ScanEnv* env) - PUNFETCH; - prev = p; - num = scan_unsigned_octal_number(&p, end, 3, enc); -- if (num < 0) return ONIGERR_TOO_BIG_NUMBER; -+ if (num < 0 || num >= 256) return ONIGERR_TOO_BIG_NUMBER; - if (p == prev) { /* can't read nothing. */ - num = 0; /* but, it's not error */ - } -@@ -3436,7 +3436,7 @@ fetch_token(OnigToken* tok, UChar** src, UChar* end, ScanEnv* env) - if (IS_SYNTAX_OP(syn, ONIG_SYN_OP_ESC_OCTAL3)) { - prev = p; - num = scan_unsigned_octal_number(&p, end, (c == '0' ? 2:3), enc); -- if (num < 0) return ONIGERR_TOO_BIG_NUMBER; -+ if (num < 0 || num >= 256) return ONIGERR_TOO_BIG_NUMBER; - if (p == prev) { /* can't read nothing. */ - num = 0; /* but, it's not error */ - } -@@ -4084,7 +4084,11 @@ next_state_val(CClassNode* cc, OnigCodePoint *vs, OnigCodePoint v, - switch (*state) { - case CCS_VALUE: - if (*type == CCV_SB) -+ { -+ if (*vs > 0xff) -+ return ONIGERR_INVALID_CODE_POINT_VALUE; - BITSET_SET_BIT(cc->bs, (int )(*vs)); -+ } - else if (*type == CCV_CODE_POINT) { - r = add_code_range(&(cc->mbuf), env, *vs, *vs); - if (r < 0) return r; --- -2.1.4 - -From 60b1829e1cd18facc696264fd830c4bbd593cfa9 Mon Sep 17 00:00:00 2001 -From: Remi Collet <remi@php.net> -Date: Tue, 30 May 2017 15:37:11 +0200 -Subject: [PATCH] Patch from the upstream git - https://github.com/kkos/oniguruma/issues/57 (CVE-2017-9224) - -Thanks to Mamoru TASAKA <mtasaka@fedoraproject.org> ---- - ext/mbstring/oniguruma/regexec.c | 5 ----- - 1 file changed, 5 deletions(-) - -diff --git a/ext/mbstring/oniguruma/regexec.c b/ext/mbstring/oniguruma/regexec.c -index 7430d78..5e26896 100644 ---- a/ext/mbstring/oniguruma/regexec.c -+++ b/ext/mbstring/oniguruma/regexec.c -@@ -1425,14 +1425,9 @@ match_at(regex_t* reg, const UChar* str, const UChar* end, - break; - - case OP_EXACT1: MOP_IN(OP_EXACT1); --#if 0 - DATA_ENSURE(1); - if (*p != *s) goto fail; - p++; s++; --#endif -- if (*p != *s++) goto fail; -- DATA_ENSURE(0); -- p++; - MOP_OUT; - break; - --- -2.1.4 - -From 6a8ae7cf8db3ec8dabfd027e01cdbcbb52654c90 Mon Sep 17 00:00:00 2001 -From: Remi Collet <remi@php.net> -Date: Tue, 30 May 2017 15:38:17 +0200 -Subject: [PATCH] Patch from the upstream git - https://github.com/kkos/oniguruma/issues/58 (CVE-2017-9227) - -Thanks to Mamoru TASAKA <mtasaka@fedoraproject.org> ---- - ext/mbstring/oniguruma/regexec.c | 2 ++ - 1 file changed, 2 insertions(+) - -diff --git a/ext/mbstring/oniguruma/regexec.c b/ext/mbstring/oniguruma/regexec.c -index 5e26896..97d5f32 100644 ---- a/ext/mbstring/oniguruma/regexec.c -+++ b/ext/mbstring/oniguruma/regexec.c -@@ -3123,6 +3123,8 @@ forward_search_range(regex_t* reg, const UChar* str, const UChar* end, UChar* s, - } - else { - UChar *q = p + reg->dmin; -+ -+ if (q >= end) return 0; /* fail */ - while (p < q) p += enclen(reg->enc, p); - } - } --- -2.1.4 - -From 5416deec665db293ae25548828791453d776a6bf Mon Sep 17 00:00:00 2001 -From: Remi Collet <remi@php.net> -Date: Tue, 30 May 2017 15:39:21 +0200 -Subject: [PATCH] Patch from the upstream git - https://github.com/kkos/oniguruma/issues/59 (CVE-2017-9229) - b690371bbf97794b4a1d3f295d4fb9a8b05d402d Modified for onig 5.9.6 - -Thanks to Mamoru TASAKA <mtasaka@fedoraproject.org> ---- - ext/mbstring/oniguruma/regexec.c | 9 ++++++++- - 1 file changed, 8 insertions(+), 1 deletion(-) - -diff --git a/ext/mbstring/oniguruma/regexec.c b/ext/mbstring/oniguruma/regexec.c -index 97d5f32..42a31bd 100644 ---- a/ext/mbstring/oniguruma/regexec.c -+++ b/ext/mbstring/oniguruma/regexec.c -@@ -3205,7 +3205,13 @@ forward_search_range(regex_t* reg, const UChar* str, const UChar* end, UChar* s, - else { - if (reg->dmax != ONIG_INFINITE_DISTANCE) { - *low = p - reg->dmax; -- if (*low > s) { -+ if (p - str < reg->dmax) { -+ *low = (UChar* )str; -+ if (low_prev) -+ *low_prev = onigenc_get_prev_char_head(reg->enc, str, *low); -+ } -+ else { -+ if (*low > s) { - *low = onigenc_get_right_adjust_char_head_with_prev(reg->enc, s, - *low, (const UChar** )low_prev); - if (low_prev && IS_NULL(*low_prev)) -@@ -3218,6 +3224,7 @@ forward_search_range(regex_t* reg, const UChar* str, const UChar* end, UChar* s, - (pprev ? pprev : str), *low); - } - } -+ } - } - /* no needs to adjust *high, *high is used as range check only */ - *high = p - reg->dmin; --- -2.1.4 - -From 1c845d295037702d63097e2216b3c5db53f79273 Mon Sep 17 00:00:00 2001 -From: Remi Collet <remi@php.net> -Date: Tue, 30 May 2017 15:40:32 +0200 -Subject: [PATCH] Patch from the upstream git - https://github.com/kkos/oniguruma/issues/60 (CVE-2017-9228) - -Thanks to Mamoru TASAKA <mtasaka@fedoraproject.org> ---- - ext/mbstring/oniguruma/regparse.c | 4 +++- - 1 file changed, 3 insertions(+), 1 deletion(-) - -diff --git a/ext/mbstring/oniguruma/regparse.c b/ext/mbstring/oniguruma/regparse.c -index c6822e6..d2925f1 100644 ---- a/ext/mbstring/oniguruma/regparse.c -+++ b/ext/mbstring/oniguruma/regparse.c -@@ -4068,7 +4068,9 @@ next_state_class(CClassNode* cc, OnigCodePoint* vs, enum CCVALTYPE* type, - } - } - -- *state = CCS_VALUE; -+ if (*state != CCS_START) -+ *state = CCS_VALUE; -+ - *type = CCV_CLASS; - return 0; - } --- -2.1.4 - |