Skip site navigation (1)Skip section navigation (2) 
Date:      Fri, 27 Apr 2012 20:10:52 GMT
From:      Ryan Steinmetz <zi@FreeBSD.org>
To:        freebsd-gnats-submit@FreeBSD.org
Subject:   ports/167375: [patch] devel/pcre to resolve buffer overflow
Message-ID:  <201204272010.q3RKAq7U021782@red.freebsd.org>
Resent-Message-ID: <201204272020.q3RKK7bF049018@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help 

>Number:         167375
>Category:       ports
>Synopsis:       [patch] devel/pcre to resolve buffer overflow
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    freebsd-ports-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          update
>Submitter-Id:   current-users
>Arrival-Date:   Fri Apr 27 20:20:07 UTC 2012
>Closed-Date:
>Last-Modified:
>Originator:     Ryan Steinmetz
>Release:        8.3-RELEASE
>Organization:
Rochester Institute of Technology
>Environment:
>Description:
http://bugs.exim.org/show_bug.cgi?id=1236#c2

I've run into this issue with snort.  The attached patch from the PCRE bug database should prevent this issue.

- Bump PORTREVISION
- Apply patch from upstream to resolve bug #1236
>How-To-Repeat:

>Fix:


Patch attached with submission follows:

Index: Makefile
===================================================================
RCS file: /home/ncvs/ports/devel/pcre/Makefile,v
retrieving revision 1.76
diff -u -r1.76 Makefile
--- Makefile	17 Feb 2012 13:18:12 -0000	1.76
+++ Makefile	27 Apr 2012 20:09:34 -0000
@@ -7,7 +7,7 @@
 
 PORTNAME=	pcre
 PORTVERSION=	8.30
-PORTREVISION=	1
+PORTREVISION=	2
 CATEGORIES=	devel
 MASTER_SITES=	ftp://ftp.csx.cam.ac.uk/pub/software/programming/%SUBDIR%/ \
 		ftp://ftp.fu-berlin.de/unix/misc/%SUBDIR%/ \
Index: files/patch-pcre_exec.c
===================================================================
RCS file: files/patch-pcre_exec.c
diff -N files/patch-pcre_exec.c
--- /dev/null	1 Jan 1970 00:00:00 -0000
+++ files/patch-pcre_exec.c	27 Apr 2012 20:08:11 -0000
@@ -0,0 +1,11 @@
+--- ./pcre_exec.c.orig	2012-04-27 16:07:31.000000000 -0400
++++ ./pcre_exec.c	2012-04-27 16:08:07.000000000 -0400
+@@ -6887,7 +6887,7 @@
+     {
+     register int *iptr, *iend;
+     int resetcount = 2 + re->top_bracket * 2;
+-    if (resetcount > offsetcount) resetcount = ocount;
++    if (resetcount > offsetcount) resetcount = offsetcount;
+     iptr = offsets + md->end_offset_top;
+     iend = offsets + resetcount;
+     while (iptr < iend) *iptr++ = -1;


>Release-Note:
>Audit-Trail:
>Unformatted:

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201204272010.q3RKAq7U021782>