diff options
Diffstat (limited to 'recipes/perl/perl-5.10.1/trie-logic-match.diff')
-rw-r--r-- | recipes/perl/perl-5.10.1/trie-logic-match.diff | 111 |
1 files changed, 111 insertions, 0 deletions
diff --git a/recipes/perl/perl-5.10.1/trie-logic-match.diff b/recipes/perl/perl-5.10.1/trie-logic-match.diff new file mode 100644 index 0000000000..b64457649a --- /dev/null +++ b/recipes/perl/perl-5.10.1/trie-logic-match.diff @@ -0,0 +1,111 @@ +From: Eugene V. Lyubimkin <jackyf@debian.org> +Subject: Fix a DoS in Unicode processing [CVE-2009-3626] +Bug-Debian: http://bugs.debian.org/552291 +Bug: http://rt.perl.org/rt3/Public/Bug/Display.html?id=69973 +Origin: upstream, http://perl5.git.perl.org/perl.git/commit/0abd0d78a73da1c4d13b1c700526b7e5d03b32d4. + +Resolves segmentation fault in some tricky tainted non-UTF-8 matches. + +Signed-off-by: Eugene V. Lyubimkin <jackyf@debian.org> + +--- + ext/re/t/regop.t | 12 ++++++------ + regcomp.c | 17 +++++++++++------ + regexec.c | 9 ++------- + 3 files changed, 19 insertions(+), 19 deletions(-) + +diff --git a/ext/re/t/regop.t b/ext/re/t/regop.t +index 7fe7b20..f111b91 100755 +--- a/ext/re/t/regop.t ++++ b/ext/re/t/regop.t +@@ -233,12 +233,12 @@ anchored "ABC" at 0 + #Freeing REx: "(\\.COM|\\.EXE|\\.BAT|\\.CMD|\\.VBS|\\.VBE|\\.JS|\\.JSE|\\."...... + %MATCHED% + floating ""$ at 3..4 (checking floating) +-1:1[1] 3:2[1] 5:2[64] 45:83[1] 47:84[1] 48:85[0] +-stclass EXACTF <.> minlen 3 +-Found floating substr ""$ at offset 30... +-Does not contradict STCLASS... +-Guessed: match at offset 26 +-Matching stclass EXACTF <.> against ".exe" ++#1:1[1] 3:2[1] 5:2[64] 45:83[1] 47:84[1] 48:85[0] ++#stclass EXACTF <.> minlen 3 ++#Found floating substr ""$ at offset 30... ++#Does not contradict STCLASS... ++#Guessed: match at offset 26 ++#Matching stclass EXACTF <.> against ".exe" + --- + #Compiling REx "[q]" + #size 12 nodes Got 100 bytes for offset annotations. +diff --git a/regcomp.c b/regcomp.c +index 49e69b2..b7fb032 100644 +--- a/regcomp.c ++++ b/regcomp.c +@@ -2820,13 +2820,18 @@ S_study_chunk(pTHX_ RExC_state_t *pRExC_state, regnode **scanp, + } + } else { + /* +- Currently we assume that the trie can handle unicode and ascii +- matches fold cased matches. If this proves true then the following +- define will prevent tries in this situation. +- +- #define TRIE_TYPE_IS_SAFE (UTF || optype==EXACT) +-*/ ++ Currently we do not believe that the trie logic can ++ handle case insensitive matching properly when the ++ pattern is not unicode (thus forcing unicode semantics). ++ ++ If/when this is fixed the following define can be swapped ++ in below to fully enable trie logic. ++ + #define TRIE_TYPE_IS_SAFE 1 ++ ++*/ ++#define TRIE_TYPE_IS_SAFE (UTF || optype==EXACT) ++ + if ( last && TRIE_TYPE_IS_SAFE ) { + make_trie( pRExC_state, + startbranch, first, cur, tail, count, +diff --git a/regexec.c b/regexec.c +index 7a42c4f..32994de 100644 +--- a/regexec.c ++++ b/regexec.c +@@ -1006,16 +1006,15 @@ Perl_re_intuit_start(pTHX_ REGEXP * const prog, SV *sv, char *strpos, + + #define REXEC_TRIE_READ_CHAR(trie_type, trie, widecharmap, uc, uscan, len, \ + uvc, charid, foldlen, foldbuf, uniflags) STMT_START { \ +- UV uvc_unfolded = 0; \ + switch (trie_type) { \ + case trie_utf8_fold: \ + if ( foldlen>0 ) { \ +- uvc_unfolded = uvc = utf8n_to_uvuni( uscan, UTF8_MAXLEN, &len, uniflags ); \ ++ uvc = utf8n_to_uvuni( uscan, UTF8_MAXLEN, &len, uniflags ); \ + foldlen -= len; \ + uscan += len; \ + len=0; \ + } else { \ +- uvc_unfolded = uvc = utf8n_to_uvuni( (U8*)uc, UTF8_MAXLEN, &len, uniflags ); \ ++ uvc = utf8n_to_uvuni( (U8*)uc, UTF8_MAXLEN, &len, uniflags ); \ + uvc = to_uni_fold( uvc, foldbuf, &foldlen ); \ + foldlen -= UNISKIP( uvc ); \ + uscan = foldbuf + UNISKIP( uvc ); \ +@@ -1041,7 +1040,6 @@ uvc, charid, foldlen, foldbuf, uniflags) STMT_START { \ + uvc = (UV)*uc; \ + len = 1; \ + } \ +- \ + if (uvc < 256) { \ + charid = trie->charmap[ uvc ]; \ + } \ +@@ -1054,9 +1052,6 @@ uvc, charid, foldlen, foldbuf, uniflags) STMT_START { \ + charid = (U16)SvIV(*svpp); \ + } \ + } \ +- if (!charid && trie_type == trie_utf8_fold && !UTF) { \ +- charid = trie->charmap[uvc_unfolded]; \ +- } \ + } STMT_END + + #define REXEC_FBC_EXACTISH_CHECK(CoNd) \ +-- +tg: (daf8b46..) fixes/trie-logic-match (depends on: upstream) |