[Python-checkins] python/dist/src/Modules pypcre.c, 2.25.16.1, 2.25.16.2
akuchling@users.sourceforge.net
akuchling at users.sourceforge.net
Wed Aug 31 14:55:32 CEST 2005
Update of /cvsroot/python/python/dist/src/Modules
In directory sc8-pr-cvs1.sourceforge.net:/tmp/cvs-serv12325
Modified Files:
Tag: release23-maint
pypcre.c
Log Message:
Apply fix for potential heap overflow in PCRE code (CAN-2005-2491)
Index: pypcre.c
===================================================================
RCS file: /cvsroot/python/python/dist/src/Modules/Attic/pypcre.c,v
retrieving revision 2.25.16.1
retrieving revision 2.25.16.2
diff -u -d -r2.25.16.1 -r2.25.16.2
--- pypcre.c 20 Oct 2003 14:34:47 -0000 2.25.16.1
+++ pypcre.c 31 Aug 2005 12:55:21 -0000 2.25.16.2
@@ -1163,7 +1163,18 @@
int min = 0;
int max = -1;
+/* Read the minimum value and do a paranoid check: a negative value indicates
+an integer overflow. */
+
while ((pcre_ctypes[*p] & ctype_digit) != 0) min = min * 10 + *p++ - '0';
+if (min < 0 || min > 65535)
+ {
+ *errorptr = ERR5;
+ return p;
+ }
+
+/* Read the maximum value if there is one, and again do a paranoid check
+on its size. Also, max must not be less than min. */
if (*p == '}') max = min; else
{
@@ -1171,6 +1182,11 @@
{
max = 0;
while((pcre_ctypes[*p] & ctype_digit) != 0) max = max * 10 + *p++ - '0';
+ if (max < 0 || max > 65535)
+ {
+ *errorptr = ERR5;
+ return p;
+ }
if (max < min)
{
*errorptr = ERR4;
@@ -1179,16 +1195,11 @@
}
}
-/* Do paranoid checks, then fill in the required variables, and pass back the
-pointer to the terminating '}'. */
+/* Fill in the required variables, and pass back the pointer to the terminating
+'}'. */
-if (min > 65535 || max > 65535)
- *errorptr = ERR5;
-else
- {
- *minp = min;
- *maxp = max;
- }
+*minp = min;
+*maxp = max;
return p;
}
More information about the Python-checkins
mailing list