Blame - import-layers/yocto-poky/meta/recipes-devtools/ruby/ruby/ruby-CVE-2017-9229.patch - openbmc/openbmc

blob: 6e765bf6dc0717439d60cefff868770218c02190 [file] [log] [blame]

Brad Bishop	6e60e8b	2018-02-01 10:27:11 -0500	[diff] [blame]	1	From b690371bbf97794b4a1d3f295d4fb9a8b05d402d Mon Sep 17 00:00:00 2001
				2	From: "K.Kosako" <kosako@sofnec.co.jp>
				3	Date: Wed, 24 May 2017 10:27:04 +0900
				4	Subject: [PATCH] fix #59 : access to invalid address by reg->dmax value
				5
				6	---
				7	regexec.c \| 27 +++++++++++++++++----------
				8	1 file changed, 17 insertions(+), 10 deletions(-)
				9
				10	--- end of original header
				11
				12	CVE: CVE-2017-9229
				13
				14	Upstream-Status: Inappropriate [not author]
				15	Signed-off-by: Joe Slater <joe.slater@windriver.com>
				16
				17	diff --git a/regexec.c b/regexec.c
				18	index 49bcc50..c0626ef 100644
				19	--- a/regexec.c
				20	+++ b/regexec.c
				21	@@ -3756,18 +3756,25 @@ forward_search_range(regex_t* reg, const
				22	}
				23	else {
				24	if (reg->dmax != ONIG_INFINITE_DISTANCE) {
				25	- *low = p - reg->dmax;
				26	- if (*low > s) {
				27	- *low = onigenc_get_right_adjust_char_head_with_prev(reg->enc, s,
				28	- low, end, (const UChar* )low_prev);
				29	- if (low_prev && IS_NULL(*low_prev))
				30	- *low_prev = onigenc_get_prev_char_head(reg->enc,
				31	- (pprev ? pprev : s), *low, end);
				32	+ if (p - str < reg->dmax) {
				33	+ low = (UChar )str;
				34	+ if (low_prev)
				35	+ low_prev = onigenc_get_prev_char_head(reg->enc, str, low, end);
				36	}
				37	else {
				38	- if (low_prev)
				39	- *low_prev = onigenc_get_prev_char_head(reg->enc,
				40	- (pprev ? pprev : str), *low, end);
				41	+ *low = p - reg->dmax;
				42	+ if (*low > s) {
				43	+ *low = onigenc_get_right_adjust_char_head_with_prev(reg->enc, s,
				44	+ low, end, (const UChar* )low_prev);
				45	+ if (low_prev && IS_NULL(*low_prev))
				46	+ *low_prev = onigenc_get_prev_char_head(reg->enc,
				47	+ (pprev ? pprev : s), *low, end);
				48	+ }
				49	+ else {
				50	+ if (low_prev)
				51	+ *low_prev = onigenc_get_prev_char_head(reg->enc,
				52	+ (pprev ? pprev : str), *low, end);
				53	+ }
				54	}
				55	}
				56	}
				57	--
				58	1.7.9.5
				59