| Brad Bishop | 6e60e8b | 2018-02-01 10:27:11 -0500 | [diff] [blame] | 1 | From b4bf968ad52afe14e60a2dc8a95d3555c543353a Mon Sep 17 00:00:00 2001 |
| 2 | From: "K.Kosako" <kosako@sofnec.co.jp> |
| 3 | Date: Thu, 18 May 2017 17:05:27 +0900 |
| 4 | Subject: [PATCH] fix #55 : check too big code point value for single byte |
| 5 | value in next_state_val() |
| 6 | |
| 7 | --- |
| 8 | regparse.c | 3 +++ |
| 9 | 1 file changed, 3 insertions(+) |
| 10 | |
| 11 | --- end of original header |
| 12 | |
| 13 | CVE: CVE-2017-9226 |
| 14 | |
| 15 | Add check for octal number bigger than 255. |
| 16 | |
| 17 | Upstream-Status: Pending |
| 18 | Signed-off-by: Joe Slater <joe.slater@windriver.com> |
| 19 | |
| 20 | |
| 21 | --- ruby-2.4.1.orig/regparse.c |
| 22 | +++ ruby-2.4.1/regparse.c |
| Brad Bishop | 6e60e8b | 2018-02-01 10:27:11 -0500 | [diff] [blame] | 23 | @@ -4450,6 +4450,9 @@ next_state_val(CClassNode* cc, CClassNod |
| 24 | switch (*state) { |
| 25 | case CCS_VALUE: |
| 26 | if (*type == CCV_SB) { |
| Brad Bishop | 316dfdd | 2018-06-25 12:45:53 -0400 | [diff] [blame] | 27 | + if (*from > 0xff) |
| Brad Bishop | 6e60e8b | 2018-02-01 10:27:11 -0500 | [diff] [blame] | 28 | + return ONIGERR_INVALID_CODE_POINT_VALUE; |
| 29 | + |
| Brad Bishop | 316dfdd | 2018-06-25 12:45:53 -0400 | [diff] [blame] | 30 | BITSET_SET_BIT_CHKDUP(cc->bs, (int )(*from)); |
| Brad Bishop | 6e60e8b | 2018-02-01 10:27:11 -0500 | [diff] [blame] | 31 | if (IS_NOT_NULL(asc_cc)) |
| Brad Bishop | 316dfdd | 2018-06-25 12:45:53 -0400 | [diff] [blame] | 32 | BITSET_SET_BIT(asc_cc->bs, (int )(*from)); |