summaryrefslogtreecommitdiffstats
path: root/meta/recipes-support
diff options
context:
space:
mode:
authorIsmo Puustinen <ismo.puustinen@intel.com>2016-05-04 16:06:46 +0300
committerRichard Purdie <richard.purdie@linuxfoundation.org>2016-09-23 23:22:03 +0100
commit75e6b3b57b443b2dc39df5f19aafe4176c54e679 (patch)
treee15f4dc0636ee8da05b7dee130687c2a862e6326 /meta/recipes-support
parentcb5dd8d314db8b1a383c4535a518d0451b7c8e10 (diff)
downloadpoky-75e6b3b57b443b2dc39df5f19aafe4176c54e679.tar.gz
libpcre: Fix CVE-2016-3191
Fix workspace overflow for (*ACCEPT) with deeply nested parentheses. The patch is from libpcre version control at http://vcs.pcre.org/pcre?view=revision&revision=1631 with the ChangeLog part removed. Original author is Philip Hazel. (From OE-Core rev: 249cc163e7a16f307e8b94a7b449cd3e93cc6b15) Signed-off-by: Ismo Puustinen <ismo.puustinen@intel.com> Signed-off-by: Ross Burton <ross.burton@intel.com> (cherry picked from commit 386534f968f4da376ba7778b5d436bad4ce8355b) Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Diffstat (limited to 'meta/recipes-support')
-rw-r--r--meta/recipes-support/libpcre/libpcre/CVE-2016-3191.patch174
-rw-r--r--meta/recipes-support/libpcre/libpcre_8.38.bb1
2 files changed, 175 insertions, 0 deletions
diff --git a/meta/recipes-support/libpcre/libpcre/CVE-2016-3191.patch b/meta/recipes-support/libpcre/libpcre/CVE-2016-3191.patch
new file mode 100644
index 0000000000..ba8cbfdbef
--- /dev/null
+++ b/meta/recipes-support/libpcre/libpcre/CVE-2016-3191.patch
@@ -0,0 +1,174 @@
1From 568fcc16a0a335250aee06a104fc5df98d2a8779 Mon Sep 17 00:00:00 2001
2From: Ismo Puustinen <ismo.puustinen@intel.com>
3Date: Wed, 4 May 2016 15:43:22 +0300
4Subject: [PATCH] Fix workspace overflow for (*ACCEPT) with deeply nested
5 parentheses.
6
7The patch is from libpcre version control at
8http://vcs.pcre.org/pcre?view=revision&revision=1631 with the ChangeLog
9part removed. Original author is Philip Hazel.
10
11Upstream-Status: Accepted [8.39]
12CVE: CVE-2016-3191
13
14Signed-off-by: Ismo Puustinen <ismo.puustinen@intel.com>
15---
16 pcre_compile.c | 23 +++++++++++++++++++----
17 pcre_internal.h | 4 ++--
18 pcreposix.c | 5 +++--
19 testdata/testinput11 | 2 ++
20 testdata/testoutput11-16 | 3 +++
21 testdata/testoutput11-32 | 3 +++
22 testdata/testoutput11-8 | 3 +++
23 7 files changed, 35 insertions(+), 8 deletions(-)
24
25diff --git a/pcre_compile.c b/pcre_compile.c
26index 4d3b313..1bc2b7f 100644
27--- a/pcre_compile.c
28+++ b/pcre_compile.c
29@@ -6,7 +6,7 @@
30 and semantics are as close as possible to those of the Perl 5 language.
31
32 Written by Philip Hazel
33- Copyright (c) 1997-2014 University of Cambridge
34+ Copyright (c) 1997-2016 University of Cambridge
35
36 -----------------------------------------------------------------------------
37 Redistribution and use in source and binary forms, with or without
38@@ -560,6 +560,7 @@ static const char error_texts[] =
39 /* 85 */
40 "parentheses are too deeply nested (stack check)\0"
41 "digits missing in \\x{} or \\o{}\0"
42+ "regular expression is too complicated\0"
43 ;
44
45 /* Table to identify digits and hex digits. This is used when compiling
46@@ -4591,7 +4592,8 @@ for (;; ptr++)
47 if (code > cd->start_workspace + cd->workspace_size -
48 WORK_SIZE_SAFETY_MARGIN) /* Check for overrun */
49 {
50- *errorcodeptr = ERR52;
51+ *errorcodeptr = (code >= cd->start_workspace + cd->workspace_size)?
52+ ERR52 : ERR87;
53 goto FAILED;
54 }
55
56@@ -6604,8 +6606,21 @@ for (;; ptr++)
57 cd->had_accept = TRUE;
58 for (oc = cd->open_caps; oc != NULL; oc = oc->next)
59 {
60- *code++ = OP_CLOSE;
61- PUT2INC(code, 0, oc->number);
62+ if (lengthptr != NULL)
63+ {
64+#ifdef COMPILE_PCRE8
65+ *lengthptr += 1 + IMM2_SIZE;
66+#elif defined COMPILE_PCRE16
67+ *lengthptr += 2 + IMM2_SIZE;
68+#elif defined COMPILE_PCRE32
69+ *lengthptr += 4 + IMM2_SIZE;
70+#endif
71+ }
72+ else
73+ {
74+ *code++ = OP_CLOSE;
75+ PUT2INC(code, 0, oc->number);
76+ }
77 }
78 setverb = *code++ =
79 (cd->assert_depth > 0)? OP_ASSERT_ACCEPT : OP_ACCEPT;
80diff --git a/pcre_internal.h b/pcre_internal.h
81index f7a5ee7..dbfe80e 100644
82--- a/pcre_internal.h
83+++ b/pcre_internal.h
84@@ -7,7 +7,7 @@
85 and semantics are as close as possible to those of the Perl 5 language.
86
87 Written by Philip Hazel
88- Copyright (c) 1997-2014 University of Cambridge
89+ Copyright (c) 1997-2016 University of Cambridge
90
91 -----------------------------------------------------------------------------
92 Redistribution and use in source and binary forms, with or without
93@@ -2289,7 +2289,7 @@ enum { ERR0, ERR1, ERR2, ERR3, ERR4, ERR5, ERR6, ERR7, ERR8, ERR9,
94 ERR50, ERR51, ERR52, ERR53, ERR54, ERR55, ERR56, ERR57, ERR58, ERR59,
95 ERR60, ERR61, ERR62, ERR63, ERR64, ERR65, ERR66, ERR67, ERR68, ERR69,
96 ERR70, ERR71, ERR72, ERR73, ERR74, ERR75, ERR76, ERR77, ERR78, ERR79,
97- ERR80, ERR81, ERR82, ERR83, ERR84, ERR85, ERR86, ERRCOUNT };
98+ ERR80, ERR81, ERR82, ERR83, ERR84, ERR85, ERR86, ERR87, ERRCOUNT };
99
100 /* JIT compiling modes. The function list is indexed by them. */
101
102diff --git a/pcreposix.c b/pcreposix.c
103index f024423..5736c65 100644
104--- a/pcreposix.c
105+++ b/pcreposix.c
106@@ -6,7 +6,7 @@
107 and semantics are as close as possible to those of the Perl 5 language.
108
109 Written by Philip Hazel
110- Copyright (c) 1997-2014 University of Cambridge
111+ Copyright (c) 1997-2016 University of Cambridge
112
113 -----------------------------------------------------------------------------
114 Redistribution and use in source and binary forms, with or without
115@@ -173,7 +173,8 @@ static const int eint[] = {
116 REG_BADPAT, /* group name must start with a non-digit */
117 /* 85 */
118 REG_BADPAT, /* parentheses too deeply nested (stack check) */
119- REG_BADPAT /* missing digits in \x{} or \o{} */
120+ REG_BADPAT, /* missing digits in \x{} or \o{} */
121+ REG_BADPAT /* pattern too complicated */
122 };
123
124 /* Table of texts corresponding to POSIX error codes */
125diff --git a/testdata/testinput11 b/testdata/testinput11
126index ac9d228..6f0989a 100644
127--- a/testdata/testinput11
128+++ b/testdata/testinput11
129@@ -138,4 +138,6 @@ is required for these tests. --/
130
131 /.((?2)(?R)\1)()/B
132
133+/([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00](*ACCEPT)/
134+
135 /-- End of testinput11 --/
136diff --git a/testdata/testoutput11-16 b/testdata/testoutput11-16
137index 9a0a12d..6e8ff4c 100644
138--- a/testdata/testoutput11-16
139+++ b/testdata/testoutput11-16
140@@ -765,4 +765,7 @@ Memory allocation (code space): 14
141 25 End
142 ------------------------------------------------------------------
143
144+/([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00](*ACCEPT)/
145+Failed: regular expression is too complicated at offset 490
146+
147 /-- End of testinput11 --/
148diff --git a/testdata/testoutput11-32 b/testdata/testoutput11-32
149index 57e5da0..710646b 100644
150--- a/testdata/testoutput11-32
151+++ b/testdata/testoutput11-32
152@@ -765,4 +765,7 @@ Memory allocation (code space): 28
153 25 End
154 ------------------------------------------------------------------
155
156+/([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00](*ACCEPT)/
157+Failed: missing ) at offset 509
158+
159 /-- End of testinput11 --/
160diff --git a/testdata/testoutput11-8 b/testdata/testoutput11-8
161index 748548a..173fc33 100644
162--- a/testdata/testoutput11-8
163+++ b/testdata/testoutput11-8
164@@ -765,4 +765,7 @@ Memory allocation (code space): 10
165 38 End
166 ------------------------------------------------------------------
167
168+/([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00](*ACCEPT)/
169+Failed: missing ) at offset 509
170+
171 /-- End of testinput11 --/
172--
1732.5.5
174
diff --git a/meta/recipes-support/libpcre/libpcre_8.38.bb b/meta/recipes-support/libpcre/libpcre_8.38.bb
index c5676073e8..f258fe9b74 100644
--- a/meta/recipes-support/libpcre/libpcre_8.38.bb
+++ b/meta/recipes-support/libpcre/libpcre_8.38.bb
@@ -10,6 +10,7 @@ LIC_FILES_CHKSUM = "file://LICENCE;md5=7e4937814aee14758c1c95b59c80c44d"
10SRC_URI = "${SOURCEFORGE_MIRROR}/project/pcre/pcre/${PV}/pcre-${PV}.tar.bz2 \ 10SRC_URI = "${SOURCEFORGE_MIRROR}/project/pcre/pcre/${PV}/pcre-${PV}.tar.bz2 \
11 file://pcre-cross.patch \ 11 file://pcre-cross.patch \
12 file://fix-pcre-name-collision.patch \ 12 file://fix-pcre-name-collision.patch \
13 file://CVE-2016-3191.patch \
13 file://run-ptest \ 14 file://run-ptest \
14 file://Makefile \ 15 file://Makefile \
15" 16"