Since I have to fix apache2 2.0.50 for Ubuntu, which still has an
embedded pcre 3.x, I also took a look at the woody version. I took a
look at the code and played with the test suite, and it seems to me
that the capture part works ok; just the integer underflow must be
fixed:
--- pcre.c
+++ pcre.c
@@ -733,7 +733,7 @@
/* Do paranoid checks, then fill in the required variables, and pass back the
pointer to the terminating '}'. */
-if (min > 65535 || max > 65535)
+if (min < 0 || min > 65535 || max < 0 || max > 65535)
*errorptr = ERR5;
else
{
However, it would be nice to have a second pair of eyes to confirm
that this version is not vulnerable to the capturing overflow.
Hi!
Since I have to fix apache2 2.0.50 for Ubuntu, which still has an
embedded pcre 3.x, I also took a look at the woody version. I took a
look at the code and played with the test suite, and it seems to me
that the capture part works ok; just the integer underflow must be
fixed:
--- pcre.c
+++ pcre.c
@@ -733,7 +733,7 @@
/* Do paranoid checks, then fill in the required variables, and pass back the
pointer to the terminating '}'. */
-if (min > 65535 || max > 65535)
+if (min < 0 || min > 65535 || max < 0 || max > 65535)
*errorptr = ERR5;
else
{
However, it would be nice to have a second pair of eyes to confirm
that this version is not vulnerable to the capturing overflow.
Thanks,
Martin www.piware. de www.ubuntu. com www.debian. org
--
Martin Pitt http://
Ubuntu Developer http://
Debian Developer http://