© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
bbfa235
(Get the code!)
Message-ID: <email address hidden>
Date: Wed, 24 Aug 2005 21:04:50 +0200
From: Martin Schulze <email address hidden>
To: Martin Pitt <email address hidden>
Cc: <email address hidden>, <email address hidden>
Subject: Re: PCRE3: CAN-2005-2491 for oldstable
Martin Pitt wrote:
> Hi!
>
> Since I have to fix apache2 2.0.50 for Ubuntu, which still has an
> embedded pcre 3.x, I also took a look at the woody version. I took a
> look at the code and played with the test suite, and it seems to me
> that the capture part works ok; just the integer underflow must be
> fixed:
>
> --- pcre.c
> +++ pcre.c
> @@ -733,7 +733,7 @@
> /* Do paranoid checks, then fill in the required variables, and pass back the
> pointer to the terminating '}'. */
>
> -if (min > 65535 || max > 65535)
> +if (min < 0 || min > 65535 || max < 0 || max > 65535)
> *errorptr = ERR5;
> else
> {
>
> However, it would be nice to have a second pair of eyes to confirm
> that this version is not vulnerable to the capturing overflow.
Confirmed. Named subpatterns are not available in the 3.* version,
so they don't need to be fixed.
Regards,
Joey
--
It's time to close the windows.