From 1304ec04e9c4f11b0e377e5588a3904da7149621 Mon Sep 17 00:00:00 2001 From: robert Date: Fri, 1 Apr 2016 18:15:11 +0000 Subject: [PATCH] add upstream fix for CVE-2016-3191. from jca@ --- devel/pcre/Makefile | 3 +- devel/pcre/patches/patch-pcre_compile_c | 59 ++++++++++++++++++++++++ devel/pcre/patches/patch-pcre_internal_h | 26 +++++++++++ devel/pcre/patches/patch-pcreposix_c | 27 +++++++++++ 4 files changed, 114 insertions(+), 1 deletion(-) create mode 100644 devel/pcre/patches/patch-pcre_compile_c create mode 100644 devel/pcre/patches/patch-pcre_internal_h create mode 100644 devel/pcre/patches/patch-pcreposix_c diff --git a/devel/pcre/Makefile b/devel/pcre/Makefile index 675ed258899..e267ded3e48 100644 --- a/devel/pcre/Makefile +++ b/devel/pcre/Makefile @@ -1,8 +1,9 @@ -# $OpenBSD: Makefile,v 1.61 2016/03/11 20:28:24 naddy Exp $ +# $OpenBSD: Makefile,v 1.62 2016/04/01 18:15:11 robert Exp $ COMMENT= perl-compatible regular expression library DISTNAME= pcre-8.38 +REVISION= 0 SHARED_LIBS += pcre 3.0 # 0.1 SHARED_LIBS += pcre16 0.0 # 0.0 diff --git a/devel/pcre/patches/patch-pcre_compile_c b/devel/pcre/patches/patch-pcre_compile_c new file mode 100644 index 00000000000..04d77874ec8 --- /dev/null +++ b/devel/pcre/patches/patch-pcre_compile_c @@ -0,0 +1,59 @@ +$OpenBSD: patch-pcre_compile_c,v 1.8 2016/04/01 18:15:11 robert Exp $ + +CVE-2016-3191 + + Upstream commit: http://vcs.pcre.org/pcre?view=revision&revision=1631 + +--- pcre_compile.c.orig Tue Mar 22 20:27:48 2016 ++++ pcre_compile.c Tue Mar 22 20:39:59 2016 +@@ -6,7 +6,7 @@ + and semantics are as close as possible to those of the Perl 5 language. + + Written by Philip Hazel +- Copyright (c) 1997-2014 University of Cambridge ++ Copyright (c) 1997-2016 University of Cambridge + + ----------------------------------------------------------------------------- + Redistribution and use in source and binary forms, with or without +@@ -560,6 +560,7 @@ static const char error_texts[] = + /* 85 */ + "parentheses are too deeply nested (stack check)\0" + "digits missing in \\x{} or \\o{}\0" ++ "regular expression is too complicated\0" + ; + + /* Table to identify digits and hex digits. This is used when compiling +@@ -4591,7 +4592,8 @@ for (;; ptr++) + if (code > cd->start_workspace + cd->workspace_size - + WORK_SIZE_SAFETY_MARGIN) /* Check for overrun */ + { +- *errorcodeptr = ERR52; ++ *errorcodeptr = (code >= cd->start_workspace + cd->workspace_size)? ++ ERR52 : ERR87; + goto FAILED; + } + +@@ -6604,8 +6606,21 @@ for (;; ptr++) + cd->had_accept = TRUE; + for (oc = cd->open_caps; oc != NULL; oc = oc->next) + { +- *code++ = OP_CLOSE; +- PUT2INC(code, 0, oc->number); ++ if (lengthptr != NULL) ++ { ++#ifdef COMPILE_PCRE8 ++ *lengthptr += 1 + IMM2_SIZE; ++#elif defined COMPILE_PCRE16 ++ *lengthptr += 2 + IMM2_SIZE; ++#elif defined COMPILE_PCRE32 ++ *lengthptr += 4 + IMM2_SIZE; ++#endif ++ } ++ else ++ { ++ *code++ = OP_CLOSE; ++ PUT2INC(code, 0, oc->number); ++ } + } + setverb = *code++ = + (cd->assert_depth > 0)? OP_ASSERT_ACCEPT : OP_ACCEPT; diff --git a/devel/pcre/patches/patch-pcre_internal_h b/devel/pcre/patches/patch-pcre_internal_h new file mode 100644 index 00000000000..1d09b700210 --- /dev/null +++ b/devel/pcre/patches/patch-pcre_internal_h @@ -0,0 +1,26 @@ +$OpenBSD: patch-pcre_internal_h,v 1.1 2016/04/01 18:15:11 robert Exp $ + +CVE-2016-3191 + + Upstream commit: http://vcs.pcre.org/pcre?view=revision&revision=1631 + +--- pcre_internal.h.orig Tue Mar 22 20:28:40 2016 ++++ pcre_internal.h Tue Mar 22 20:30:29 2016 +@@ -7,7 +7,7 @@ + and semantics are as close as possible to those of the Perl 5 language. + + Written by Philip Hazel +- Copyright (c) 1997-2014 University of Cambridge ++ Copyright (c) 1997-2016 University of Cambridge + + ----------------------------------------------------------------------------- + Redistribution and use in source and binary forms, with or without +@@ -2289,7 +2289,7 @@ enum { ERR0, ERR1, ERR2, ERR3, ERR4, ERR5, ERR6, + ERR50, ERR51, ERR52, ERR53, ERR54, ERR55, ERR56, ERR57, ERR58, ERR59, + ERR60, ERR61, ERR62, ERR63, ERR64, ERR65, ERR66, ERR67, ERR68, ERR69, + ERR70, ERR71, ERR72, ERR73, ERR74, ERR75, ERR76, ERR77, ERR78, ERR79, +- ERR80, ERR81, ERR82, ERR83, ERR84, ERR85, ERR86, ERRCOUNT }; ++ ERR80, ERR81, ERR82, ERR83, ERR84, ERR85, ERR86, ERR87, ERRCOUNT }; + + /* JIT compiling modes. The function list is indexed by them. */ + diff --git a/devel/pcre/patches/patch-pcreposix_c b/devel/pcre/patches/patch-pcreposix_c new file mode 100644 index 00000000000..1e136afb28f --- /dev/null +++ b/devel/pcre/patches/patch-pcreposix_c @@ -0,0 +1,27 @@ +$OpenBSD: patch-pcreposix_c,v 1.1 2016/04/01 18:15:11 robert Exp $ + +CVE-2016-3191 + + Upstream commit: http://vcs.pcre.org/pcre?view=revision&revision=1631 + +--- pcreposix.c.orig Tue Mar 22 20:27:39 2016 ++++ pcreposix.c Tue Mar 22 20:27:55 2016 +@@ -6,7 +6,7 @@ + and semantics are as close as possible to those of the Perl 5 language. + + Written by Philip Hazel +- Copyright (c) 1997-2014 University of Cambridge ++ Copyright (c) 1997-2016 University of Cambridge + + ----------------------------------------------------------------------------- + Redistribution and use in source and binary forms, with or without +@@ -173,7 +173,8 @@ static const int eint[] = { + REG_BADPAT, /* group name must start with a non-digit */ + /* 85 */ + REG_BADPAT, /* parentheses too deeply nested (stack check) */ +- REG_BADPAT /* missing digits in \x{} or \o{} */ ++ REG_BADPAT, /* missing digits in \x{} or \o{} */ ++ REG_BADPAT /* pattern too complicated */ + }; + + /* Table of texts corresponding to POSIX error codes */