SECURITY FIX for SA39738

PCRE "compile_branch()" Buffer Overflow Vulnerability.

ok jakob@ (MAINTAINER)

devel/pcre/Makefile

@@ -1,8 +1,9 @@
-# $OpenBSD: Makefile,v 1.31 2009/05/06 19:28:54 jakob Exp $
+# $OpenBSD: Makefile,v 1.32 2010/05/09 21:37:53 jasper Exp $
 
 COMMENT=	perl-compatible regular expression library
 
 DISTNAME=	pcre-7.9
+PKGNAME=	${DISTNAME}p0
 
 SHARED_LIBS=	pcre		2.3 \
 		pcrecpp		3.2 \

devel/pcre/patches/patch-pcre_compile_c

@@ -0,0 +1,36 @@
+$OpenBSD: patch-pcre_compile_c,v 1.3 2010/05/09 21:37:53 jasper Exp $
+
+Security fix for SA39738
+PCRE "compile_branch()" Buffer Overflow Vulnerability.
+
+--- pcre_compile.c.orig	Sun May  9 23:16:11 2010
++++ pcre_compile.c	Sun May  9 23:17:03 2010
+@@ -91,6 +91,10 @@ is 4 there is plenty of room. */
+ 
+ #define COMPILE_WORK_SIZE (4096)
+ 
++/* The overrun tests check for a slightly smaller size so that they detect the
++overrun before it actually does run off the end of the data block. */
++ 
++#define WORK_SIZE_CHECK (COMPILE_WORK_SIZE - 100)
+ 
+ /* Table for handling escaped characters in the range '0'-'z'. Positive returns
+ are simple data values; negative values are for special things like \d and so
+@@ -2674,7 +2678,7 @@ for (;; ptr++)
+ #ifdef DEBUG
+     if (code > cd->hwm) cd->hwm = code;                 /* High water info */
+ #endif
+-    if (code > cd->start_workspace + COMPILE_WORK_SIZE) /* Check for overrun */
++    if (code > cd->start_workspace + WORK_SIZE_CHECK) /* Check for overrun */
+       {
+       *errorcodeptr = ERR52;
+       goto FAILED;
+@@ -2723,7 +2727,7 @@ for (;; ptr++)
+   /* In the real compile phase, just check the workspace used by the forward
+   reference list. */
+ 
+-  else if (cd->hwm > cd->start_workspace + COMPILE_WORK_SIZE)
++  else if (cd->hwm > cd->start_workspace + WORK_SIZE_CHECK)
+     {
+     *errorcodeptr = ERR52;
+     goto FAILED;