From bf7cc206f875007a2de195d299f4f5380c9a5cb0 Mon Sep 17 00:00:00 2001
From: naddy <naddy@openbsd.org>
Date: Mon, 22 Aug 2005 22:40:28 +0000
Subject: [PATCH] SECURITY: CAN-2005-2491,
 http://securitytracker.com/id?1014744 "A remote or local user may be able to
 supply a specially crafted regular expression to trigger a heap integer
 overflow in PCRE."

ok pvalchev@
---
 devel/pcre/Makefile             |  3 +-
 devel/pcre/patches/patch-pcre_c | 55 +++++++++++++++++++++++++++++++++
 2 files changed, 57 insertions(+), 1 deletion(-)
 create mode 100644 devel/pcre/patches/patch-pcre_c

diff --git a/devel/pcre/Makefile b/devel/pcre/Makefile
index cc09fa1d337..70e2b056d39 100644
--- a/devel/pcre/Makefile
+++ b/devel/pcre/Makefile
@@ -1,8 +1,9 @@
-# $OpenBSD: Makefile,v 1.13 2004/11/24 00:11:03 espie Exp $
+# $OpenBSD: Makefile,v 1.14 2005/08/22 22:40:28 naddy Exp $
 
 COMMENT=	"perl-compatible regular expression library"
 
 DISTNAME=	pcre-4.5
+PKGNAME=	${DISTNAME}p0
 CATEGORIES=	devel
 
 MASTER_SITES=	ftp://ftp.csx.cam.ac.uk/pub/software/programming/pcre/ \
diff --git a/devel/pcre/patches/patch-pcre_c b/devel/pcre/patches/patch-pcre_c
new file mode 100644
index 00000000000..88a69f761c9
--- /dev/null
+++ b/devel/pcre/patches/patch-pcre_c
@@ -0,0 +1,55 @@
+$OpenBSD: patch-pcre_c,v 1.1 2005/08/22 22:40:29 naddy Exp $
+--- pcre.c.orig	Wed Dec 10 17:45:44 2003
++++ pcre.c	Mon Aug 22 22:27:27 2005
+@@ -1047,14 +1047,30 @@ read_repeat_counts(const uschar *p, int 
+ int min = 0;
+ int max = -1;
+ 
++/* Read the minimum value and do a paranoid check: a negative value indicates
++an integer overflow. */
++
+ while ((digitab[*p] & ctype_digit) != 0) min = min * 10 + *p++ - '0';
++if (min < 0 || min > 65535)
++  {
++  *errorptr = ERR5;
++  return p;
++  }
+ 
++/* Read the maximum value if there is one, and again do a paranoid on its size.
++Also, max must not be less than min. */
++
+ if (*p == '}') max = min; else
+   {
+   if (*(++p) != '}')
+     {
+     max = 0;
+     while((digitab[*p] & ctype_digit) != 0) max = max * 10 + *p++ - '0';
++    if (max < 0 || max > 65535)
++      {
++      *errorptr = ERR5;
++      return p;
++      }
+     if (max < min)
+       {
+       *errorptr = ERR4;
+@@ -1063,16 +1079,11 @@ if (*p == '}') max = min; else
+     }
+   }
+ 
+-/* Do paranoid checks, then fill in the required variables, and pass back the
+-pointer to the terminating '}'. */
++/* Fill in the required variables, and pass back the pointer to the terminating
++'}'. */
+ 
+-if (min > 65535 || max > 65535)
+-  *errorptr = ERR5;
+-else
+-  {
+-  *minp = min;
+-  *maxp = max;
+-  }
++*minp = min;
++*maxp = max;
+ return p;
+ }
+