diff options
author | Erlang/OTP <otp@erlang.org> | 2010-02-12 09:39:42 +0000 |
---|---|---|
committer | Erlang/OTP <otp@erlang.org> | 2010-02-12 09:39:42 +0000 |
commit | b14ca0fae3dcb3add0f5da7b194fdfc2b0e5f7f8 (patch) | |
tree | bd7561efb38ace7cbd815d810ff84039bf73f8a4 /erts | |
parent | 61489ddbe608e1fe7bd2301c55c6446f14e94cd9 (diff) | |
parent | bb6370a20be07e6bd0c9f6e89a3cd9719dccbfd3 (diff) | |
download | otp-b14ca0fae3dcb3add0f5da7b194fdfc2b0e5f7f8.tar.gz otp-b14ca0fae3dcb3add0f5da7b194fdfc2b0e5f7f8.tar.bz2 otp-b14ca0fae3dcb3add0f5da7b194fdfc2b0e5f7f8.zip |
Merge branch 'ms/pcre-security' into ccase/r13b04_dev
* ms/pcre-security:
Fix CVE-2008-2371 (outer level option with alternatives caused crash).
OTP-8438 The re module: A regular expression with an option change at the
start of a pattern that had top-level alternatives could cause
overwriting and/or a crash. (Thanks to Michael Santos.)
Diffstat (limited to 'erts')
-rw-r--r-- | erts/emulator/pcre/pcre_compile.c | 21 |
1 files changed, 9 insertions, 12 deletions
diff --git a/erts/emulator/pcre/pcre_compile.c b/erts/emulator/pcre/pcre_compile.c index 235617fc06..29743362d4 100644 --- a/erts/emulator/pcre/pcre_compile.c +++ b/erts/emulator/pcre/pcre_compile.c @@ -4820,10 +4820,8 @@ we set the flag only if there is a literal "\r" or "\n" in the class. */ both phases. If we are not at the pattern start, compile code to change the ims - options if this setting actually changes any of them. We also pass the - new setting back so that it can be put at the start of any following - branches, and when this group ends (if we are in a group), a resetting - item can be compiled. */ + options if this setting actually changes any of them, and reset the + greedy defaults and the case value for firstbyte and reqbyte. */ if (*ptr == ')') { @@ -4831,7 +4829,6 @@ we set the flag only if there is a literal "\r" or "\n" in the class. */ (lengthptr == NULL || *lengthptr == 2 + 2*LINK_SIZE)) { cd->external_options = newoptions; - options = newoptions; } else { @@ -4840,17 +4837,17 @@ we set the flag only if there is a literal "\r" or "\n" in the class. */ *code++ = OP_OPT; *code++ = newoptions & PCRE_IMS; } - - /* Change options at this level, and pass them back for use - in subsequent branches. Reset the greedy defaults and the case - value for firstbyte and reqbyte. */ - - *optionsptr = options = newoptions; greedy_default = ((newoptions & PCRE_UNGREEDY) != 0); greedy_non_default = greedy_default ^ 1; - req_caseopt = ((options & PCRE_CASELESS) != 0)? REQ_CASELESS : 0; + req_caseopt = ((newoptions & PCRE_CASELESS) != 0)? REQ_CASELESS : 0; } + /* Change options at this level, and pass them back for use + in subsequent branches. When not at the start of the pattern, this + information is also necessary so that a resetting item can be + compiled at the end of a group (if we are in a group). */ + + *optionsptr = options = newoptions; previous = NULL; /* This item can't be repeated */ continue; /* It is complete */ } |