[people/pmueller/ipfire-2.x.git] / src / patches / pcre-4.5-CAN-2005-2491.patch

--- pcre-4.5/pcre.c.tn	2003-12-10 17:45:44.000000000 +0100
+++ pcre-4.5/pcre.c	2005-08-19 15:11:17.000000000 +0200
@@ -1047,7 +1047,18 @@
 int min = 0;
 int max = -1;
 
+/* Read the minimum value and do a paranoid check: a negative value indicates
+an integer overflow. */
+
 while ((digitab[*p] & ctype_digit) != 0) min = min * 10 + *p++ - '0';
+if (min < 0 || min > 65535)
+  {
+  *errorptr = ERR5;
+  return p;
+  }
+
+/* Read the maximum value if there is one, and again do a paranoid on its size.
+Also, max must not be less than min. */
 
 if (*p == '}') max = min; else
   {
@@ -1055,6 +1066,11 @@
     {
     max = 0;
     while((digitab[*p] & ctype_digit) != 0) max = max * 10 + *p++ - '0';
+    if (max < 0 || max > 65535)
+      {
+      *errorptr = ERR5;
+      return p;
+      }
     if (max < min)
       {
       *errorptr = ERR4;
@@ -1063,16 +1079,11 @@
     }
   }
 
-/* Do paranoid checks, then fill in the required variables, and pass back the
-pointer to the terminating '}'. */
+/* Fill in the required variables, and pass back the pointer to the terminating
+'}'. */
 
-if (min > 65535 || max > 65535)
-  *errorptr = ERR5;
-else
-  {
-  *minp = min;
-  *maxp = max;
-  }
+*minp = min;
+*maxp = max;
 return p;
 }
Commit	Line	Data
cd1a2927 MT	1	--- pcre-4.5/pcre.c.tn 2003-12-10 17:45:44.000000000 +0100
	2	+++ pcre-4.5/pcre.c 2005-08-19 15:11:17.000000000 +0200
	3	@@ -1047,7 +1047,18 @@
	4	int min = 0;
	5	int max = -1;
	6
	7	+/* Read the minimum value and do a paranoid check: a negative value indicates
	8	+an integer overflow. */
	9	+
	10	while ((digitab[p] & ctype_digit) != 0) min = min 10 + *p++ - '0';
	11	+if (min < 0 \|\| min > 65535)
	12	+ {
	13	+ *errorptr = ERR5;
	14	+ return p;
	15	+ }
	16	+
	17	+/* Read the maximum value if there is one, and again do a paranoid on its size.
	18	+Also, max must not be less than min. */
	19
	20	if (*p == '}') max = min; else
	21	{
	22	@@ -1055,6 +1066,11 @@
	23	{
	24	max = 0;
	25	while((digitab[p] & ctype_digit) != 0) max = max 10 + *p++ - '0';
	26	+ if (max < 0 \|\| max > 65535)
	27	+ {
	28	+ *errorptr = ERR5;
	29	+ return p;
	30	+ }
	31	if (max < min)
	32	{
	33	*errorptr = ERR4;
	34	@@ -1063,16 +1079,11 @@
	35	}
	36	}
	37
	38	-/* Do paranoid checks, then fill in the required variables, and pass back the
	39	-pointer to the terminating '}'. */
	40	+/* Fill in the required variables, and pass back the pointer to the terminating
	41	+'}'. */
	42
	43	-if (min > 65535 \|\| max > 65535)
	44	- *errorptr = ERR5;
	45	-else
	46	- {
	47	- *minp = min;
	48	- *maxp = max;
	49	- }
	50	+*minp = min;
	51	+*maxp = max;
	52	return p;
	53	}
	54