libpcre2: patch CVE-2022-41409

author Peter Marko <peter.marko@siemens.com>

Sat, 29 Jul 2023 16:15:49 +0000 (18:15 +0200)

committer Steve Sakoman <steve@sakoman.com>

Fri, 4 Aug 2023 15:44:24 +0000 (05:44 -1000)
author Peter Marko <peter.marko@siemens.com>
Sat, 29 Jul 2023 16:15:49 +0000 (18:15 +0200)
committer Steve Sakoman <steve@sakoman.com>
Fri, 4 Aug 2023 15:44:24 +0000 (05:44 -1000)
diff --git a/meta/recipes-support/libpcre/libpcre2/CVE-2022-41409.patch b/meta/recipes-support/libpcre/libpcre2/CVE-2022-41409.patch

new file mode 100644 (file)

index 0000000..882277a
--- /dev/null
+++ b/meta/recipes-support/libpcre/libpcre2/CVE-2022-41409.patch
@@ -0,0 +1,74 @@
+From 94e1c001761373b7d9450768aa15d04c25547a35 Mon Sep 17 00:00:00 2001
+From: Philip Hazel <Philip.Hazel@gmail.com>
+Date: Tue, 16 Aug 2022 17:00:45 +0100
+Subject: [PATCH] Diagnose negative repeat value in pcre2test subject line
+
+CVE: CVE-2022-41409
+Upstream-Status: Backport [https://github.com/PCRE2Project/pcre2/commit/94e1c001761373b7d9450768aa15d04c25547a35]
+
+Signed-off-by: Peter Marko <peter.marko@siemens.com>
+
+---
+ ChangeLog            | 3 +++
+ src/pcre2test.c      | 4 ++--
+ testdata/testinput2  | 3 +++
+ testdata/testoutput2 | 4 ++++
+ 4 files changed, 12 insertions(+), 2 deletions(-)
+
+diff --git a/ChangeLog b/ChangeLog
+index eab50eb7..276eb57a 100644
+--- a/ChangeLog
++++ b/ChangeLog
+@@ -7,6 +7,9 @@ fully read in caseless matching.
+ 24. Fixed an issue affecting recursions in JIT caused by duplicated data
+ transfers.
+ 
++20. A negative repeat value in a pcre2test subject line was not being 
++diagnosed, leading to infinite looping.
++
+ 
+ Version 10.34 21-November-2019
+ ------------------------------
+diff --git a/src/pcre2test.c b/src/pcre2test.c
+index 08f86096..f6f5d66c 100644
+--- a/src/pcre2test.c
++++ b/src/pcre2test.c
+@@ -6700,9 +6700,9 @@ while ((c = *p++) != 0)
+       }
+ 
+     i = (int32_t)li;
+-    if (i-- == 0)
++    if (i-- <= 0)
+       {
+-      fprintf(outfile, "** Zero repeat not allowed\n");
++      fprintf(outfile, "** Zero or negative repeat not allowed\n");
+       return PR_OK;
+       }
+ 
+diff --git a/testdata/testinput2 b/testdata/testinput2
+index 655e519..14e00ed 100644
+--- a/testdata/testinput2
++++ b/testdata/testinput2
+@@ -5772,4 +5772,7 @@ a)"xI
+ /(a)?a/I
+     manm
+ 
++--
++    \[X]{-10}
++
+ # End of testinput2
+diff --git a/testdata/testoutput2 b/testdata/testoutput2
+index c733c12..958f246 100644
+--- a/testdata/testoutput2
++++ b/testdata/testoutput2
+@@ -17435,6 +17435,10 @@ Subject length lower bound = 1
+     manm
+  0: a
+ 
++--
++    \[X]{-10}
++** Zero or negative repeat not allowed
++
+ # End of testinput2
+ Error -70: PCRE2_ERROR_BADDATA (unknown error number)
+ Error -62: bad serialized data
diff --git a/meta/recipes-support/libpcre/libpcre2_10.34.bb b/meta/recipes-support/libpcre/libpcre2_10.34.bb

index 254badf6f6fc36602ae7403fe0352d54c61b748d..3e1b001c32b23ef196a7f7f8a507463e0f017e9f 100644 (file)
--- a/meta/recipes-support/libpcre/libpcre2_10.34.bb
+++ b/meta/recipes-support/libpcre/libpcre2_10.34.bb
@@ -14,6 +14,7 @@ SRC_URI = "http://downloads.yoctoproject.org/mirror/sources/pcre2-${PV}.tar.bz2
             file://pcre-cross.patch \
             file://CVE-2022-1586.patch \
             file://CVE-2022-1587.patch \
+           file://CVE-2022-41409.patch \
  "
  
  SRC_URI[md5sum] = "d280b62ded13f9ccf2fac16ee5286366"
author	Peter Marko <peter.marko@siemens.com>
	Sat, 29 Jul 2023 16:15:49 +0000 (18:15 +0200)
committer	Steve Sakoman <steve@sakoman.com>
	Fri, 4 Aug 2023 15:44:24 +0000 (05:44 -1000)
meta/recipes-support/libpcre/libpcre2/CVE-2022-41409.patch	[new file with mode: 0644]	patch \| blob
meta/recipes-support/libpcre/libpcre2_10.34.bb		patch \| blob \| blame \| history