Hi Philip,
Thanks for the quick reply!
On Sun, Mar 26, 2017 at 04:24:17PM +0100, p...@hermes.cam.ac.uk wrote:
> On Sun, 26 Mar 2017, Salvatore Bonaccorso wrote:
>
> > I tried to follow the status for CVE-2017-7245 (#858678), and it looks
> > they fail still on "current" revision from upstrema VCS.
> >
> > I'm on r1689 ("Fix DFA match handling of possessive repeated character
> > class (Bugzilla 2086).") and compiling locally wit ASAN:
> >
> > (basically only CFLAGS="-g -O0 -fsanitize=address"
> > LDFLAGS="-fsanitize=address" and I'm explicitly calling configure with
> > --enable-pcre32 --disable-shared to explicitly catch the issues):
> >
> > CVE-2017-7245:
> >
> > $ ./pcretest -32 -d ~/poc/00207-pcre-stackoverflow-pcre32_copy_substring
>
> I'm afraid I cannot reproduce this bug from the data in your email. I
> suspect some of the characters are getting mangled somehow on their way
> through the mail system.
>
> > (the reproducer files are from Agostino Sarubbo git repository).
>
> Please remind me where this is so that I can try to get the failing
> file.
Sure, apolgies if this was too terse. So the CVE-2017-7245 issue, some
references are here:
https://security-tracker.debian.org/tracker/CVE-2017-7245
the reporter blog is at
https://blogs.gentoo.org/ago/2017/03/20/libpcre-two-stack-based-buffer-overflow-write-in-pcre32_copy_substring-pcre_get-c/
and the file to reproduce thie issue is located in his git repository
at
https://github.com/asarubbo/poc/blob/master/00207-pcre-stackoverflow-pcre32_copy_substring
I was able to reproduce the issue with an ASAN build of pcre3 from the
VCS checkout at revision r1689.
Does this help? Or do you need any further information from me?
Regards,
Salvatore
