Martin Pitt wrote:
> Hi!
>
> Since I have to fix apache2 2.0.50 for Ubuntu, which still has an
> embedded pcre 3.x, I also took a look at the woody version. I took a
> look at the code and played with the test suite, and it seems to me
> that the capture part works ok; just the integer underflow must be
> fixed:
>
> --- pcre.c
> +++ pcre.c
> @@ -733,7 +733,7 @@
> /* Do paranoid checks, then fill in the required variables, and pass back the
> pointer to the terminating '}'. */
>
> -if (min > 65535 || max > 65535)
> +if (min < 0 || min > 65535 || max < 0 || max > 65535)
> *errorptr = ERR5;
> else
> {
>
> However, it would be nice to have a second pair of eyes to confirm
> that this version is not vulnerable to the capturing overflow.
Confirmed. Named subpatterns are not available in the 3.* version,
so they don't need to be fixed.
Regards,
Joey
--
It's time to close the windows.
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
