diff options
| author | Jasper Lievisse Adriaanse <jasper@cvs.openbsd.org> | 2009-11-03 14:24:10 +0000 |
|---|---|---|
| committer | Jasper Lievisse Adriaanse <jasper@cvs.openbsd.org> | 2009-11-03 14:24:10 +0000 |
| commit | 54e3eb24c5e154bd09910b35aeff860a4e528b8e (patch) | |
| tree | 973c69c98c8723e842dcaec2c32c85b4c32776fb | |
| parent | 7419173f963dfc3facbd841b5fa14f3db8d01300 (diff) | |
- apply fix from upstream git for CVE-2009-3626, which could cause perl to
crash on certain invalid UTF-8 codes.
ok millert@ sthen@
| -rw-r--r-- | gnu/usr.bin/perl/ext/re/t/regop.t | 12 | ||||
| -rw-r--r-- | gnu/usr.bin/perl/regcomp.c | 17 | ||||
| -rw-r--r-- | gnu/usr.bin/perl/regexec.c | 9 |
3 files changed, 19 insertions, 19 deletions
diff --git a/gnu/usr.bin/perl/ext/re/t/regop.t b/gnu/usr.bin/perl/ext/re/t/regop.t index 7fe7b204627..f111b9144d6 100644 --- a/gnu/usr.bin/perl/ext/re/t/regop.t +++ b/gnu/usr.bin/perl/ext/re/t/regop.t @@ -233,12 +233,12 @@ anchored "ABC" at 0 #Freeing REx: "(\\.COM|\\.EXE|\\.BAT|\\.CMD|\\.VBS|\\.VBE|\\.JS|\\.JSE|\\."...... %MATCHED% floating ""$ at 3..4 (checking floating) -1:1[1] 3:2[1] 5:2[64] 45:83[1] 47:84[1] 48:85[0] -stclass EXACTF <.> minlen 3 -Found floating substr ""$ at offset 30... -Does not contradict STCLASS... -Guessed: match at offset 26 -Matching stclass EXACTF <.> against ".exe" +#1:1[1] 3:2[1] 5:2[64] 45:83[1] 47:84[1] 48:85[0] +#stclass EXACTF <.> minlen 3 +#Found floating substr ""$ at offset 30... +#Does not contradict STCLASS... +#Guessed: match at offset 26 +#Matching stclass EXACTF <.> against ".exe" --- #Compiling REx "[q]" #size 12 nodes Got 100 bytes for offset annotations. diff --git a/gnu/usr.bin/perl/regcomp.c b/gnu/usr.bin/perl/regcomp.c index 49e69b226d4..b7fb032338d 100644 --- a/gnu/usr.bin/perl/regcomp.c +++ b/gnu/usr.bin/perl/regcomp.c @@ -2820,13 +2820,18 @@ S_study_chunk(pTHX_ RExC_state_t *pRExC_state, regnode **scanp, } } else { /* - Currently we assume that the trie can handle unicode and ascii - matches fold cased matches. If this proves true then the following - define will prevent tries in this situation. - - #define TRIE_TYPE_IS_SAFE (UTF || optype==EXACT) -*/ + Currently we do not believe that the trie logic can + handle case insensitive matching properly when the + pattern is not unicode (thus forcing unicode semantics). + + If/when this is fixed the following define can be swapped + in below to fully enable trie logic. + #define TRIE_TYPE_IS_SAFE 1 + +*/ +#define TRIE_TYPE_IS_SAFE (UTF || optype==EXACT) + if ( last && TRIE_TYPE_IS_SAFE ) { make_trie( pRExC_state, startbranch, first, cur, tail, count, diff --git a/gnu/usr.bin/perl/regexec.c b/gnu/usr.bin/perl/regexec.c index 7a42c4f82db..32994debff3 100644 --- a/gnu/usr.bin/perl/regexec.c +++ b/gnu/usr.bin/perl/regexec.c @@ -1006,16 +1006,15 @@ Perl_re_intuit_start(pTHX_ REGEXP * const prog, SV *sv, char *strpos, #define REXEC_TRIE_READ_CHAR(trie_type, trie, widecharmap, uc, uscan, len, \ uvc, charid, foldlen, foldbuf, uniflags) STMT_START { \ - UV uvc_unfolded = 0; \ switch (trie_type) { \ case trie_utf8_fold: \ if ( foldlen>0 ) { \ - uvc_unfolded = uvc = utf8n_to_uvuni( uscan, UTF8_MAXLEN, &len, uniflags ); \ + uvc = utf8n_to_uvuni( uscan, UTF8_MAXLEN, &len, uniflags ); \ foldlen -= len; \ uscan += len; \ len=0; \ } else { \ - uvc_unfolded = uvc = utf8n_to_uvuni( (U8*)uc, UTF8_MAXLEN, &len, uniflags ); \ + uvc = utf8n_to_uvuni( (U8*)uc, UTF8_MAXLEN, &len, uniflags ); \ uvc = to_uni_fold( uvc, foldbuf, &foldlen ); \ foldlen -= UNISKIP( uvc ); \ uscan = foldbuf + UNISKIP( uvc ); \ @@ -1041,7 +1040,6 @@ uvc, charid, foldlen, foldbuf, uniflags) STMT_START { \ uvc = (UV)*uc; \ len = 1; \ } \ - \ if (uvc < 256) { \ charid = trie->charmap[ uvc ]; \ } \ @@ -1054,9 +1052,6 @@ uvc, charid, foldlen, foldbuf, uniflags) STMT_START { \ charid = (U16)SvIV(*svpp); \ } \ } \ - if (!charid && trie_type == trie_utf8_fold && !UTF) { \ - charid = trie->charmap[uvc_unfolded]; \ - } \ } STMT_END #define REXEC_FBC_EXACTISH_CHECK(CoNd) \ |