head	1.2;
access;
symbols
	RELEASE_6_0_0:1.1;
locks; strict;
comment	@# @;


1.2
date	2005.10.14.13.54.08;	author clement;	state dead;
branches;
next	1.1;

1.1
date	2005.08.25.20.24.53;	author clement;	state Exp;
branches;
next	;


desc
@@


1.2
log
@- Update to 2.0.55
@
text
@--- srclib/pcre/pcre.c.orig	Wed Nov 24 20:31:09 2004
+++ srclib/pcre/pcre.c	Thu Aug 25 22:14:56 2005
@@@@ -714,7 +714,18 @@@@
 int min = 0;
 int max = -1;
 
+/* Read the minimum value and do a paranoid check: a negative value indicates
+an integer overflow. */
+
 while ((cd->ctypes[*p] & ctype_digit) != 0) min = min * 10 + *p++ - '0';
+if (min < 0 || min > 65535)
+  {
+  *errorptr = ERR5;
+  return p;
+  }
+ 
+/* Read the maximum value if there is one, and again do a paranoid on its size.
+Also, max must not be less than min. */
 
 if (*p == '}') max = min; else
   {
@@@@ -722,6 +733,11 @@@@
     {
     max = 0;
     while((cd->ctypes[*p] & ctype_digit) != 0) max = max * 10 + *p++ - '0';
+    if (max < 0 || max > 65535)
+      {
+      *errorptr = ERR5;
+      return p;
+      }
     if (max < min)
       {
       *errorptr = ERR4;
@@@@ -730,16 +746,11 @@@@
     }
   }
 
-/* Do paranoid checks, then fill in the required variables, and pass back the
-pointer to the terminating '}'. */
+/* Fill in the required variables, and pass back the pointer to the terminating
+'}'. */
 
-if (min > 65535 || max > 65535)
-  *errorptr = ERR5;
-else
-  {
-  *minp = min;
-  *maxp = max;
-  }
+*minp = min;
+*maxp = max;
 return p;
 }
 
@


1.1
log
@- Fix CAN-2005-2491 (integer overflow in pcre)
- Fix memory leak in byterange stuff, which can lead to DoS.
  http://issues.apache.org/bugzilla/show_bug.cgi?id=29962

Obtained from:  Apache SVN repo
Reported by:    simon
Approved by:    portmgr (self)
@
text
@@

