[prev in list] [next in list] [prev in thread] [next in thread]
List: openbsd-ports
Subject: fix for pcre problem in math/gunmeric
From: marc () msys ! ch
Date: 2005-08-27 11:15:59
Message-ID: 43104B6F.3060906 () msys ! ch
[Download RAW message or body]
this patch fixes the pcre problem/vulnerability in math/gnumeric.
ok?
["math_gnumeric.diff" (text/plain)]
diff -urN -x CVS math/gnumeric/Makefile math/gnumeric.p0/Makefile
--- math/gnumeric/Makefile Fri May 27 19:50:26 2005
+++ math/gnumeric.p0/Makefile Sat Aug 27 12:17:38 2005
@@ -4,6 +4,8 @@
VERSION= 1.4.3
DISTNAME= gnumeric-${VERSION}
+PKGNAME= ${DISTNAME}p0
+
CATEGORIES= math x11/gnome
HOMEPAGE= http://www.gnome.org/projects/gnumeric/
diff -urN -x CVS math/gnumeric/patches/patch-src_cut-n-paste-code_goffice_cut-n-paste_pcre_pcre_c \
math/gnumeric.p0/patches/patch-src_cut-n-paste-code_goffice_cut-n-paste_pcre_pcre_c
--- math/gnumeric/patches/patch-src_cut-n-paste-code_goffice_cut-n-paste_pcre_pcre_c Thu \
Jan 1 01:00:00 1970
+++ math/gnumeric.p0/patches/patch-src_cut-n-paste-code_goffice_cut-n-paste_pcre_pcre_c Sat \
Aug 27 12:15:42 2005 @@ -0,0 +1,55 @@
+$OpenBSD$
+--- src/cut-n-paste-code/goffice/cut-n-paste/pcre/pcre.c.orig Fri Oct 29 20:13:19 \
2004 ++++ src/cut-n-paste-code/goffice/cut-n-paste/pcre/pcre.c Sat Aug 27 12:10:16 \
2005 +@@ -1062,14 +1062,30 @@ read_repeat_counts(const uschar *p, int
+ int min = 0;
+ int max = -1;
+
++/* Read the minimum value and do a paranoid check: a negative value indicates
++an integer overflow. */
++
+ while ((digitab[*p] & ctype_digit) != 0) min = min * 10 + *p++ - '0';
++if (min < 0 || min > 65535)
++ {
++ *errorptr = ERR5;
++ return p;
++ }
+
++/* Read the maximum value if there is one, and again do a paranoid on its size.
++Also, max must not be less than min. */
++
+ if (*p == '}') max = min; else
+ {
+ if (*(++p) != '}')
+ {
+ max = 0;
+ while((digitab[*p] & ctype_digit) != 0) max = max * 10 + *p++ - '0';
++ if (max < 0 || max > 65535)
++ {
++ *errorptr = ERR5;
++ return p;
++ }
+ if (max < min)
+ {
+ *errorptr = ERR4;
+@@ -1078,16 +1094,11 @@ if (*p == '}') max = min; else
+ }
+ }
+
+-/* Do paranoid checks, then fill in the required variables, and pass back the
+-pointer to the terminating '}'. */
++/* Fill in the required variables, and pass back the pointer to the terminating
++'}'. */
+
+-if (min > 65535 || max > 65535)
+- *errorptr = ERR5;
+-else
+- {
+- *minp = min;
+- *maxp = max;
+- }
++*minp = min;
++*maxp = max;
+ return p;
+ }
+
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic