fix CVE-2022-41409

(cherry picked from commit 97695975c7ff9a2f7a719c1ceb9b9d35af973a0b)
2023-07-31 19:41:00 +08:00 · 2023-07-31 19:41:00 +08:00 · 3177a421c4
commit 3177a421c4
parent 96a2af814e
2 changed files with 65 additions and 1 deletions
--- a/backport-fix-CVE-2022-41409.patch
+++ b/backport-fix-CVE-2022-41409.patch
@ -0,0 +1,60 @@
+From 94e1c001761373b7d9450768aa15d04c25547a35 Mon Sep 17 00:00:00 2001
+From: Philip Hazel <Philip.Hazel@gmail.com>
+Date: Tue, 16 Aug 2022 17:00:45 +0100
+Subject: [PATCH] Diagnose negative repeat value in pcre2test subject line
+ 
+Reference:https://github.com/PCRE2Project/pcre2/commit/94e1c001761373b7d9450768aa15d04c25547a35
+Conflict:delete ChangeLog
+ 
+---
+ src/pcre2test.c      | 4 ++--
+ testdata/testinput2  | 3 +++
+ testdata/testoutput2 | 4 ++++
+ 3 files changed, 9 insertions(+), 2 deletions(-)
+ 
+diff --git a/src/pcre2test.c b/src/pcre2test.c
+index 3f4fef4..36f2769 100644
+--- a/src/pcre2test.c
+++ b/src/pcre2test.c
+@@ -6755,9 +6755,9 @@ while ((c = *p++) != 0)
+       }
+ 
+     i = (int32_t)li;
+-    if (i-- == 0)
+    if (i-- <= 0)
+       {
+-      fprintf(outfile, "** Zero repeat not allowed\n");
+      fprintf(outfile, "** Zero or negative repeat not allowed\n");
+       return PR_OK;
+       }
+ 
+diff --git a/testdata/testinput2 b/testdata/testinput2
+index 695bb60..63d475f 100644
+--- a/testdata/testinput2
+++ b/testdata/testinput2
+@@ -5864,4 +5864,7 @@ a)"xI
+ 
+ /(?(VERSION=0.0/
+ 
+--
+    \[X]{-10}
+
+ # End of testinput2
+diff --git a/testdata/testoutput2 b/testdata/testoutput2
+index 0fdbe13..123a773 100644
+--- a/testdata/testoutput2
+++ b/testdata/testoutput2
+@@ -17621,6 +17621,10 @@ MK: >\x00<
+ /(?(VERSION=0.0/
+ Failed: error 179 at offset 14: syntax error or number too big in (?(VERSION condition
+ 
+--
+    \[X]{-10}
+** Zero or negative repeat not allowed
+
+ # End of testinput2
+ Error -70: PCRE2_ERROR_BADDATA (unknown error number)
+ Error -62: bad serialized data
+-- 
+2.27.0
+ 
--- a/pcre2.spec
+++ b/pcre2.spec
@ -1,6 +1,6 @@
 Name:        pcre2
 Version:     10.35
-Release:     4
+Release:     5
 Summary:     Perl Compatible Regular Expressions
 License:     BSD
 URL:         http://www.pcre.org/
@ -35,6 +35,7 @@ Patch6018:     backport-Fixed-race-condition-that-occurs-when-initializing-t.pat
 Patch6019:     backport-Fixed-an-issue-in-the-backtracking-optimization-of-c.patch
 Patch6020:     backport-jit-fail-early-in-ffcps_-if-subject-shorter-than-off.patch
 Patch6021:     backport-jit-fix-pcre2_jit_free_unused_memory-if-sljit-not-us.patch
+Patch6022:     backport-fix-CVE-2022-41409.patch

 BuildRequires:  autoconf libtool automake coreutils gcc make readline-devel
 Obsoletes:      pcre2-utf16 pcre2-utf32 pcre2-tools
@ -151,6 +152,9 @@ make check
 %{_pkgdocdir}/html/

 %changelog
+* Mon Jul 31 2023 yangmingtai <yangmingtai@huawei.com> - 10.35-5
+- DESC:fix CVE-2022-41409
+
 * Wed Apr 19 2023 yangmingtai <yangmingtai@huawei.com> - 10.35-4
 - DESC:sync community patches
       backport-jit-fail-early-in-ffcps_-if-subject-shorter-than-off.patch