projects / privoxy.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 7cffc51)
pcre: Fix heap-buffer-overflow when loading invalid filter files
authorFabian Keil <fk@fabiankeil.de>
Sun, 8 May 2016 10:47:49 +0000 (10:47 +0000)
committerFabian Keil <fk@fabiankeil.de>
Sun, 8 May 2016 10:47:49 +0000 (10:47 +0000)
Found with afl-fuzz and ASAN.
Not considered a security vulnerability as filter files are trusted input.

pcre/pcre.c patch | blob | history

diff --git a/pcre/pcre.c b/pcre/pcre.c
index 38d0113..5824040 100644 (file)
--- a/pcre/pcre.c
+++ b/pcre/pcre.c
@@ -2660,8 +2660,13 @@ while ((c = *(++ptr)) != 0)
         }
       else class_charcount++;
       ptr++;
+      if (*ptr == 0)
+        {
+        *errorptr = ERR6;
+        goto PCRE_ERROR_RETURN;
+        }
       }
-    while (*ptr != 0 && *ptr != ']');
+    while (*ptr != ']');
 
     /* Repeats for negated single chars are handled by the general code */
 
The official Privoxy git repository