Package: mawk
Version: 1.3.3-11
Tags: patch
An ubuntu user reports here
https://launchpad.net/distros/ubuntu/+source/mawk/+bug/23494
that mawk crashes if the script contains an overly long regexp.
The patch below fixes this bug.
While this is a buffer overflow I don't think it's a serious security
problem since untrusted regexps are generally not provided to mawk.
Regards,
Ian.
diff -u mawk-1.3.3/debian/changelog mawk-1.3.3/debian/changelog
--- mawk-1.3.3/debian/changelog
+++ mawk-1.3.3/debian/changelog
@@ -1,3 +1,9 @@
+mawk (1.3.3-11ubuntu2) edgy; urgency=low
+
+ * Do not crash if regexp is too long for our buffer. (LP 23494.)
+
+ -- Ian Jackson <[EMAIL PROTECTED]> Wed, 4 Oct 2006 16:07:11 +0100
+
mawk (1.3.3-11ubuntu1) dapper; urgency=low
* autopkgtest/autodebtest now supported - upstream tests wired in.
only in patch2:
unchanged:
--- mawk-1.3.3.orig/scan.c
+++ mawk-1.3.3/scan.c
@@ -1033,6 +1033,15 @@
STRING *sval ;
while (1)
+ {
+ if (p == string_buff + SPRINTF_SZ - 2)
+ {
+ compile_error(
+ "regular expression /%.10s ..."
+ " exceeds implementation size limit",
+ string_buff) ;
+ mawk_exit(2) ;
+ }
switch (scan_code[*p++ = next()])
{
case SC_DIV: /* done */
@@ -1070,6 +1079,7 @@
}
break ;
}
+ }
out:
/* now we've got the RE, so compile it */
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
