Hello community, here is the log from the commit of package nmap for openSUSE:Factory checked in at 2019-05-03 22:48:09 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/nmap (Old) and /work/SRC/openSUSE:Factory/.nmap.new.5148 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "nmap" Fri May 3 22:48:09 2019 rev:60 rq:700476 version:7.70 Changes: -------- --- /work/SRC/openSUSE:Factory/nmap/nmap.changes 2018-05-29 10:41:59.334982875 +0200 +++ /work/SRC/openSUSE:Factory/.nmap.new.5148/nmap.changes 2019-05-03 22:48:10.820010783 +0200 @@ -1,0 +2,9 @@ +Fri May 3 14:53:44 UTC 2019 - Kristýna Streitová <[email protected]> + +- add nmap-7.70-CVE-2018-15173_pcre_limits.patch to reduce LibPCRE + resource limits so that version detection can't use as much of + the stack. Previously Nmap could crash when run on low-memory + systems against target services which are intentionally or + accidentally difficult to match [bsc#1104139] [CVE-2018-15173]. + +------------------------------------------------------------------- New: ---- nmap-7.70-CVE-2018-15173_pcre_limits.patch ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ nmap.spec ++++++ --- /var/tmp/diff_new_pack.5BnMC5/_old 2019-05-03 22:48:11.896013253 +0200 +++ /var/tmp/diff_new_pack.5BnMC5/_new 2019-05-03 22:48:11.896013253 +0200 @@ -1,7 +1,7 @@ # # spec file for package nmap # -# Copyright (c) 2018 SUSE LINUX GmbH, Nuernberg, Germany. +# Copyright (c) 2019 SUSE LINUX GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -40,6 +40,7 @@ Patch2: nmap-4.75-nostrip.patch Patch3: su-to-zenmap.patch Patch4: nmap-ncat-skip-network-tests.patch +Patch5: nmap-7.70-CVE-2018-15173_pcre_limits.patch BuildRequires: dos2unix BuildRequires: fdupes BuildRequires: gcc-c++ @@ -121,6 +122,7 @@ %patch3 %endif %patch4 -p1 +%patch5 -p1 # use system provided libraries rm -rf libpcap libpcre macosx mswin32 ++++++ nmap-7.70-CVE-2018-15173_pcre_limits.patch ++++++ >From 6d8bb6df229f7acf768bcebfe14cdc8c3dbbe92b Mon Sep 17 00:00:00 2001 From: dmiller <dmiller@e0a8ed71-7df4-0310-8962-fdc924857419> Date: Wed, 8 Aug 2018 16:36:21 +0000 Subject: [PATCH] Set limits on PCRE matches to avoid issues like #1147 CVE-2018-15173 --- service_scan.cc | 15 +++++++++++++++ 1 file changed, 15 insertions(+) diff --git a/service_scan.cc b/service_scan.cc index 1fc8056884..79e92b8f21 100644 --- a/service_scan.cc +++ b/service_scan.cc @@ -489,6 +489,15 @@ void ServiceProbeMatch::InitMatch(const char *matchtext, int lineno) { if (pcre_errptr != NULL) fatal("%s: failed to pcre_study regexp on line %d of nmap-service-probes: %s\n", __func__, lineno, pcre_errptr); + // Set some limits to avoid evil match cases. + // These are flexible; if they cause problems, increase them. +#ifdef PCRE_ERROR_MATCHLIMIT + regex_extra->match_limit = 100000; // 100K +#endif +#ifdef PCRE_ERROR_RECURSIONLIMIT + regex_extra->match_limit_recursion = 10000; // 10K +#endif + free(modestr); free(flags); @@ -568,6 +577,12 @@ const struct MatchDetails *ServiceProbeMatch::testMatch(const u8 *buf, int bufle if (o.debugging || o.verbose > 1) error("Warning: Hit PCRE_ERROR_MATCHLIMIT when probing for service %s with the regex '%s'", servicename, matchstr); } else +#endif // PCRE_ERROR_MATCHLIMIT +#ifdef PCRE_ERROR_RECURSIONLIMIT + if (rc == PCRE_ERROR_RECURSIONLIMIT) { + if (o.debugging || o.verbose > 1) + error("Warning: Hit PCRE_ERROR_RECURSIONLIMIT when probing for service %s with the regex '%s'", servicename, matchstr); + } else #endif // PCRE_ERROR_MATCHLIMIT if (rc != PCRE_ERROR_NOMATCH) { fatal("Unexpected PCRE error (%d) when probing for service %s with the regex '%s'", rc, servicename, matchstr);
