fix for pcre problem in math/gunmeric

Sat, 27 Aug 2005 04:28:09 -0700 

this patch fixes the pcre problem/vulnerability in math/gnumeric.

ok?

diff -urN -x CVS math/gnumeric/Makefile math/gnumeric.p0/Makefile
--- math/gnumeric/Makefile      Fri May 27 19:50:26 2005
+++ math/gnumeric.p0/Makefile   Sat Aug 27 12:17:38 2005
@@ -4,6 +4,8 @@
 
 VERSION=               1.4.3
 DISTNAME=              gnumeric-${VERSION}
+PKGNAME=               ${DISTNAME}p0
+
 CATEGORIES=                    math x11/gnome
 
 HOMEPAGE=              http://www.gnome.org/projects/gnumeric/
diff -urN -x CVS 
math/gnumeric/patches/patch-src_cut-n-paste-code_goffice_cut-n-paste_pcre_pcre_c
 
math/gnumeric.p0/patches/patch-src_cut-n-paste-code_goffice_cut-n-paste_pcre_pcre_c
--- 
math/gnumeric/patches/patch-src_cut-n-paste-code_goffice_cut-n-paste_pcre_pcre_c
    Thu Jan  1 01:00:00 1970
+++ 
math/gnumeric.p0/patches/patch-src_cut-n-paste-code_goffice_cut-n-paste_pcre_pcre_c
 Sat Aug 27 12:15:42 2005
@@ -0,0 +1,55 @@
+$OpenBSD$
+--- src/cut-n-paste-code/goffice/cut-n-paste/pcre/pcre.c.orig  Fri Oct 29 
20:13:19 2004
++++ src/cut-n-paste-code/goffice/cut-n-paste/pcre/pcre.c       Sat Aug 27 
12:10:16 2005
+@@ -1062,14 +1062,30 @@ read_repeat_counts(const uschar *p, int 
+ int min = 0;
+ int max = -1;
+ 
++/* Read the minimum value and do a paranoid check: a negative value indicates
++an integer overflow. */
++
+ while ((digitab[*p] & ctype_digit) != 0) min = min * 10 + *p++ - '0';
++if (min < 0 || min > 65535)
++  {
++  *errorptr = ERR5;
++  return p;
++  }
+ 
++/* Read the maximum value if there is one, and again do a paranoid on its 
size.
++Also, max must not be less than min. */
++
+ if (*p == '}') max = min; else
+   {
+   if (*(++p) != '}')
+     {
+     max = 0;
+     while((digitab[*p] & ctype_digit) != 0) max = max * 10 + *p++ - '0';
++    if (max < 0 || max > 65535)
++      {
++      *errorptr = ERR5;
++      return p;
++      }
+     if (max < min)
+       {
+       *errorptr = ERR4;
+@@ -1078,16 +1094,11 @@ if (*p == '}') max = min; else
+     }
+   }
+ 
+-/* Do paranoid checks, then fill in the required variables, and pass back the
+-pointer to the terminating '}'. */
++/* Fill in the required variables, and pass back the pointer to the 
terminating
++'}'. */
+ 
+-if (min > 65535 || max > 65535)
+-  *errorptr = ERR5;
+-else
+-  {
+-  *minp = min;
+-  *maxp = max;
+-  }
++*minp = min;
++*maxp = max;
+ return p;
+ }
+

Reply via email to