packages/oniguruma
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

!9 update version to 6.9.6

Browse Source 
From: @zou_lin77
Reviewed-by: @hanxinke,@licihua,@small_leek
Signed-off-by: @hanxinke,@licihua,@small_leek
This commit is contained in:
openeuler-ci-bot 2021-01-27 17:59:49 +08:00 committed by Gitee
commit 2636edbab1
11 changed files with 5 additions and 606 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

28
CVE-2017-9228.patch
View File

@ -1,28 +0,0 @@
From 5c8ed2a12935501759ebf1792ee4949b429c195b Mon Sep 17 00:00:00 2001
From: "K.Kosako" <kosako@sofnec.co.jp>
Date: Wed, 24 May 2017 13:43:25 +0900
Subject: [PATCH] fix #60 : invalid state(CCS_VALUE) in parse_char_class()
Signed-off-by: hanxinke <hanxinke@huawei.com>
---
src/regparse.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/src/regparse.c b/src/regparse.c
index fcc05cf..3689519 100644
--- a/src/regparse.c
+++ b/src/regparse.c
@@ -6071,7 +6071,9 @@ next_state_class(CClassNode* cc, OnigCodePoint* vs, enum CCVALTYPE* type,
}
}
- *state = CCS_VALUE;
+ if (*state != CCS_START)
+ *state = CCS_VALUE;
+
*type = CCV_CLASS;
return 0;
}
--
2.0.1

45
CVE-2019-13224.patch
View File

@ -1,45 +0,0 @@
From ad793dcb677988667b2d23e3fd4480b44113fdd1 Mon Sep 17 00:00:00 2001
From: "K.Kosako" <kosako@sofnec.co.jp>
Date: Thu, 27 Jun 2019 17:25:26 +0900
Subject: [PATCH] Fix CVE-2019-13224: don't allow different encodings for
onig_new_deluxe()
Signed-off-by: hanxinke <hanxinke@huawei.com>
---
src/regext.c | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/src/regext.c b/src/regext.c
index 996d043..de122c7 100644
--- a/src/regext.c
+++ b/src/regext.c
@@ -29,6 +29,7 @@
#include "regint.h"
+#if 0
static void
conv_ext0be32(const UChar* s, const UChar* end, UChar* conv)
{
@@ -158,6 +159,7 @@ conv_encoding(OnigEncoding from, OnigEncoding to, const UChar* s, const UChar* e
return ONIGERR_NOT_SUPPORTED_ENCODING_COMBINATION;
}
+#endif
extern int
onig_new_deluxe(regex_t** reg, const UChar* pattern, const UChar* pattern_end,
@@ -169,9 +171,7 @@ onig_new_deluxe(regex_t** reg, const UChar* pattern, const UChar* pattern_end,
if (IS_NOT_NULL(einfo)) einfo->par = (UChar* )NULL;
if (ci->pattern_enc != ci->target_enc) {
- r = conv_encoding(ci->pattern_enc, ci->target_enc, pattern, pattern_end,
- &cpat, &cpat_end);
- if (r != 0) return r;
+ return ONIGERR_NOT_SUPPORTED_ENCODING_COMBINATION;
}
else {
cpat = (UChar* )pattern;
--
2.0.1

71
CVE-2019-13225.patch
View File

@ -1,71 +0,0 @@
From 5ed8bad6a362c8a77cbd40196cd8867681029bcd Mon Sep 17 00:00:00 2001
From: "K.Kosako" <kosako@sofnec.co.jp>
Date: Thu, 27 Jun 2019 14:11:55 +0900
Subject: [PATCH] Fix CVE-2019-13225: problem in converting if-then-else
pattern to bytecode.
Signed-off-by: hanxinke <hanxinke@huawei.com>
---
src/regcomp.c | 24 +++++++++++++++++-------
1 file changed, 17 insertions(+), 7 deletions(-)
diff --git a/src/regcomp.c b/src/regcomp.c
index 83b9252..6c9da7e 100644
--- a/src/regcomp.c
+++ b/src/regcomp.c
@@ -1100,8 +1100,9 @@ compile_length_enclosure_node(EnclosureNode* node, regex_t* reg)
len += tlen;
}
+ len += SIZE_OP_JUMP + SIZE_OP_ATOMIC_END;
+
if (IS_NOT_NULL(Else)) {
- len += SIZE_OP_JUMP;
tlen = compile_length_tree(Else, reg);
if (tlen < 0) return tlen;
len += tlen;
@@ -1243,7 +1244,7 @@ compile_enclosure_node(EnclosureNode* node, regex_t* reg, ScanEnv* env)
case ENCLOSURE_IF_ELSE:
{
- int cond_len, then_len, jump_len;
+ int cond_len, then_len, else_len, jump_len;
Node* cond = NODE_ENCLOSURE_BODY(node);
Node* Then = node->te.Then;
Node* Else = node->te.Else;
@@ -1260,8 +1261,7 @@ compile_enclosure_node(EnclosureNode* node, regex_t* reg, ScanEnv* env)
else
then_len = 0;
- jump_len = cond_len + then_len + SIZE_OP_ATOMIC_END;
- if (IS_NOT_NULL(Else)) jump_len += SIZE_OP_JUMP;
+ jump_len = cond_len + then_len + SIZE_OP_ATOMIC_END + SIZE_OP_JUMP;
r = add_opcode_rel_addr(reg, OP_PUSH, jump_len);
if (r != 0) return r;
@@ -1276,9 +1276,19 @@ compile_enclosure_node(EnclosureNode* node, regex_t* reg, ScanEnv* env)
}
if (IS_NOT_NULL(Else)) {
- int else_len = compile_length_tree(Else, reg);
- r = add_opcode_rel_addr(reg, OP_JUMP, else_len);
- if (r != 0) return r;
+ else_len = compile_length_tree(Else, reg);
+ if (else_len < 0) return else_len;
+ }
+ else
+ else_len = 0;
+
+ r = add_opcode_rel_addr(reg, OP_JUMP, else_len + SIZE_OP_ATOMIC_END);
+ if (r != 0) return r;
+
+ r = add_opcode(reg, OP_ATOMIC_END);
+ if (r != 0) return r;
+
+ if (IS_NOT_NULL(Else)) {
r = compile_tree(Else, reg, env);
}
}
--
2.0.1

55
CVE-2019-16163.patch
View File

@ -1,55 +0,0 @@
From 4097828d7cc87589864fecf452f2cd46c5f37180 Mon Sep 17 00:00:00 2001
From: "K.Kosako" <kosako@sofnec.co.jp>
Date: Mon, 29 Jul 2019 12:52:56 +0900
Subject: [PATCH] fix #147: Stack Exhaustion Problem caused by some parsing
functions in regcomp.c making recursive calls to themselves.
---
src/regparse.c | 11 ++++++++++-
1 file changed, 10 insertions(+), 1 deletion(-)
diff --git a/src/regparse.c b/src/regparse.c
index 3689519..9652bfd 100644
--- a/src/regparse.c
+++ b/src/regparse.c
@@ -6190,6 +6190,7 @@ parse_char_class(Node** np, OnigToken* tok, UChar** src, UChar* end, ScanEnv* en
env->parse_depth++;
if (env->parse_depth > ParseDepthLimit)
return ONIGERR_PARSE_DEPTH_LIMIT_OVER;
+
prev_cc = (CClassNode* )NULL;
r = fetch_token_in_cc(tok, src, end, env);
if (r == TK_CHAR && tok->u.c == '^' && tok->escaped == 0) {
@@ -7714,13 +7715,17 @@ static int
parse_exp(Node** np, OnigToken* tok, int term, UChar** src, UChar* end,
ScanEnv* env)
{
- int r, len, group = 0;
+ int r, len, group;
Node* qn;
Node** targetp;
+ unsigned int parse_depth;
+ group = 0;
*np = NULL;
if (tok->type == (enum TokenSyms )term)
goto end_of_token;
+
+ parse_depth = env->parse_depth;
switch (tok->type) {
case TK_ALT:
@@ -8028,6 +8033,10 @@ parse_exp(Node** np, OnigToken* tok, int term, UChar** src, UChar* end,
if (is_invalid_quantifier_target(*targetp))
return ONIGERR_TARGET_OF_REPEAT_OPERATOR_INVALID;
+ parse_depth++;
+ if (parse_depth > ParseDepthLimit)
+ return ONIGERR_PARSE_DEPTH_LIMIT_OVER;
+
qn = node_new_quantifier(tok->u.repeat.lower, tok->u.repeat.upper,
(r == TK_INTERVAL ? 1 : 0));
CHECK_NULL_RETURN_MEMERR(qn);
--
2.19.1

227
CVE-2019-19012.patch
View File

@ -1,227 +0,0 @@
Origin: https://github.com/kkos/oniguruma/commit/0463e21432515631a9bc925ce5eb95b097c73719
Origin: https://github.com/kkos/oniguruma/commit/db64ef3189f54917a5008a02bdb000adc514a90a
Origin: https://github.com/kkos/oniguruma/commit/bfc36d3d8139b8be4d3df630d625c58687b0c7d4
Origin: https://github.com/kkos/oniguruma/commit/778a43dd56925ed58bbe26e3a7bb8202d72c3f3f
Origin: https://github.com/kkos/oniguruma/commit/b6cb7580a7e0c56fc325fe9370b9d34044910aed
Author: K.Kosako <kosako@sofnec.co.jp>
Reviewed-by: Sylvain Beucler <beuc@debian.org>
Last-Update: 2019-11-22
fix #164: Integer overflow related to reg->dmax in search_in_range()
Index: src/regexec.c
===================================================================
--- a/src/regexec.c
+++ b/src/regexec.c
@@ -27,6 +27,7 @@
* SUCH DAMAGE.
*/
#include "regint.h"
+#include <stddef.h>
#define IS_MBC_WORD_ASCII_MODE(enc,s,end,mode) \
((mode) == 0 ? ONIGENC_IS_MBC_WORD(enc,s,end) : ONIGENC_IS_MBC_WORD_ASCII(enc,s,end))
@@ -4367,14 +4368,14 @@ forward_search_range(regex_t* reg, const
#endif
p = s;
- if (reg->dmin > 0) {
+ if (reg->dmin != 0) {
+ if (end - p <= reg->dmin)
+ return 0; /* fail */
if (ONIGENC_IS_SINGLEBYTE(reg->enc)) {
p += reg->dmin;
}
else {
UChar *q = p + reg->dmin;
-
- if (q >= end) return 0; /* fail */
while (p < q) p += enclen(reg->enc, p);
}
}
@@ -4403,7 +4404,7 @@ forward_search_range(regex_t* reg, const
}
if (p && p < range) {
- if (p - reg->dmin < s) {
+ if (p - s < reg->dmin) {
retry_gate:
pprev = p;
p += enclen(reg->enc, p);
@@ -4451,6 +4452,7 @@ forward_search_range(regex_t* reg, const
*low_prev = onigenc_get_prev_char_head(reg->enc,
(pprev ? pprev : str), p);
}
+ *high = p;
}
else {
if (reg->dmax != INFINITE_LEN) {
@@ -4475,9 +4477,12 @@ forward_search_range(regex_t* reg, const
}
}
}
+ /* no needs to adjust *high, *high is used as range check only */
+ if (p - str < reg->dmin)
+ *high = (UChar* )str;
+ else
+ *high = p - reg->dmin;
}
- /* no needs to adjust *high, *high is used as range check only */
- *high = p - reg->dmin;
#ifdef ONIG_DEBUG_SEARCH
fprintf(stderr,
@@ -4500,7 +4505,6 @@ backward_search_range(regex_t* reg, cons
{
UChar *p;
- range += reg->dmin;
p = s;
retry:
@@ -4581,10 +4585,22 @@ backward_search_range(regex_t* reg, cons
}
}
- /* no needs to adjust *high, *high is used as range check only */
if (reg->dmax != INFINITE_LEN) {
- *low = p - reg->dmax;
- *high = p - reg->dmin;
+ if ((ptrdiff_t )(p - str) < (ptrdiff_t )reg->dmax)
+ *low = (UChar* )str;
+ else
+ *low = p - reg->dmax;
+
+ if (reg->dmin != 0) {
+ if ((ptrdiff_t )(p - str) < (ptrdiff_t )reg->dmin)
+ *high = (UChar* )str;
+ else
+ *high = p - reg->dmin;
+ }
+ else {
+ *high = p;
+ }
+
*high = onigenc_get_right_adjust_char_head(reg->enc, adjrange, *high);
}
@@ -4714,13 +4730,16 @@ onig_search_with_param(regex_t* reg, con
goto mismatch_no_msa;
if (range > start) {
- if ((OnigLen )(min_semi_end - start) > reg->anchor_dmax) {
+ if (min_semi_end - start > reg->anchor_dmax) {
start = min_semi_end - reg->anchor_dmax;
if (start < end)
start = onigenc_get_right_adjust_char_head(reg->enc, str, start);
}
- if ((OnigLen )(max_semi_end - (range - 1)) < reg->anchor_dmin) {
- range = max_semi_end - reg->anchor_dmin + 1;
+ if (max_semi_end - (range - 1) < reg->anchor_dmin) {
+ if (max_semi_end - str + 1 < reg->anchor_dmin)
+ goto mismatch_no_msa;
+ else
+ range = max_semi_end - reg->anchor_dmin + 1;
}
if (start > range) goto mismatch_no_msa;
@@ -4728,13 +4747,18 @@ onig_search_with_param(regex_t* reg, con
Backward search is used. */
}
else {
- if ((OnigLen )(min_semi_end - range) > reg->anchor_dmax) {
+ if (min_semi_end - range > reg->anchor_dmax) {
range = min_semi_end - reg->anchor_dmax;
}
- if ((OnigLen )(max_semi_end - start) < reg->anchor_dmin) {
- start = max_semi_end - reg->anchor_dmin;
- start = ONIGENC_LEFT_ADJUST_CHAR_HEAD(reg->enc, str, start);
+ if (max_semi_end - start < reg->anchor_dmin) {
+ if (max_semi_end - str < reg->anchor_dmin)
+ goto mismatch_no_msa;
+ else {
+ start = max_semi_end - reg->anchor_dmin;
+ start = ONIGENC_LEFT_ADJUST_CHAR_HEAD(reg->enc, str, start);
+ }
}
+
if (range > start) goto mismatch_no_msa;
}
}
@@ -4801,15 +4825,19 @@ onig_search_with_param(regex_t* reg, con
if (reg->optimize != OPTIMIZE_NONE) {
UChar *sch_range, *low, *high, *low_prev;
- sch_range = (UChar* )range;
if (reg->dmax != 0) {
if (reg->dmax == INFINITE_LEN)
sch_range = (UChar* )end;
else {
- sch_range += reg->dmax;
- if (sch_range > end) sch_range = (UChar* )end;
- }
+ if ((end - range) < reg->dmax)
+ sch_range = (UChar* )end;
+ else {
+ sch_range = (UChar* )range + reg->dmax;
+ }
+ }
}
+ else
+ sch_range = (UChar* )range;
if ((end - start) < reg->threshold_len)
goto mismatch;
@@ -4868,18 +4896,28 @@ onig_search_with_param(regex_t* reg, con
if (reg->optimize != OPTIMIZE_NONE) {
UChar *low, *high, *adjrange, *sch_start;
+ const UChar *min_range;
if (range < end)
adjrange = ONIGENC_LEFT_ADJUST_CHAR_HEAD(reg->enc, str, range);
else
adjrange = (UChar* )end;
+ if (end - range > reg->dmin)
+ min_range = range + reg->dmin;
+ else
+ min_range = end;
+
if (reg->dmax != INFINITE_LEN &&
(end - range) >= reg->threshold_len) {
do {
- sch_start = s + reg->dmax;
- if (sch_start > end) sch_start = (UChar* )end;
- if (backward_search_range(reg, str, end, sch_start, range, adjrange,
+ if (end - s > reg->dmax)
+ sch_start = s + reg->dmax;
+ else {
+ sch_start = (UChar* )end;
+ }
+
+ if (backward_search_range(reg, str, end, sch_start, min_range, adjrange,
&low, &high) <= 0)
goto mismatch;
@@ -4897,19 +4935,7 @@ onig_search_with_param(regex_t* reg, con
else { /* check only. */
if ((end - range) < reg->threshold_len) goto mismatch;
- sch_start = s;
- if (reg->dmax != 0) {
- if (reg->dmax == INFINITE_LEN)
- sch_start = (UChar* )end;
- else {
- sch_start += reg->dmax;
- if (sch_start > end) sch_start = (UChar* )end;
- else
- sch_start = ONIGENC_LEFT_ADJUST_CHAR_HEAD(reg->enc,
- start, sch_start);
- }
- }
- if (backward_search_range(reg, str, end, sch_start, range, adjrange,
+ if (backward_search_range(reg, str, end, sch_start, min_range, adjrange,
&low, &high) <= 0) goto mismatch;
}
}

126
CVE-2019-19203.patch
View File

@ -1,126 +0,0 @@
From aa0188eaedc056dca8374ac03d0177429b495515 Mon Sep 17 00:00:00 2001
From: "K.Kosako" <kosako@sofnec.co.jp>
Date: Thu, 7 Nov 2019 14:13:55 +0900
Subject: [PATCH] fix #163: heap-buffer-overflow in gb18030_mbc_enc_len
---
src/gb18030.c | 16 +++++++++++++++-
src/regparse.c | 32 ++++++++++++++++++++++----------
2 files changed, 37 insertions(+), 11 deletions(-)
diff --git a/src/gb18030.c b/src/gb18030.c
index ad5bf96..da6cfab 100644
--- a/src/gb18030.c
+++ b/src/gb18030.c
@@ -75,6 +75,20 @@ gb18030_mbc_enc_len(const UChar* p)
return 2;
}
+static int
+gb18030_code_to_mbclen(OnigCodePoint code)
+{
+ if ((code & 0xff000000) != 0) return 4;
+ else if ((code & 0xff0000) != 0) return ONIGERR_INVALID_CODE_POINT_VALUE;
+ else if ((code & 0xff00) != 0) return 2;
+ else {
+ if (GB18030_MAP[(int )(code & 0xff)] == CM)
+ return ONIGERR_INVALID_CODE_POINT_VALUE;
+
+ return 1;
+ }
+}
+
static int
is_valid_mbc_string(const UChar* p, const UChar* end)
{
@@ -513,7 +527,7 @@ OnigEncodingType OnigEncodingGB18030 = {
1, /* min enc length */
onigenc_is_mbc_newline_0x0a,
gb18030_mbc_to_code,
- onigenc_mb4_code_to_mbclen,
+ gb18030_code_to_mbclen,
gb18030_code_to_mbc,
gb18030_mbc_case_fold,
onigenc_ascii_apply_all_case_fold,
diff --git a/src/regparse.c b/src/regparse.c
index 70c36d5..5bf25e8 100644
--- a/src/regparse.c
+++ b/src/regparse.c
@@ -5885,6 +5885,7 @@ add_ctype_to_cc(CClassNode* cc, int ctype, int not, ScanEnv* env)
int c, r;
int ascii_mode;
+ int is_single;
const OnigCodePoint *ranges;
OnigCodePoint limit;
OnigCodePoint sb_out;
@@ -5906,6 +5907,7 @@ add_ctype_to_cc(CClassNode* cc, int ctype, int not, ScanEnv* env)
}
r = 0;
+ is_single = ONIGENC_IS_SINGLEBYTE(enc);
limit = ascii_mode ? ASCII_LIMIT : SINGLE_BYTE_SIZE;
switch (ctype) {
@@ -5922,19 +5924,25 @@ add_ctype_to_cc(CClassNode* cc, int ctype, int not, ScanEnv* env)
case ONIGENC_CTYPE_ALNUM:
if (not != 0) {
for (c = 0; c < (int )limit; c++) {
- if (! ONIGENC_IS_CODE_CTYPE(enc, (OnigCodePoint )c, ctype))
- BITSET_SET_BIT(cc->bs, c);
+ if (is_single != 0 || ONIGENC_CODE_TO_MBCLEN(enc, c) == 1) {
+ if (! ONIGENC_IS_CODE_CTYPE(enc, (OnigCodePoint )c, ctype))
+ BITSET_SET_BIT(cc->bs, c);
+ }
}
for (c = limit; c < SINGLE_BYTE_SIZE; c++) {
- BITSET_SET_BIT(cc->bs, c);
+ if (is_single != 0 || ONIGENC_CODE_TO_MBCLEN(enc, c) == 1)
+ BITSET_SET_BIT(cc->bs, c);
}
- ADD_ALL_MULTI_BYTE_RANGE(enc, cc->mbuf);
+ if (is_single == 0)
+ ADD_ALL_MULTI_BYTE_RANGE(enc, cc->mbuf);
}
else {
for (c = 0; c < (int )limit; c++) {
- if (ONIGENC_IS_CODE_CTYPE(enc, (OnigCodePoint )c, ctype))
- BITSET_SET_BIT(cc->bs, c);
+ if (is_single != 0 || ONIGENC_CODE_TO_MBCLEN(enc, c) == 1) {
+ if (ONIGENC_IS_CODE_CTYPE(enc, (OnigCodePoint )c, ctype))
+ BITSET_SET_BIT(cc->bs, c);
+ }
}
}
break;
@@ -5944,21 +5952,25 @@ add_ctype_to_cc(CClassNode* cc, int ctype, int not, ScanEnv* env)
case ONIGENC_CTYPE_WORD:
if (not != 0) {
for (c = 0; c < (int )limit; c++) {
- if (ONIGENC_CODE_TO_MBCLEN(enc, c) > 0 /* check invalid code point */
+ /* check invalid code point */
+ if ((is_single != 0 || ONIGENC_CODE_TO_MBCLEN(enc, c) == 1)
&& ! ONIGENC_IS_CODE_CTYPE(enc, (OnigCodePoint )c, ctype))
BITSET_SET_BIT(cc->bs, c);
}
for (c = limit; c < SINGLE_BYTE_SIZE; c++) {
- if (ONIGENC_CODE_TO_MBCLEN(enc, c) > 0)
+ if (is_single != 0 || ONIGENC_CODE_TO_MBCLEN(enc, c) == 1)
BITSET_SET_BIT(cc->bs, c);
}
+ if (ascii_mode != 0 && is_single == 0)
+ ADD_ALL_MULTI_BYTE_RANGE(enc, cc->mbuf);
}
else {
for (c = 0; c < (int )limit; c++) {
- if (ONIGENC_IS_CODE_CTYPE(enc, (OnigCodePoint )c, ctype))
+ if ((is_single != 0 || ONIGENC_CODE_TO_MBCLEN(enc, c) == 1)
+ && ONIGENC_IS_CODE_CTYPE(enc, (OnigCodePoint )c, ctype))
BITSET_SET_BIT(cc->bs, c);
}
- if (ascii_mode == 0)
+ if (ascii_mode == 0 && is_single == 0)
ADD_ALL_MULTI_BYTE_RANGE(enc, cc->mbuf);
}
break;

23
CVE-2019-19204.patch
View File

@ -1,23 +0,0 @@
From 6eb4aca6a7f2f60f473580576d86686ed6a6ebec Mon Sep 17 00:00:00 2001
From: "K.Kosako" <kosako@sofnec.co.jp>
Date: Wed, 6 Nov 2019 17:32:29 +0900
Subject: [PATCH] fix #162: heap-buffer-overflow in fetch_interval_quantifier
due to double PFETCH
---
src/regparse.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/regparse.c b/src/regparse.c
index 324c414..70c36d5 100644
--- a/src/regparse.c
+++ b/src/regparse.c
@@ -4178,7 +4178,7 @@ fetch_interval_quantifier(UChar** src, UChar* end, PToken* tok, ScanEnv* env)
if (PEND) goto invalid;
PFETCH(c);
if (IS_SYNTAX_OP(env->syntax, ONIG_SYN_OP_ESC_BRACE_INTERVAL)) {
- if (c != MC_ESC(env->syntax)) goto invalid;
+ if (c != MC_ESC(env->syntax) || PEND) goto invalid;
PFETCH(c);
}
if (c != '}') goto invalid;

21
CVE-2019-19246.patch
View File

@ -1,21 +0,0 @@
From d3e402928b6eb3327f8f7d59a9edfa622fec557b Mon Sep 17 00:00:00 2001
From: "K.Kosako" <kosako@sofnec.co.jp>
Date: Tue, 13 Aug 2019 13:37:30 +0900
Subject: [PATCH] fix heap-buffer-overflow
---
src/regexec.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/src/regexec.c b/src/regexec.c
index 0753b07..634ee42 100644
--- a/src/regexec.c
+++ b/src/regexec.c
@@ -4196,6 +4196,7 @@ str_lower_case_match(OnigEncoding enc, int case_fold_flag,
lowlen = ONIGENC_MBC_CASE_FOLD(enc, case_fold_flag, &p, end, lowbuf);
q = lowbuf;
while (lowlen > 0) {
+ if (t >= tend) return 0;
if (*t++ != *q++) return 0;
lowlen--;
}

BIN
onig-6.9.0.tar.gz
View File

Binary file not shown.

BIN
onig-6.9.6.tar.gz Normal file
View File

Binary file not shown.

15
oniguruma.spec
View File

@ -1,6 +1,6 @@
Name: oniguruma
Version: 6.9.0
Release: 3
Version: 6.9.6
Release: 1
Summary: Regular expressions library
License: BSD
URL: https://github.com/kkos/oniguruma/
@ -8,14 +8,6 @@ Source0: https://github.com/kkos/oniguruma/releases/download/v%{version}/oni
BuildRequires: gcc
Patch0001: CVE-2017-9228.patch
Patch0002: CVE-2019-13224.patch
Patch0003: CVE-2019-13225.patch
Patch0004: CVE-2019-16163.patch
Patch0005: CVE-2019-19203.patch
Patch0006: CVE-2019-19204.patch
Patch0007: CVE-2019-19246.patch
Patch0008: CVE-2019-19012.patch
%description
Oniguruma is a regular expressions library.
@ -71,6 +63,9 @@ make check
%doc HISTORY README.md index.html doc/API doc/CALLOUTS.API doc/CALLOUTS.BUILTIN doc/FAQ doc/RE
%changelog
* Sat Jan 23 2021 zoulin <zoulin13@huawei.com> - 6.9.6-1
- update version to 6.9.6
* Mon Jan 04 2020 wangxiao <wangxiao65@huawei.com> - 6.9.0-3
- fix CVE-2019-19012