d/freebsd-dev
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
50a717a67b
freebsd-dev/lib/libc/regex
History
Pedro F. Giffuni 0f23ab8aac Fix out-of-bounds read in libc/regex. 
The bug is an out-of-bounds read detected with address sanitizer that
happens when 'sp' in p_b_coll_elems() includes NUL byte[s], e.g. if it's
equal to "GS\x00". In that case len will be equal to 4, and the
strncmp(cp->name, sp, len) call will succeed when cp->name is "GS" but the
cp->name[len] == '\0' comparison will cause the read to go out-of-bounds.

Checking the length using strlen() instead eliminates the issue.

The bug was found in LLVM with oss-fuzz:
	https://reviews.llvm.org/D39380

MFC after:	1 week
Obtained from:	Vlad Tsyrklevich through posting on openbsd-tech
2017-10-28 20:09:34 +00:00
..
grot Replace dot-dot relative pathing with SRCTOP-relative paths where possible 2017-01-20 03:23:24 +00:00
cname.h regex: unsign and constify some variables. 2017-04-23 21:51:29 +00:00
COPYRIGHT
engine.c regex(3): Refactor fast/slow stepping bits in the matching engine 2017-08-09 01:04:36 +00:00
Makefile.inc Replace use of ${.CURDIR} by ${LIBC_SRCTOP} and define ${LIBC_SRCTOP} 2014-03-04 02:19:39 +00:00
re_format.7 Remove SVR4 (System V Release 4) binary compatibility support. 2017-02-28 05:14:42 +00:00
regcomp.c Fix out-of-bounds read in libc/regex. 2017-10-28 20:09:34 +00:00
regerror.c regex: unsign and constify some variables. 2017-04-23 21:51:29 +00:00
regex2.h The impending libregex will implement GNU extensions to bring BREs and 2017-07-06 17:01:51 +00:00
regex.3 Renumber copyright clause 4 2017-02-28 23:42:47 +00:00
regexec.c regex: unsign and constify some variables. 2017-04-23 21:51:29 +00:00
regfree.c regex: unsign and constify some variables. 2017-04-23 21:51:29 +00:00
Symbol.map
utils.h Renumber copyright clause 4 2017-02-28 23:42:47 +00:00
WHATSNEW