Pedro F. Giffuni
0f23ab8aac
Fix out-of-bounds read in libc/regex. ...
The bug is an out-of-bounds read detected with address sanitizer that
happens when 'sp' in p_b_coll_elems() includes NUL byte[s], e.g. if it's
equal to "GS\x00". In that case len will be equal to 4, and the
strncmp(cp->name, sp, len) call will succeed when cp->name is "GS" but the
cp->name[len] == '\0' comparison will cause the read to go out-of-bounds.
Checking the length using strlen() instead eliminates the issue.
The bug was found in LLVM with oss-fuzz:
https://reviews.llvm.org/D39380
MFC after: 1 week
Obtained from: Vlad Tsyrklevich through posting on openbsd-tech
2017-10-28 20:09:34 +00:00
2017-08-02 08:50:42 +00:00
2017-10-25 21:45:55 +00:00
2017-08-30 19:19:31 +00:00
2017-05-24 21:02:53 +00:00
2017-01-20 03:34:59 +00:00
2017-10-01 00:40:23 +00:00
2017-01-20 03:55:21 +00:00
2017-01-20 03:55:43 +00:00
2017-01-20 03:56:10 +00:00
2017-04-27 15:03:24 +00:00
2017-03-26 21:14:49 +00:00
2017-05-09 01:48:23 +00:00
2017-01-20 03:58:50 +00:00
2017-10-28 20:09:34 +00:00
2017-01-20 04:04:25 +00:00
2017-07-13 21:58:45 +00:00
2017-07-11 00:32:48 +00:00
2017-08-02 08:14:06 +00:00
2017-10-08 17:29:43 +00:00
2017-10-28 19:23:57 +00:00
2017-07-13 22:01:38 +00:00
2017-01-20 04:51:36 +00:00
2017-02-28 23:42:47 +00:00
2017-10-05 23:01:33 +00:00
2017-08-02 09:00:59 +00:00
2017-10-05 16:42:02 +00:00
2017-02-22 18:44:57 +00:00
2017-10-26 17:56:34 +00:00
2017-07-11 00:32:48 +00:00
2017-01-20 04:54:21 +00:00
2017-09-14 19:50:07 +00:00
2017-09-13 04:32:23 +00:00
2017-01-20 04:54:09 +00:00
2017-07-05 02:58:46 +00:00
2017-03-27 22:34:43 +00:00
2017-01-20 04:53:40 +00:00
2017-01-20 04:53:45 +00:00
2017-08-18 18:20:36 +00:00
2017-07-05 13:13:38 +00:00
2017-10-16 17:21:52 +00:00
2017-04-21 19:27:33 +00:00
2017-04-21 19:27:33 +00:00
2017-10-16 06:54:26 +00:00
2017-04-13 14:44:17 +00:00
2017-04-16 19:23:10 +00:00
2017-01-20 04:50:46 +00:00
2017-08-02 08:14:06 +00:00
2017-01-20 04:50:19 +00:00
2017-01-20 04:46:20 +00:00
2017-09-17 19:14:38 +00:00
2017-07-01 21:18:06 +00:00
2017-05-23 09:29:05 +00:00
2017-08-02 08:50:42 +00:00
2017-07-14 16:45:46 +00:00
2017-04-06 14:36:08 +00:00
2017-01-20 04:41:53 +00:00
2017-09-21 10:00:16 +00:00
2017-01-20 04:40:10 +00:00
2017-10-26 13:23:13 +00:00
2017-08-02 08:50:42 +00:00
2017-03-07 16:06:53 +00:00
2017-01-20 04:37:03 +00:00
2017-09-06 17:19:48 +00:00
2017-10-24 16:28:00 +00:00
2017-09-06 16:24:34 +00:00
2017-10-03 11:45:24 +00:00
2017-04-25 10:29:08 +00:00
2017-06-19 20:47:24 +00:00
2017-07-11 00:32:48 +00:00
2017-08-02 08:50:42 +00:00
2017-03-22 18:14:55 +00:00
2017-08-02 08:14:06 +00:00
2017-01-20 04:35:36 +00:00
2017-01-20 04:35:00 +00:00
2017-01-20 04:35:18 +00:00
2017-01-20 04:34:34 +00:00
2017-03-27 22:34:43 +00:00
2017-01-20 04:33:45 +00:00
2017-10-25 15:30:25 +00:00
2017-07-31 19:07:45 +00:00
2017-10-02 20:33:16 +00:00
2017-04-20 21:01:59 +00:00
2017-09-22 12:45:15 +00:00
2017-10-23 16:55:22 +00:00
2017-01-20 04:29:23 +00:00
2017-01-20 04:31:19 +00:00
2017-08-09 18:06:27 +00:00
2017-01-12 07:26:39 +00:00
2017-08-18 16:42:58 +00:00
2017-02-14 13:35:59 +00:00
2017-01-18 18:14:50 +00:00
2017-08-03 18:07:01 +00:00
2017-02-28 23:42:47 +00:00
2017-01-20 04:28:41 +00:00
2017-04-09 03:50:48 +00:00
2017-05-09 01:48:14 +00:00
2017-10-05 23:01:33 +00:00
2017-08-12 22:20:08 +00:00
2017-10-28 19:23:57 +00:00
0f23ab8aac