SERVER-17252: CVE-2014-8964: Fix zero-repeat assertion condition bug.

(cherry picked from commit 558a019e51175b874de11f96c276f6be633fea91)
author: Mark Benvenuto <mark.benvenuto@mongodb.com> 2015-02-19 18:14:52 -0500
committer: Mark Benvenuto <mark.benvenuto@mongodb.com> 2015-03-05 15:09:12 -0500
commit: 060ec05e9af5530830781da7e69510b8a7474f80 (patch)
tree: 1940afa1565f0352526c2305df36445226f92848
parent: 551728cbb5134f83859b90dc13bfe0174c1e6493 (diff)
download: mongo-060ec05e9af5530830781da7e69510b8a7474f80.tar.gz
1 files changed, 5 insertions, 2 deletions
diff --git a/src/third_party/pcre-8.36/pcre_exec.c b/src/third_party/pcre-8.36/pcre_exec.c
index 654eb9e2762..29b2cd1b9ac 100644
--- a/src/third_party/pcre-8.36/pcre_exec.c
+++ b/src/third_party/pcre-8.36/pcre_exec.c
@@ -1404,8 +1404,11 @@ for (;;)
         condition = TRUE;
 
         /* Advance ecode past the assertion to the start of the first branch,
-        but adjust it so that the general choosing code below works. */
-
+        but adjust it so that the general choosing code below works. If the 
+        assertion has a quantifier that allows zero repeats we must skip over 
+        the BRAZERO. This is a lunatic thing to do, but somebody did! */
+        
+        if (*ecode == OP_BRAZERO) ecode++; 
         ecode += GET(ecode, 1);
         while (*ecode == OP_ALT) ecode += GET(ecode, 1);
         ecode += 1 + LINK_SIZE - PRIV(OP_lengths)[condcode];
author	Mark Benvenuto <mark.benvenuto@mongodb.com>	2015-02-19 18:14:52 -0500
committer	Mark Benvenuto <mark.benvenuto@mongodb.com>	2015-03-05 15:09:12 -0500
commit	060ec05e9af5530830781da7e69510b8a7474f80 (patch)
tree	1940afa1565f0352526c2305df36445226f92848
parent	551728cbb5134f83859b90dc13bfe0174c1e6493 (diff)
download	mongo-060ec05e9af5530830781da7e69510b8a7474f80.tar.gz