SERVER-17252: CVE-2014-8964: Fix zero-repeat assertion condition bug.

(cherry picked from commit 558a019e51175b874de11f96c276f6be633fea91)
author: Mark Benvenuto <mark.benvenuto@mongodb.com> 2015-02-19 18:14:52 -0500
committer: Mark Benvenuto <mark.benvenuto@mongodb.com> 2015-03-05 15:18:03 -0500
commit: d101f2d09375b594a3d6051271decd565d389a81 (patch)
tree: d13de2f03b24661f23380c5ae581eacd223758de
parent: 1f27066186e908dbdcad34f857b0b115219e8c40 (diff)
download: mongo-d101f2d09375b594a3d6051271decd565d389a81.tar.gz
1 files changed, 5 insertions, 2 deletions
diff --git a/src/third_party/pcre-8.36/pcre_exec.c b/src/third_party/pcre-8.36/pcre_exec.c
index 654eb9e2762..29b2cd1b9ac 100644
--- a/src/third_party/pcre-8.36/pcre_exec.c
+++ b/src/third_party/pcre-8.36/pcre_exec.c
@@ -1404,8 +1404,11 @@ for (;;)
         condition = TRUE;
 
         /* Advance ecode past the assertion to the start of the first branch,
-        but adjust it so that the general choosing code below works. */
-
+        but adjust it so that the general choosing code below works. If the 
+        assertion has a quantifier that allows zero repeats we must skip over 
+        the BRAZERO. This is a lunatic thing to do, but somebody did! */
+        
+        if (*ecode == OP_BRAZERO) ecode++; 
         ecode += GET(ecode, 1);
         while (*ecode == OP_ALT) ecode += GET(ecode, 1);
         ecode += 1 + LINK_SIZE - PRIV(OP_lengths)[condcode];
author	Mark Benvenuto <mark.benvenuto@mongodb.com>	2015-02-19 18:14:52 -0500
committer	Mark Benvenuto <mark.benvenuto@mongodb.com>	2015-03-05 15:18:03 -0500
commit	d101f2d09375b594a3d6051271decd565d389a81 (patch)
tree	d13de2f03b24661f23380c5ae581eacd223758de
parent	1f27066186e908dbdcad34f857b0b115219e8c40 (diff)
download	mongo-d101f2d09375b594a3d6051271decd565d389a81.tar.gz