SERVER-17252: CVE-2014-8964: Fix zero-repeat assertion condition bug.

(cherry picked from commit 558a019e51175b874de11f96c276f6be633fea91) (cherry picked from commit 060ec05e9af5530830781da7e69510b8a7474f80)
author: Mark Benvenuto <mark.benvenuto@mongodb.com> 2015-02-19 18:14:52 -0500
committer: Mark Benvenuto <mark.benvenuto@mongodb.com> 2015-03-05 16:15:28 -0500
commit: e8a768d0f47d92d56308ea45c4e5dd98f89b4c07 (patch)
tree: bbf6b6d6f6f128f69c9d9d9412a1a5e2e3633dc9
parent: 32dbdb01ca606df9b639a9569d0be9c226b95cd6 (diff)
download: mongo-e8a768d0f47d92d56308ea45c4e5dd98f89b4c07.tar.gz
1 files changed, 5 insertions, 2 deletions
diff --git a/src/third_party/pcre-8.36/pcre_exec.c b/src/third_party/pcre-8.36/pcre_exec.c
index 654eb9e2762..29b2cd1b9ac 100644
--- a/src/third_party/pcre-8.36/pcre_exec.c
+++ b/src/third_party/pcre-8.36/pcre_exec.c
@@ -1404,8 +1404,11 @@ for (;;)
         condition = TRUE;
 
         /* Advance ecode past the assertion to the start of the first branch,
-        but adjust it so that the general choosing code below works. */
-
+        but adjust it so that the general choosing code below works. If the 
+        assertion has a quantifier that allows zero repeats we must skip over 
+        the BRAZERO. This is a lunatic thing to do, but somebody did! */
+        
+        if (*ecode == OP_BRAZERO) ecode++; 
         ecode += GET(ecode, 1);
         while (*ecode == OP_ALT) ecode += GET(ecode, 1);
         ecode += 1 + LINK_SIZE - PRIV(OP_lengths)[condcode];
author	Mark Benvenuto <mark.benvenuto@mongodb.com>	2015-02-19 18:14:52 -0500
committer	Mark Benvenuto <mark.benvenuto@mongodb.com>	2015-03-05 16:15:28 -0500
commit	e8a768d0f47d92d56308ea45c4e5dd98f89b4c07 (patch)
tree	bbf6b6d6f6f128f69c9d9d9412a1a5e2e3633dc9
parent	32dbdb01ca606df9b639a9569d0be9c226b95cd6 (diff)
download	mongo-e8a768d0f47d92d56308ea45c4e5dd98f89b4c07.tar.gz