From e8a768d0f47d92d56308ea45c4e5dd98f89b4c07 Mon Sep 17 00:00:00 2001 From: Mark Benvenuto Date: Thu, 19 Feb 2015 18:14:52 -0500 Subject: SERVER-17252: CVE-2014-8964: Fix zero-repeat assertion condition bug. (cherry picked from commit 558a019e51175b874de11f96c276f6be633fea91) (cherry picked from commit 060ec05e9af5530830781da7e69510b8a7474f80) --- src/third_party/pcre-8.36/pcre_exec.c | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/src/third_party/pcre-8.36/pcre_exec.c b/src/third_party/pcre-8.36/pcre_exec.c index 654eb9e2762..29b2cd1b9ac 100644 --- a/src/third_party/pcre-8.36/pcre_exec.c +++ b/src/third_party/pcre-8.36/pcre_exec.c @@ -1404,8 +1404,11 @@ for (;;) condition = TRUE; /* Advance ecode past the assertion to the start of the first branch, - but adjust it so that the general choosing code below works. */ - + but adjust it so that the general choosing code below works. If the + assertion has a quantifier that allows zero repeats we must skip over + the BRAZERO. This is a lunatic thing to do, but somebody did! */ + + if (*ecode == OP_BRAZERO) ecode++; ecode += GET(ecode, 1); while (*ecode == OP_ALT) ecode += GET(ecode, 1); ecode += 1 + LINK_SIZE - PRIV(OP_lengths)[condcode]; -- cgit v1.2.1