pcre: fix CVE-2015-3210

 - should fix eap buffer overflow in pcre_compile2() / compile_regex()

Signed-off-by: heil <heil@terminal-consulting.de>

2 files changed, 33 insertions, 1 deletions

diff --git a/libs/pcre/Makefile b/libs/pcre/Makefile
index 78b9af34a..6a9c4144c 100644
--- a/libs/pcre/Makefile
+++ b/libs/pcre/Makefile
@@ -9,7 +9,7 @@ include $(TOPDIR)/rules.mk
 
 PKG_NAME:=pcre
 PKG_VERSION:=8.37
-PKG_RELEASE:=1
+PKG_RELEASE:=2
 
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.bz2
 PKG_SOURCE_URL:=@SF/pcre
diff --git a/libs/pcre/patches/100-pcre-cve-2015-3210.patch b/libs/pcre/patches/100-pcre-cve-2015-3210.patch
new file mode 100644
index 000000000..276d09e9a
--- /dev/null
+++ b/libs/pcre/patches/100-pcre-cve-2015-3210.patch
@@ -0,0 +1,32 @@
+Index: pcre-8.37/pcre_compile.c
+===================================================================
+--- a/pcre_compile.c
++++ b/pcre_compile.c
+@@ -7177,14 +7177,26 @@
+           number. If the name is not found, set the value to 0 for a forward
+           reference. */
+ 
++          recno = 0;
+           ng = cd->named_groups;
+           for (i = 0; i < cd->names_found; i++, ng++)
+             {
+             if (namelen == ng->length &&
+                 STRNCMP_UC_UC(name, ng->name, namelen) == 0)
+-              break;
++              {
++              open_capitem *oc;
++              recno = ng->number;
++              if (is_recurse) break;
++              for (oc = cd->open_caps; oc != NULL; oc = oc->next)         
++                {          
++                if (oc->number == recno)                                     
++                  {               
++                  oc->flag = TRUE;                                      
++                  break;
++                  }                                                         
++                }                          
++              }    
+             }
+-          recno = (i < cd->names_found)? ng->number : 0;
+ 
+           /* Count named back references. */