Commit | Line | Data |
---|---|---|
5f3f7039 MB |
1 | Fix <https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9169>. |
2 | ||
3 | Taken from this upstream commit, sans ChangeLog updates: | |
4 | https://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=583dd860d5b833037175247230a328f0050dbfe9 | |
5 | ||
6 | diff --git a/posix/regexec.c b/posix/regexec.c | |
7 | index 91d5a797b8..084b1222d9 100644 | |
8 | --- a/posix/regexec.c | |
9 | +++ b/posix/regexec.c | |
10 | @@ -1293,8 +1293,10 @@ proceed_next_node (const re_match_context_t *mctx, Idx nregs, regmatch_t *regs, | |
11 | else if (naccepted) | |
12 | { | |
13 | char *buf = (char *) re_string_get_buffer (&mctx->input); | |
14 | - if (memcmp (buf + regs[subexp_idx].rm_so, buf + *pidx, | |
15 | - naccepted) != 0) | |
16 | + if (mctx->input.valid_len - *pidx < naccepted | |
17 | + || (memcmp (buf + regs[subexp_idx].rm_so, buf + *pidx, | |
18 | + naccepted) | |
19 | + != 0)) | |
20 | return -1; | |
21 | } | |
22 | } |