upstream/opnsense-src
1
0
Fork 0
mirror of https://github.com/opnsense/src.git synced 2026-05-28 04:12:45 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions

Fix a segfault in bsdgrep when parsing the invalid extended regexps "?"

Browse source 
or "+" (these are invalid, because there is no preceding operand).

When bsdgrep attempts to emulate GNU grep in discarding and ignoring the
invalid ? or + operators, some later logic in tre_compile_fast() goes
beyond the end of the buffer, leading to a crash.

Fix this by bailing out, and reporting a bad pattern instead.

Reported by:	Steve Kargl
MFC after:	1 week
This commit is contained in:
Dimitry Andric 2016-08-02 20:25:22 +00:00
parent 20136ffc7b
commit 00f060000f
1 changed files with 1 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
usr.bin/grep/regex/tre-fastmatch.c
View file

@ -621,7 +621,7 @@ tre_compile_fast(fastmatch_t *fg, const tre_char_t *pat, size_t n,
case TRE_CHAR('+'):
case TRE_CHAR('?'):
if ((cflags & REG_EXTENDED) && (i == 0))
continue;
goto badpat;
else if ((cflags & REG_EXTENDED) ^ !escaped)
STORE_CHAR;
else