From 497e246e999d14efabd820c47b013d4607dbc344 Mon Sep 17 00:00:00 2001 From: Karl Williamson Date: Mon, 24 Sep 2018 11:54:41 -0600 Subject: [PATCH 1/3] PATCH: [perl #133423] for 5.26 maint CVE: CVE-2018-18312 Upstream-Status: Backport [https://perl5.git.perl.org/perl.git/commit/5dfd9842f2802803604cf517016d4d0518226006] Signed-off-by: Dan Tran --- regcomp.c | 1 - t/re/reg_mesg.t | 5 +++++ 2 files changed, 5 insertions(+), 1 deletion(-) diff --git a/regcomp.c b/regcomp.c index edfae9cffd..00d26d9290 100644 --- a/regcomp.c +++ b/regcomp.c @@ -14872,7 +14872,6 @@ redo_curchar: RExC_parse++; assert(UCHARAT(RExC_parse) == ')'); - RExC_parse++; RExC_flags = save_flags; goto handle_operand; } diff --git a/t/re/reg_mesg.t b/t/re/reg_mesg.t index 08d90c5c40..658397ac27 100644 --- a/t/re/reg_mesg.t +++ b/t/re/reg_mesg.t @@ -93,6 +93,8 @@ my $high_mixed_digit = ('A' lt '0') ? '0' : 'A'; my $colon_hex = sprintf "%02X", ord(":"); my $tab_hex = sprintf "%02X", ord("\t"); +my $bug133423 = "(?[(?^:(?[\\\x00]))\\]\x00|2[^^]\x80\x80\x80\x80\x80\x80\x80\x80\x80\x80\x80\x80\x80\x80\x80\x80\x80\x80\x80\x80\x80\x80\x80\x80\x80\x80\x80\x80\x80\x80\x80\x80\x80\x80])R.\\670"; + ## ## Key-value pairs of code/error of code that should have fatal errors. ## @@ -269,6 +271,9 @@ my @death = '/(?[()-!])/' => 'Incomplete expression within \'(?[ ])\' {#} m/(?[(){#}-!])/', # [perl #126204] '/(?[!()])/' => 'Incomplete expression within \'(?[ ])\' {#} m/(?[!(){#}])/', # [perl #126404] '/(?<=/' => 'Sequence (?... not terminated {#} m/(?<={#}/', # [perl #128170] + "/$bug133423/" => "Operand with no preceding operator {#} m/(?[(?^:(?[\\]))\\{#}]|2[^^]\x80\x80\x80\x80\x80\x80\x80\x80\x80\x80\x80\x80\x80\x80\x80\x80\x80\x80\x80\x80\x80\x80\x80\x80\x80\x80\x80\x80\x80\x80\x80\x80\x80\x80])R.\\670/", + + ); # These are messages that are warnings when not strict; death under 'use re -- 2.22.0.vfs.1.1.57.gbaf16c8