File php-CVE-2017-9226.patch of Package php5.6680

Overview Repositories Revisions Requests Users Attributes Meta

File php-CVE-2017-9226.patch of Package php5.6680

Index: php-7.0.7/ext/mbstring/oniguruma/regparse.c
===================================================================
--- php-7.0.7.orig/ext/mbstring/oniguruma/regparse.c	2016-05-25 15:13:22.000000000 +0200
+++ php-7.0.7/ext/mbstring/oniguruma/regparse.c	2017-05-29 16:35:41.105004093 +0200
@@ -3064,7 +3064,7 @@ fetch_token_in_cc(OnigToken* tok, UChar*
 	PUNFETCH;
 	prev = p;
 	num = scan_unsigned_octal_number(&p, end, 3, enc);
-	if (num < 0) return ONIGERR_TOO_BIG_NUMBER;
+	if (num < 0 || num >= 256) return ONIGERR_TOO_BIG_NUMBER;
 	if (p == prev) {  /* can't read nothing. */
 	  num = 0; /* but, it's not error */
 	}
@@ -3436,7 +3436,7 @@ fetch_token(OnigToken* tok, UChar** src,
       if (IS_SYNTAX_OP(syn, ONIG_SYN_OP_ESC_OCTAL3)) {
 	prev = p;
 	num = scan_unsigned_octal_number(&p, end, (c == '0' ? 2:3), enc);
-	if (num < 0) return ONIGERR_TOO_BIG_NUMBER;
+	if (num < 0 || num >= 256) return ONIGERR_TOO_BIG_NUMBER;
 	if (p == prev) {  /* can't read nothing. */
 	  num = 0; /* but, it's not error */
 	}
@@ -4083,8 +4083,11 @@ next_state_val(CClassNode* cc, OnigCodeP
 
   switch (*state) {
   case CCS_VALUE:
-    if (*type == CCV_SB)
+    if (*type == CCV_SB) { 
+      if (*vs > 0xff)
+          return ONIGERR_INVALID_CODE_POINT_VALUE;
       BITSET_SET_BIT(cc->bs, (int )(*vs));
+    }
     else if (*type == CCV_CODE_POINT) {
       r = add_code_range(&(cc->mbuf), env, *vs, *vs);
       if (r < 0) return r;

Places

File php-CVE-2017-9226.patch of Package php5.6680

Places