You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@httpd.apache.org by Jeff Trawick <tr...@gmail.com> on 2005/09/10 15:22:59 UTC

Re: svn commit: r239377 - /httpd/httpd/branches/2.0.x/STATUS

On 8/23/05, jorton@apache.org <jo...@apache.org> wrote:
> Author: jorton
> Date: Tue Aug 23 01:24:52 2005
> New Revision: 239377
> 
> URL: http://svn.apache.org/viewcvs?rev=239377&view=rev
> Log:
> Propose backport of pcre fix.
> 
> Modified:
>     httpd/httpd/branches/2.0.x/STATUS
> 
> Modified: httpd/httpd/branches/2.0.x/STATUS
> URL: http://svn.apache.org/viewcvs/httpd/httpd/branches/2.0.x/STATUS?rev=239377&r1=239376&r2=239377&view=diff
> ==============================================================================
> --- httpd/httpd/branches/2.0.x/STATUS (original)
> +++ httpd/httpd/branches/2.0.x/STATUS Tue Aug 23 01:24:52 2005
> @@ -216,6 +216,12 @@
>    [ please place SVN revisions from trunk here, so it is easy to
>      identify exactly what the proposed changes are! ]
> 
> +    *) Fix CAN-2005-2491, integer overflow in pcre.
> +         http://svn.apache.org/viewcvs?rev=233493&view=rev
> +       rediff for 2.0: http://people.apache.org/~jorton/CAN-2005-2491.patch
> +       test case: perl-framework/t/security/CAN-2005-2491.t
> +       +1: jorton

BTW, what should I expect to get when I run the 2491.t-type test?

with 2.0.54 and a test extracted from the perl-framework, I see

RewriteRule: cannot compile regular expression 'a{111111111111111111}'
or
RewriteRule: cannot compile regular expression 'a{1,11111111111111111111}'

on Linux/x86.  Is my testing hosed (i.e., should I expect it to segfault)?

Re: svn commit: r239377 - /httpd/httpd/branches/2.0.x/STATUS

Posted by Jeff Trawick <tr...@gmail.com>.

On 9/12/05, Joe Orton <jo...@redhat.com> wrote:
> On Sat, Sep 10, 2005 at 09:22:59AM -0400, Jeff Trawick wrote:
> > On 8/23/05, jorton@apache.org <jo...@apache.org> wrote:
> > > +    *) Fix CAN-2005-2491, integer overflow in pcre.
> > > +         http://svn.apache.org/viewcvs?rev=233493&view=rev
> > > +       rediff for 2.0: http://people.apache.org/~jorton/CAN-2005-2491.patch
> > > +       test case: perl-framework/t/security/CAN-2005-2491.t
> > > +       +1: jorton
> >
> > BTW, what should I expect to get when I run the 2491.t-type test?
> 
> With 2.0.54 you should get either a pass or a segfault depending on the
> direction of the wind (unfortunately); if you enable malloc checking in
> libc it is very likely to segfault - "export MALLOC_CHECK_=2" for glibc.

[notice] child pid 3416 exit signal Aborted (6)

(thanks ;) )

Re: svn commit: r239377 - /httpd/httpd/branches/2.0.x/STATUS

Posted by Joe Orton <jo...@redhat.com>.

On Sat, Sep 10, 2005 at 09:22:59AM -0400, Jeff Trawick wrote:
> On 8/23/05, jorton@apache.org <jo...@apache.org> wrote:
> > +    *) Fix CAN-2005-2491, integer overflow in pcre.
> > +         http://svn.apache.org/viewcvs?rev=233493&view=rev
> > +       rediff for 2.0: http://people.apache.org/~jorton/CAN-2005-2491.patch
> > +       test case: perl-framework/t/security/CAN-2005-2491.t
> > +       +1: jorton
> 
> BTW, what should I expect to get when I run the 2491.t-type test?

With 2.0.54 you should get either a pass or a segfault depending on the 
direction of the wind (unfortunately); if you enable malloc checking in 
libc it is very likely to segfault - "export MALLOC_CHECK_=2" for glibc.

joe