|
|
Boost-Commit : |
From: john_at_[hidden]
Date: 2008-01-14 04:53:43
Author: johnmaddock
Date: 2008-01-14 04:53:42 EST (Mon, 14 Jan 2008)
New Revision: 42746
URL: http://svn.boost.org/trac/boost/changeset/42746
Log:
Merge bug fixes from main Trunk: these fix security issues reported by Will Drewry.
Text files modified:
branches/release/boost/regex/v4/basic_regex_parser.hpp | 11 +++++++++++
branches/release/libs/regex/test/regress/test_perl_ex.cpp | 11 +++++++++++
2 files changed, 22 insertions(+), 0 deletions(-)
Modified: branches/release/boost/regex/v4/basic_regex_parser.hpp
==============================================================================
--- branches/release/boost/regex/v4/basic_regex_parser.hpp (original)
+++ branches/release/boost/regex/v4/basic_regex_parser.hpp 2008-01-14 04:53:42 EST (Mon, 14 Jan 2008)
@@ -784,6 +784,7 @@
case syntax_element_restart_continue:
case syntax_element_jump:
case syntax_element_startmark:
+ case syntax_element_backstep:
// can't legally repeat any of the above:
fail(regex_constants::error_badrepeat, m_position - m_base);
return false;
@@ -1869,6 +1870,7 @@
if(markid == -4)
{
re_syntax_base* b = this->getaddress(expected_alt_point);
+ // Make sure we have exactly one alternative following this state:
if(b->type != syntax_element_alt)
{
re_alt* alt = static_cast<re_alt*>(this->insert_state(expected_alt_point, syntax_element_alt, sizeof(re_alt)));
@@ -1879,6 +1881,15 @@
fail(regex_constants::error_bad_pattern, m_position - m_base);
return false;
}
+ // check for invalid repetition of next state:
+ b = this->getaddress(expected_alt_point);
+ b = this->getaddress(static_cast<re_alt*>(b)->next.i, b);
+ if((b->type != syntax_element_assert_backref)
+ && (b->type != syntax_element_startmark))
+ {
+ fail(regex_constants::error_badrepeat, m_position - m_base);
+ return false;
+ }
}
//
// append closing parenthesis state:
Modified: branches/release/libs/regex/test/regress/test_perl_ex.cpp
==============================================================================
--- branches/release/libs/regex/test/regress/test_perl_ex.cpp (original)
+++ branches/release/libs/regex/test/regress/test_perl_ex.cpp 2008-01-14 04:53:42 EST (Mon, 14 Jan 2008)
@@ -121,6 +121,17 @@
TEST_INVALID_REGEX("(?:(a)|b)(?(?:", perl);
TEST_INVALID_REGEX("(?:(a)|b)(?(?<", perl);
TEST_INVALID_REGEX("(?:(a)|b)(?(?<a", perl);
+
+ TEST_INVALID_REGEX("(?(?!#?)+)", perl);
+ TEST_INVALID_REGEX("(?(?=:-){0})", perl);
+ TEST_INVALID_REGEX("(?(123){1})", perl);
+ TEST_INVALID_REGEX("(?(?<=A)*)", perl);
+ TEST_INVALID_REGEX("(?(?<=A)+)", perl);
+
+ TEST_INVALID_REGEX("(?<!*|^)", perl);
+ TEST_INVALID_REGEX("(?<!*|A)", perl);
+ TEST_INVALID_REGEX("(?<=?|A)", perl);
+ TEST_INVALID_REGEX("(?<=*|\\B)", perl);
}
void test_options()
Boost-Commit list run by bdawes at acm.org, david.abrahams at rcn.com, gregod at cs.rpi.edu, cpdaniel at pacbell.net, john at johnmaddock.co.uk