From: Remi Collet Date: Tue, 25 Mar 2014 09:58:50 +0000 (+0100) Subject: Fixed bug #66946 extensive backtracking in awk rule regular expression X-Git-Tag: php-5.6.0beta1~3^2~44^2~1^2~2 X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=1df558c6a03f82c7ffa42bc0a49b4561d3cceb92;p=php Fixed bug #66946 extensive backtracking in awk rule regular expression CVE-2013-7345 Applied upstream patch: https://github.com/file/file/commit/ef2329cf71acb59204dd981e2c6cce6c81fe467c Add the magicdata.patch to track patches applied to upstream data file. --- diff --git a/ext/fileinfo/magicdata.patch b/ext/fileinfo/magicdata.patch new file mode 100644 index 0000000000..26d3bbb656 --- /dev/null +++ b/ext/fileinfo/magicdata.patch @@ -0,0 +1,39 @@ +Patches applied to file sources tree before generating magic.mgc +and before running create_data_file.php to create data_file.c. + + + +From ef2329cf71acb59204dd981e2c6cce6c81fe467c Mon Sep 17 00:00:00 2001 +From: Christos Zoulas +Date: Mon, 25 Mar 2013 14:06:55 +0000 +Subject: [PATCH] limit to 100 repetitions to avoid excessive backtracking + Carsten Wolff + +--- + magic/Magdir/commands | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/magic/Magdir/commands b/magic/Magdir/commands +index 67c3eee..4a7d8dd 100644 +--- a/magic/Magdir/commands ++++ b/magic/Magdir/commands +@@ -1,6 +1,6 @@ + + #------------------------------------------------------------------------------ +-# $File: commands,v 1.44 2013/02/05 15:20:47 christos Exp $ ++# $File: commands,v 1.45 2013/02/06 14:18:52 christos Exp $ + # commands: file(1) magic for various shells and interpreters + # + #0 string/w : shell archive or script for antique kernel text +@@ -49,7 +49,7 @@ + !:mime text/x-awk + 0 string/wt #!\ /usr/bin/awk awk script text executable + !:mime text/x-awk +-0 regex =^\\s*BEGIN\\s*[{] awk script text ++0 regex =^\\s{0,100}BEGIN\\s{0,100}[{] awk script text + + # AT&T Bell Labs' Plan 9 shell + 0 string/wt #!\ /bin/rc Plan 9 rc shell script text executable +-- +1.8.5.5 +