From: Nuno Lopes <nlopess@php.net>
Date: Sun, 6 Jul 2008 15:23:31 +0000 (+0000)
Subject: fix CVE-2008-2371. patch by Tavis Ormandy
X-Git-Tag: php-5.3.0alpha1~487
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=d771fa6da1560a085989bc7deb1d6d11004c5e0a;p=php

fix CVE-2008-2371. patch by Tavis Ormandy
# currently there's no release of PCRE with this fix. PCRE's author recommended applying this patch in the meantime
---

diff --git a/ext/pcre/pcrelib/pcre_compile.c b/ext/pcre/pcrelib/pcre_compile.c
index 51a51e1253..0f3ebf93fd 100644
--- a/ext/pcre/pcrelib/pcre_compile.c
+++ b/ext/pcre/pcrelib/pcre_compile.c
@@ -4929,7 +4929,7 @@ we set the flag only if there is a literal "\r" or "\n" in the class. */
                (lengthptr == NULL || *lengthptr == 2 + 2*LINK_SIZE))
             {
             cd->external_options = newoptions;
-            options = newoptions;
+            options = *optionsptr = newoptions;
             }
          else
             {