aboutsummaryrefslogtreecommitdiffstats
path: root/main/nmap/CVE-2018-15173.patch
diff options
context:
space:
mode:
Diffstat (limited to 'main/nmap/CVE-2018-15173.patch')
-rw-r--r--main/nmap/CVE-2018-15173.patch34
1 files changed, 34 insertions, 0 deletions
diff --git a/main/nmap/CVE-2018-15173.patch b/main/nmap/CVE-2018-15173.patch
new file mode 100644
index 0000000000..b9620c4ca4
--- /dev/null
+++ b/main/nmap/CVE-2018-15173.patch
@@ -0,0 +1,34 @@
+diff --git a/service_scan.cc b/service_scan.cc
+index 9780ae3..ec8d48d 100644
+--- a/service_scan.cc
++++ b/service_scan.cc
+@@ -489,6 +489,15 @@ void ServiceProbeMatch::InitMatch(const char *matchtext, int lineno) {
+ if (pcre_errptr != NULL)
+ fatal("%s: failed to pcre_study regexp on line %d of nmap-service-probes: %s\n", __func__, lineno, pcre_errptr);
+
++ // Set some limits to avoid evil match cases.
++ // These are flexible; if they cause problems, increase them.
++#ifdef PCRE_ERROR_MATCHLIMIT
++ regex_extra->match_limit = 100000; // 100K
++#endif
++#ifdef PCRE_ERROR_RECURSIONLIMIT
++ regex_extra->match_limit_recursion = 10000; // 10K
++#endif
++
+ free(modestr);
+ free(flags);
+
+@@ -568,6 +577,12 @@ const struct MatchDetails *ServiceProbeMatch::testMatch(const u8 *buf, int bufle
+ if (o.debugging || o.verbose > 1)
+ error("Warning: Hit PCRE_ERROR_MATCHLIMIT when probing for service %s with the regex '%s'", servicename, matchstr);
+ } else
++#endif // PCRE_ERROR_MATCHLIMIT
++#ifdef PCRE_ERROR_RECURSIONLIMIT
++ if (rc == PCRE_ERROR_RECURSIONLIMIT) {
++ if (o.debugging || o.verbose > 1)
++ error("Warning: Hit PCRE_ERROR_RECURSIONLIMIT when probing for service %s with the regex '%s'", servicename, matchstr);
++ } else
+ #endif // PCRE_ERROR_MATCHLIMIT
+ if (rc != PCRE_ERROR_NOMATCH) {
+ fatal("Unexpected PCRE error (%d) when probing for service %s with the regex '%s'", rc, servicename, matchstr);
+