do we have to fix src/dist/nvi/regex too? it is same spencer regex code as src/lib/libc/regex (but modified for wide character).
ftp://ftp.netbsd.org/pub/NetBSD/misc/tnozaki/patch-dist_nvi_regex very truly yours -- Takehiko NOZAKI<tnoz...@netbsd.org> 2011/10/10 Christos Zoulas <chris...@netbsd.org>: > Module Name: src > Committed By: christos > Date: Sun Oct 9 18:23:00 UTC 2011 > > Modified Files: > src/lib/libc/regex: engine.c regcomp.c regex2.h > > Log Message: > Prevent regcomp/regexec DoS attacks by limiting the amount of memory used > and the level of recursion. Thanks to Maksymilian Arciemowicz for discovery > and help with the implementation. > > > To generate a diff of this commit: > cvs rdiff -u -r1.22 -r1.23 src/lib/libc/regex/engine.c > cvs rdiff -u -r1.29 -r1.30 src/lib/libc/regex/regcomp.c > cvs rdiff -u -r1.12 -r1.13 src/lib/libc/regex/regex2.h > > Please note that diffs are not public domain; they are subject to the > copyright notices on the relevant files. > >
