Description: Fix bug for classes containing \\ sequences.
 .
 Addresses CVE-2015-8390.
Origin: upstream, http://vcs.pcre.org/pcre?view=revision&revision=1578
Forwarded: not-needed
Author: Salvatore Bonaccorso <carnil@debian.org>
Last-Update: 2015-12-29
Applied-Upstream: 8.38

---
 pcre_compile.c       | 14 ++++++++------
 testdata/testinput2  |  2 ++
 testdata/testoutput2 |  2 ++
 4 files changed, 16 insertions(+), 6 deletions(-)

--- a/pcre_compile.c
+++ b/pcre_compile.c
@@ -3824,11 +3824,11 @@ didn't consider this to be a POSIX class
 The problem in trying to be exactly like Perl is in the handling of escapes. We
 have to be sure that [abc[:x\]pqr] is *not* treated as containing a POSIX
 class, but [abc[:x\]pqr:]] is (so that an error can be generated). The code
-below handles the special case of \], but does not try to do any other escape
-processing. This makes it different from Perl for cases such as [:l\ower:]
-where Perl recognizes it as the POSIX class "lower" but PCRE does not recognize
-"l\ower". This is a lesser evil than not diagnosing bad classes when Perl does,
-I think.
+below handles the special cases \\ and \], but does not try to do any other
+escape processing. This makes it different from Perl for cases such as
+[:l\ower:] where Perl recognizes it as the POSIX class "lower" but PCRE does
+not recognize "l\ower". This is a lesser evil than not diagnosing bad classes
+when Perl does, I think.
 
 A user pointed out that PCRE was rejecting [:a[:digit:]] whereas Perl was not.
 It seems that the appearance of a nested POSIX class supersedes an apparent
@@ -3855,7 +3855,9 @@ pcre_uchar terminator;          /* Don't
 terminator = *(++ptr);   /* compiler warns about "non-constant" initializer. */
 for (++ptr; *ptr != CHAR_NULL; ptr++)
   {
-  if (*ptr == CHAR_BACKSLASH && ptr[1] == CHAR_RIGHT_SQUARE_BRACKET)
+  if (*ptr == CHAR_BACKSLASH && 
+      (ptr[1] == CHAR_RIGHT_SQUARE_BRACKET ||
+       ptr[1] == CHAR_BACKSLASH))
     ptr++;
   else if (*ptr == CHAR_RIGHT_SQUARE_BRACKET) return FALSE;
   else
--- a/testdata/testinput2
+++ b/testdata/testinput2
@@ -4086,4 +4086,6 @@ backtracking verbs. --/
 //
 \O1
 
+/[[:\\](?'abc')[a:]/
+
 /-- End of testinput2 --/
--- a/testdata/testoutput2
+++ b/testdata/testoutput2
@@ -14211,4 +14211,6 @@ Failed: number is too big at offset 32
 \O1
 Matched, but too many substrings
 
+/[[:\\](?'abc')[a:]/
+
 /-- End of testinput2 --/