Bug#441355: regcomp DoS'able in utf-8 locales

To: submit@bugs.debian.org
Subject: Bug#441355: regcomp DoS'able in utf-8 locales
From: Rich Felker <dalias@aerifal.cx>
Date: Sun, 9 Sep 2007 01:14:56 -0400
Message-id: <[🔎] 20070909051456.GP221@brightrain.aerifal.cx>
Reply-to: Rich Felker <dalias@aerifal.cx>, 441355@bugs.debian.org

Package: libc6
Version: 2.6.1-2
Severity: important

glibc's regular expression engine crashes with sig11 whenever trying
to compile a regular expression with non-ASCII range expressions if
LC_CTYPE is a UTF-8 locale but LC_COLLATE is set to C or POSIX. This
is a common setup among users who want traditional codepoint-order
sorting but need UTF-8 encoding.

$ LANG=en_US.UTF-8 LC_COLLATE=C grep '[Á-ä]'
Segmentation fault

The bug can cause crashes in any program using the system regex
routines and could in principle be used for DoS attacks if a
less-privileged user is able to provide regular expressions to a
more-privileged process.

Reply to:

Follow-Ups:
- Bug#441355: regcomp DoS'able in utf-8 locales
  - From: Aurelien Jarno <aurelien@aurel32.net>
- Bug#441355: marked as done (regcomp DoS'able in utf-8 locales)
  - From: owner@bugs.debian.org (Debian Bug Tracking System)

Prev by Date: Re: glibc's getaddrinfo() sort order
Next by Date: Bug#441360: locales 2.6.1-2 ships /etc/default/locale as a conffile
Previous by thread: r2535 - in glibc-package/trunk/debian: . sysdeps
Next by thread: Bug#441355: regcomp DoS'able in utf-8 locales
Index(es):
- Date
- Thread