Gitweb:
https://git.exim.org/exim.git/commitdiff/e63825824cc406c160ccbf2b154c5d81b168604a
Commit: e63825824cc406c160ccbf2b154c5d81b168604a
Parent: f46f589c505e07541e49b37d8690cda297c41802
Author: Jeremy Harris <jgh146exb@???>
AuthorDate: Fri Nov 11 00:05:59 2022 +0000
Committer: Jeremy Harris <jgh146exb@???>
CommitDate: Fri Nov 11 00:05:59 2022 +0000
Fix regext substring capture variables for null matches. Bug 2933
broken-by: 59d66fdc13f0
---
doc/doc-txt/ChangeLog | 5 +++++
src/src/exim.c | 2 ++
src/src/malware.c | 3 +++
src/src/regex.c | 2 +-
4 files changed, 11 insertions(+), 1 deletion(-)
diff --git a/doc/doc-txt/ChangeLog b/doc/doc-txt/ChangeLog
index 290ca36b9..5f2cff6f5 100644
--- a/doc/doc-txt/ChangeLog
+++ b/doc/doc-txt/ChangeLog
@@ -57,6 +57,11 @@ JH/12 Bug 2930: Fix daemon startup. When started from any process apart from
JH/13 Bug 2929: Fix using $recipients after ${run...}. A change made for 4.96
resulted in the variable appearing empty. Find and fix by Ruben Jenster.
+JH/14 Bug 2933: Fix regex substring match variables for null matches. Since 4.96
+ a capture group which obtained no text (eg. "(abc)*" matching zero
+ occurrences) could cause a segfault if the corresponding $<n> was
+ expanded.
+
Exim version 4.96
-----------------
diff --git a/src/src/exim.c b/src/src/exim.c
index b3fd9eff0..47a685aa7 100644
--- a/src/src/exim.c
+++ b/src/src/exim.c
@@ -134,6 +134,8 @@ if ((yield = (res >= 0)))
PCRE2_SIZE len;
pcre2_substring_get_bynumber(md, matchnum,
(PCRE2_UCHAR **)&expand_nstring[expand_nmax], &len);
+ if (!expand_nstring[expand_nmax])
+ { expand_nstring[expand_nmax] = US""; len = 0; }
expand_nlength[expand_nmax++] = (int)len;
}
expand_nmax--;
diff --git a/src/src/malware.c b/src/src/malware.c
index 8b5ec27c4..423a5b692 100644
--- a/src/src/malware.c
+++ b/src/src/malware.c
@@ -314,7 +314,10 @@ PCRE2_UCHAR * substr = NULL;
PCRE2_SIZE slen;
if (i >= 2) /* Got it */
+ {
pcre2_substring_get_bynumber(md, 1, &substr, &slen); /* uses same ctx as md */
+ if (!substr) substr = US"";
+ }
/* pcre2_match_data_free(md); gen ctx needs no free */
return US substr;
}
diff --git a/src/src/regex.c b/src/src/regex.c
index 25496f950..b401ba0d7 100644
--- a/src/src/regex.c
+++ b/src/src/regex.c
@@ -82,7 +82,7 @@ for (pcre_list * ri = re_list_head; ri; ri = ri->next)
PCRE2_UCHAR * cstr;
PCRE2_SIZE cslen;
pcre2_substring_get_bynumber(md, nn, &cstr, &cslen); /* uses same ctx as md */
- regex_vars[nn-1] = CUS cstr;
+ regex_vars[nn-1] = cstr ? CUS cstr : CUS"";
}
return OK;