[exim-cvs] Fix regext substring capture variables for null m…

Página superior
Eliminar este mensaje
Responder a este mensaje
Autor: Exim Git Commits Mailing List
Fecha:  
A: exim-cvs
Asunto: [exim-cvs] Fix regext substring capture variables for null matches. Bug 2933
Gitweb: https://git.exim.org/exim.git/commitdiff/e63825824cc406c160ccbf2b154c5d81b168604a
Commit:     e63825824cc406c160ccbf2b154c5d81b168604a
Parent:     f46f589c505e07541e49b37d8690cda297c41802
Author:     Jeremy Harris <jgh146exb@???>
AuthorDate: Fri Nov 11 00:05:59 2022 +0000
Committer:  Jeremy Harris <jgh146exb@???>
CommitDate: Fri Nov 11 00:05:59 2022 +0000


    Fix regext substring capture variables for null matches.  Bug 2933


    broken-by: 59d66fdc13f0
---
 doc/doc-txt/ChangeLog | 5 +++++
 src/src/exim.c        | 2 ++
 src/src/malware.c     | 3 +++
 src/src/regex.c       | 2 +-
 4 files changed, 11 insertions(+), 1 deletion(-)


diff --git a/doc/doc-txt/ChangeLog b/doc/doc-txt/ChangeLog
index 290ca36b9..5f2cff6f5 100644
--- a/doc/doc-txt/ChangeLog
+++ b/doc/doc-txt/ChangeLog
@@ -57,6 +57,11 @@ JH/12 Bug 2930: Fix daemon startup.  When started from any process apart from
 JH/13 Bug 2929: Fix using $recipients after ${run...}.  A change made for 4.96
       resulted in the variable appearing empty.  Find and fix by Ruben Jenster.


+JH/14 Bug 2933: Fix regex substring match variables for null matches. Since 4.96
+      a capture group which obtained no text (eg. "(abc)*" matching zero
+      occurrences) could cause a segfault if the corresponding $<n> was
+      expanded.
+


 Exim version 4.96
 -----------------
diff --git a/src/src/exim.c b/src/src/exim.c
index b3fd9eff0..47a685aa7 100644
--- a/src/src/exim.c
+++ b/src/src/exim.c
@@ -134,6 +134,8 @@ if ((yield = (res >= 0)))
     PCRE2_SIZE len;
     pcre2_substring_get_bynumber(md, matchnum,
       (PCRE2_UCHAR **)&expand_nstring[expand_nmax], &len);
+    if (!expand_nstring[expand_nmax])
+      { expand_nstring[expand_nmax] = US""; len = 0; }
     expand_nlength[expand_nmax++] = (int)len;
     }
   expand_nmax--;
diff --git a/src/src/malware.c b/src/src/malware.c
index 8b5ec27c4..423a5b692 100644
--- a/src/src/malware.c
+++ b/src/src/malware.c
@@ -314,7 +314,10 @@ PCRE2_UCHAR * substr = NULL;
 PCRE2_SIZE slen;


 if (i >= 2)                /* Got it */
+  {
   pcre2_substring_get_bynumber(md, 1, &substr, &slen);    /* uses same ctx as md */
+  if (!substr) substr = US"";
+  }
 /* pcre2_match_data_free(md);    gen ctx needs no free */
 return US substr;
 }
diff --git a/src/src/regex.c b/src/src/regex.c
index 25496f950..b401ba0d7 100644
--- a/src/src/regex.c
+++ b/src/src/regex.c
@@ -82,7 +82,7 @@ for (pcre_list * ri = re_list_head; ri; ri = ri->next)
       PCRE2_UCHAR * cstr;
       PCRE2_SIZE cslen;
       pcre2_substring_get_bynumber(md, nn, &cstr, &cslen);    /* uses same ctx as md */
-      regex_vars[nn-1] = CUS cstr;
+      regex_vars[nn-1] = cstr ? CUS cstr : CUS"";
       }


     return OK;