1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
|
From e63825824cc406c160ccbf2b154c5d81b168604a Mon Sep 17 00:00:00 2001
From: Jeremy Harris <jgh146exb@wizmail.org>
Date: Fri, 11 Nov 2022 00:05:59 +0000
Subject: [PATCH 1/2] Fix regext substring capture variables for null matches.
Bug 2933
broken-by: 59d66fdc13f0
---
doc/ChangeLog | 5 +++++
src/exim.c | 2 ++
src/malware.c | 3 +++
src/regex.c | 2 +-
4 files changed, 11 insertions(+), 1 deletion(-)
--- a/doc/ChangeLog
+++ b/doc/ChangeLog
@@ -22,10 +22,15 @@
pid 1, in the normal "background daemon" mode, having to drop process-
group leadership also lost track of needing to create listener sockets.
JH/13 Bug 2929: Fix using $recipients after ${run...}. A change made for 4.96
resulted in the variable appearing empty. Find and fix by Ruben Jenster.
+
+JH/14 Bug 2933: Fix regex substring match variables for null matches. Since 4.96
+ a capture group which obtained no text (eg. "(abc)*" matching zero
+ occurrences) could cause a segfault if the corresponding $<n> was
+ expanded.
Exim version 4.96
-----------------
--- a/src/exim.c
+++ b/src/exim.c
@@ -167,10 +167,12 @@
for (int matchnum = setup < 0 ? 0 : 1; matchnum < res; matchnum++)
{
PCRE2_SIZE len;
pcre2_substring_get_bynumber(md, matchnum,
(PCRE2_UCHAR **)&expand_nstring[expand_nmax], &len);
+ if (!expand_nstring[expand_nmax])
+ { expand_nstring[expand_nmax] = US""; len = 0; }
expand_nlength[expand_nmax++] = (int)len;
}
expand_nmax--;
}
else if (res != PCRE2_ERROR_NOMATCH) DEBUG(D_any)
--- a/src/malware.c
+++ b/src/malware.c
@@ -323,11 +323,14 @@
int i = pcre2_match(cre, text, PCRE2_ZERO_TERMINATED, 0, 0, md, pcre_mtc_ctx);
PCRE2_UCHAR * substr = NULL;
PCRE2_SIZE slen;
if (i >= 2) /* Got it */
+ {
pcre2_substring_get_bynumber(md, 1, &substr, &slen);
+ if (!substr) substr = US"";
+ }
return US substr;
}
static const pcre2_code *
m_pcre_nextinlist(const uschar ** list, int * sep,
--- a/src/regex.c
+++ b/src/regex.c
@@ -84,11 +84,11 @@
for (int nn = 1; nn < n; nn++)
{
PCRE2_UCHAR * cstr;
PCRE2_SIZE cslen;
pcre2_substring_get_bynumber(md, nn, &cstr, &cslen);
- regex_vars[nn-1] = CUS cstr;
+ regex_vars[nn-1] = cstr ? CUS cstr : CUS"";
}
return OK;
}
}
|