Browse code

Importing kamailio fixes into the sip-router version of re.c

This patch imports the following two fixes:
* bug fixed in multiple matching on complete lines.
Closes bug #1819248.
Credits go to Alexander Bergolth (SF bergolth)
(svn commit id 3096)

* non-critical bug fixed - invalid regexps may lead to infinite matches
and finally to memory starvation.
Reported to Klaus Darilion <klaus.mailinglists@pernau.at>
(svn commit id 1039)

Jan Janak authored on 08/03/2009 03:32:34
Showing 1 changed files
... ...
@@ -483,18 +483,20 @@ struct replace_lst* subst_run(struct subst_expr* se, const char* input,
483 483
 		DBG("subst_run: running. r=%d\n", r);
484 484
 		/* subst */
485 485
 		if (r==0){ /* != REG_NOMATCH */
486
-			/* change eflags, not to match any more at string start */
487
-			eflags|=REG_NOTBOL;
486
+			if (pmatch[0].rm_so==-1) {
487
+				ERR("subst_run: Unknown offset?\n");
488
+				goto error;
489
+			}
490
+			if (pmatch[0].rm_so==pmatch[0].rm_eo) {
491
+				ERR("subst_run: Matched string is empty, invalid regexp?\n");
492
+				goto error;
493
+			}
488 494
 			*crt=pkg_malloc(sizeof(struct replace_lst));
489 495
 			if (*crt==0){
490 496
 				LOG(L_ERR, "ERROR: subst_run: out of mem (crt)\n");
491 497
 				goto error;
492 498
 			}
493 499
 			memset(*crt, 0, sizeof(struct replace_lst));
494
-			if (pmatch[0].rm_so==-1){
495
-				LOG(L_ERR, "ERROR: subst_run: unknown offset?\n");
496
-				goto error;
497
-			}
498 500
 			(*crt)->offset=pmatch[0].rm_so+(int)(p-input);
499 501
 			(*crt)->size=pmatch[0].rm_eo-pmatch[0].rm_so;
500 502
 			DBG("subst_run: matched (%d, %d): [%.*s]\n",
... ...
@@ -507,6 +509,8 @@ struct replace_lst* subst_run(struct subst_expr* se, const char* input,
507 507
 			}
508 508
 			crt=&((*crt)->next);
509 509
 			p+=pmatch[0].rm_eo;
510
+			if (*(p-1) == '\n' || *(p-1) == '\r') eflags&=~REG_NOTBOL;
511
+			else eflags|=REG_NOTBOL;
510 512
 			cnt++;
511 513
 		}
512 514
 	}while((r==0) && se->replace_all);