X-Git-Url: http://www.privoxy.org/gitweb/?p=privoxy.git;a=blobdiff_plain;f=pcrs.c;h=4d112271a08a71f63d622f0ad72c8d684fccf21d;hp=52d7b9062f95a95a9cfb2567674486e56f49661a;hb=0dc6d9e4e6ee4a45d7a30da7941b06d685b8af84;hpb=aaeeb414357ff75414ed705302c4624f083bd512 diff --git a/pcrs.c b/pcrs.c index 52d7b906..4d112271 100644 --- a/pcrs.c +++ b/pcrs.c @@ -1,4 +1,4 @@ -const char pcrs_rcs[] = "$Id: pcrs.c,v 1.40 2012/03/09 17:55:50 fabiankeil Exp $"; +const char pcrs_rcs[] = "$Id: pcrs.c,v 1.46 2014/11/14 10:40:10 fabiankeil Exp $"; /********************************************************************* * * File : $Source: /cvsroot/ijbswa/current/pcrs.c,v $ @@ -301,7 +301,7 @@ static pcrs_substitute *pcrs_compile_replacement(const char *replacement, int tr */ const int ascii_value = xtoi(&replacement[i+2]); - assert(ascii_value > 0); + assert(ascii_value >= 0); assert(ascii_value < 256); text[k++] = (char)ascii_value; i += 4; @@ -319,6 +319,13 @@ static pcrs_substitute *pcrs_compile_replacement(const char *replacement, int tr if (replacement[i] == '$' && !quoted && i < (int)(length - 1)) { char *symbol, symbols[] = "'`+&"; + if (l >= PCRS_MAX_SUBMATCHES) + { + freez(text); + freez(r); + *errptr = PCRS_WARN_BADREF; + return NULL; + } r->block_length[l] = (size_t)(k - r->block_offset[l]); /* Numerical backreferences */ @@ -330,7 +337,10 @@ static pcrs_substitute *pcrs_compile_replacement(const char *replacement, int tr } if (r->backref[l] > capturecount) { + freez(text); + freez(r); *errptr = PCRS_WARN_BADREF; + return NULL; } } @@ -360,14 +370,17 @@ static pcrs_substitute *pcrs_compile_replacement(const char *replacement, int tr } /* Valid and in range? -> record */ - if (r->backref[l] < PCRS_MAX_SUBMATCHES + 2) + if (0 <= r->backref[l] && r->backref[l] < PCRS_MAX_SUBMATCHES + 2) { r->backref_count[r->backref[l]] += 1; r->block_offset[++l] = k; } else { + freez(text); + freez(r); *errptr = PCRS_WARN_BADREF; + return NULL; } continue; } @@ -725,7 +738,7 @@ int pcrs_execute_list(pcrs_job *joblist, char *subject, size_t subject_length, c * 1 : job = the pcrs_job to be executed * 2 : subject = the subject (== original) string * 3 : subject_length = the subject's length - * 4 : result = char** for returning the result + * 4 : result = char** for returning the result (NULL on error) * 5 : result_length = size_t* for returning the result's length * * Returns : On success, the number of substitutions that were made. @@ -747,19 +760,18 @@ int pcrs_execute(pcrs_job *job, const char *subject, size_t subject_length, char char *result_offset; offset = i = 0; + *result = NULL; /* * Sanity check & memory allocation */ if (job == NULL || job->pattern == NULL || job->substitute == NULL || NULL == subject) { - *result = NULL; return(PCRS_ERR_BADJOB); } if (NULL == (matches = (pcrs_match *)malloc((size_t)max_matches * sizeof(pcrs_match)))) { - *result = NULL; return(PCRS_ERR_NOMEM); } memset(matches, '\0', (size_t)max_matches * sizeof(pcrs_match)); @@ -806,7 +818,6 @@ int pcrs_execute(pcrs_job *job, const char *subject, size_t subject_length, char if (NULL == (dummy = (pcrs_match *)realloc(matches, (size_t)max_matches * sizeof(pcrs_match)))) { free(matches); - *result = NULL; return(PCRS_ERR_NOMEM); } matches = dummy; @@ -825,7 +836,7 @@ int pcrs_execute(pcrs_job *job, const char *subject, size_t subject_length, char else offset = offsets[1]; } - /* Pass pcre error through if (bad) failiure */ + /* Pass pcre error through if (bad) failure */ if (submatches < PCRE_ERROR_NOMATCH) { free(matches); @@ -997,8 +1008,8 @@ char pcrs_get_delimiter(const char *string) * Some characters that are unlikely to * be part of pcrs replacement strings. */ - char delimiters[] = "><#+*~%^-:;!@"; - char *d = delimiters; + static const char delimiters[] = "><#+*~%^-:;!@"; + const char *d = delimiters; /* Take the first delimiter that isn't part of the string */ while (*d && NULL != strchr(string, *d)) @@ -1102,6 +1113,7 @@ pcrs_job *pcrs_compile_dynamic_command(char *pcrs_command, const struct pcrs_var { /* No proper delimiter found */ *error = PCRS_ERR_CMDSYNTAX; + freez(pcrs_command_tmp); return NULL; }