X-Git-Url: http://www.privoxy.org/gitweb/?p=privoxy.git;a=blobdiff_plain;f=pcrs.c;h=6da82255508c4d9a4b46f660e151712b673ed9d3;hp=064812770bb71642c34c4e1b93b714b014691f41;hb=da6d6e7115b36cd4e03460c9c49a212edacb159a;hpb=292da21cea2a42b0896d667cff7201ef0ea2894e diff --git a/pcrs.c b/pcrs.c index 06481277..6da82255 100644 --- a/pcrs.c +++ b/pcrs.c @@ -1,4 +1,3 @@ -const char pcrs_rcs[] = "$Id: pcrs.c,v 1.38 2011/09/04 11:10:56 fabiankeil Exp $"; /********************************************************************* * * File : $Source: /cvsroot/ijbswa/current/pcrs.c,v $ @@ -17,21 +16,20 @@ const char pcrs_rcs[] = "$Id: pcrs.c,v 1.38 2011/09/04 11:10:56 fabiankeil Exp $ * Copyright (C) 2006, 2007 Fabian Keil * * This program is free software; you can redistribute it - * and/or modify it under the terms of the GNU Lesser - * General Public License (LGPL), version 2.1, which should - * be included in this distribution (see LICENSE.txt), with - * the exception that the permission to replace that license - * with the GNU General Public License (GPL) given in section - * 3 is restricted to version 2 of the GPL. + * and/or modify it under the terms of the GNU General + * Public License as published by the Free Software + * Foundation; either version 2 of the License, or (at + * your option) any later version. * * This program is distributed in the hope that it will * be useful, but WITHOUT ANY WARRANTY; without even the * implied warranty of MERCHANTABILITY or FITNESS FOR A - * PARTICULAR PURPOSE. See the license for more details. + * PARTICULAR PURPOSE. See the GNU General Public + * License for more details. * - * The GNU Lesser General Public License should be included - * with this file. If not, you can view it at - * http://www.gnu.org/licenses/lgpl.html + * The GNU General Public License should be included with + * this file. If not, you can view it at + * http://www.gnu.org/copyleft/gpl.html * or write to the Free Software Foundation, Inc., 59 * Temple Place - Suite 330, Boston, MA 02111-1307, USA. * @@ -55,8 +53,6 @@ const char pcrs_rcs[] = "$Id: pcrs.c,v 1.38 2011/09/04 11:10:56 fabiankeil Exp $ #include "pcrs.h" -const char pcrs_h_rcs[] = PCRS_H_VERSION; - /* * Internal prototypes */ @@ -80,6 +76,8 @@ static int is_hex_sequence(const char *sequence); *********************************************************************/ const char *pcrs_strerror(const int error) { + static char buf[100]; + if (error != 0) { switch (error) @@ -119,7 +117,11 @@ const char *pcrs_strerror(const int error) * version. If Privoxy is linked against a newer * PCRE version all bets are off ... */ - default: return "Unknown error. Privoxy out of sync with PCRE?"; + default: + snprintf(buf, sizeof(buf), + "Error code %d. For details, check the pcre documentation.", + error); + return buf; } } /* error >= 0: No error */ @@ -176,6 +178,38 @@ static int pcrs_parse_perl_options(const char *optstring, int *flags) } +#ifdef FUZZ +/********************************************************************* + * + * Function : pcrs_compile_fuzzed_replacement + * + * Description : Wrapper around pcrs_compile_replacement() for + * fuzzing purposes. + * + * Parameters : + * 1 : replacement = replacement part of s/// operator + * in perl syntax + * 2 : errptr = pointer to an integer in which error + * conditions can be returned. + * + * Returns : pcrs_substitute data structure, or NULL if an + * error is encountered. In that case, *errptr has + * the reason. + * + *********************************************************************/ +extern pcrs_substitute *pcrs_compile_fuzzed_replacement(const char *replacement, int *errptr) +{ + int capturecount = PCRS_MAX_SUBMATCHES; /* XXX: fuzzworthy? */ + int trivial_flag = 0; /* We don't want to fuzz strncpy() */ + + *errptr = 0; /* XXX: Should pcrs_compile_replacement() do this? */ + + return pcrs_compile_replacement(replacement, trivial_flag, capturecount, errptr); + +} +#endif + + /********************************************************************* * * Function : pcrs_compile_replacement @@ -203,10 +237,13 @@ static int pcrs_parse_perl_options(const char *optstring, int *flags) static pcrs_substitute *pcrs_compile_replacement(const char *replacement, int trivialflag, int capturecount, int *errptr) { int i, k, l, quoted; - size_t length; char *text; pcrs_substitute *r; - +#ifndef FUZZ + size_t length; +#else + static size_t length; +#endif i = k = l = quoted = 0; /* @@ -301,7 +338,7 @@ static pcrs_substitute *pcrs_compile_replacement(const char *replacement, int tr */ const int ascii_value = xtoi(&replacement[i+2]); - assert(ascii_value > 0); + assert(ascii_value >= 0); assert(ascii_value < 256); text[k++] = (char)ascii_value; i += 4; @@ -319,6 +356,13 @@ static pcrs_substitute *pcrs_compile_replacement(const char *replacement, int tr if (replacement[i] == '$' && !quoted && i < (int)(length - 1)) { char *symbol, symbols[] = "'`+&"; + if (l >= PCRS_MAX_SUBMATCHES) + { + freez(text); + freez(r); + *errptr = PCRS_WARN_BADREF; + return NULL; + } r->block_length[l] = (size_t)(k - r->block_offset[l]); /* Numerical backreferences */ @@ -330,7 +374,10 @@ static pcrs_substitute *pcrs_compile_replacement(const char *replacement, int tr } if (r->backref[l] > capturecount) { + freez(text); + freez(r); *errptr = PCRS_WARN_BADREF; + return NULL; } } @@ -359,15 +406,21 @@ static pcrs_substitute *pcrs_compile_replacement(const char *replacement, int tr goto plainchar; } + assert(r->backref[l] < PCRS_MAX_SUBMATCHES + 2); /* Valid and in range? -> record */ - if (r->backref[l] < PCRS_MAX_SUBMATCHES + 2) + if ((0 <= r->backref[l]) && + (r->backref[l] < PCRS_MAX_SUBMATCHES + 2) && + (l < PCRS_MAX_SUBMATCHES - 1)) { r->backref_count[r->backref[l]] += 1; r->block_offset[++l] = k; } else { + freez(text); + freez(r); *errptr = PCRS_WARN_BADREF; + return NULL; } continue; } @@ -725,7 +778,7 @@ int pcrs_execute_list(pcrs_job *joblist, char *subject, size_t subject_length, c * 1 : job = the pcrs_job to be executed * 2 : subject = the subject (== original) string * 3 : subject_length = the subject's length - * 4 : result = char** for returning the result + * 4 : result = char** for returning the result (NULL on error) * 5 : result_length = size_t* for returning the result's length * * Returns : On success, the number of substitutions that were made. @@ -747,19 +800,18 @@ int pcrs_execute(pcrs_job *job, const char *subject, size_t subject_length, char char *result_offset; offset = i = 0; + *result = NULL; /* * Sanity check & memory allocation */ if (job == NULL || job->pattern == NULL || job->substitute == NULL || NULL == subject) { - *result = NULL; return(PCRS_ERR_BADJOB); } if (NULL == (matches = (pcrs_match *)malloc((size_t)max_matches * sizeof(pcrs_match)))) { - *result = NULL; return(PCRS_ERR_NOMEM); } memset(matches, '\0', (size_t)max_matches * sizeof(pcrs_match)); @@ -806,7 +858,6 @@ int pcrs_execute(pcrs_job *job, const char *subject, size_t subject_length, char if (NULL == (dummy = (pcrs_match *)realloc(matches, (size_t)max_matches * sizeof(pcrs_match)))) { free(matches); - *result = NULL; return(PCRS_ERR_NOMEM); } matches = dummy; @@ -825,7 +876,7 @@ int pcrs_execute(pcrs_job *job, const char *subject, size_t subject_length, char else offset = offsets[1]; } - /* Pass pcre error through if (bad) failiure */ + /* Pass pcre error through if (bad) failure */ if (submatches < PCRE_ERROR_NOMATCH) { free(matches); @@ -882,7 +933,7 @@ int pcrs_execute(pcrs_job *job, const char *subject, size_t subject_length, char result_offset, subject + matches[i].submatch_offset[job->substitute->backref[k]], matches[i].submatch_length[job->substitute->backref[k]] - ); + ); result_offset += matches[i].submatch_length[job->substitute->backref[k]]; } } @@ -997,8 +1048,8 @@ char pcrs_get_delimiter(const char *string) * Some characters that are unlikely to * be part of pcrs replacement strings. */ - char delimiters[] = "><§#+*~%^°-:;µ!@"; - char *d = delimiters; + static const char delimiters[] = "><#+*~%^-:;!@"; + const char *d = delimiters; /* Take the first delimiter that isn't part of the string */ while (*d && NULL != strchr(string, *d)) @@ -1102,6 +1153,7 @@ pcrs_job *pcrs_compile_dynamic_command(char *pcrs_command, const struct pcrs_var { /* No proper delimiter found */ *error = PCRS_ERR_CMDSYNTAX; + freez(pcrs_command_tmp); return NULL; }