the pcrs substitutes. They don't have to be valid C
strings and getting their length wrong can result in
user-controlled memory corruption.
Thanks to Felix Gröbert for reporting the problem
and providing the fix [#
1627140].
Florian Effenberger
Dean Gaudet
Daniel Griscom
Florian Effenberger
Dean Gaudet
Daniel Griscom
Aaron Hamid
Darel Henman
Magnus Holmgren
Aaron Hamid
Darel Henman
Magnus Holmgren
-const char pcrs_rcs[] = "$Id: pcrs.c,v 1.22 2006/12/24 17:34:20 fabiankeil Exp $";
+const char pcrs_rcs[] = "$Id: pcrs.c,v 1.23 2006/12/29 17:53:05 fabiankeil Exp $";
/*********************************************************************
*
/*********************************************************************
*
*
* Revisions :
* $Log: pcrs.c,v $
*
* Revisions :
* $Log: pcrs.c,v $
+ * Revision 1.23 2006/12/29 17:53:05 fabiankeil
+ * Fixed gcc43 conversion warnings.
+ *
* Revision 1.22 2006/12/24 17:34:20 fabiankeil
* Add pcrs_strerror() message for PCRE_ERROR_MATCHLIMIT
* and give a hint why an error code might be unknown.
* Revision 1.22 2006/12/24 17:34:20 fabiankeil
* Add pcrs_strerror() message for PCRE_ERROR_MATCHLIMIT
* and give a hint why an error code might be unknown.
*/
r->text = text;
r->backrefs = l;
*/
r->text = text;
r->backrefs = l;
r->block_length[l] = (size_t)(k - r->block_offset[l]);
return r;
r->block_length[l] = (size_t)(k - r->block_offset[l]);
return r;
newsize += matches[i].submatch_length[k] * (size_t)job->substitute->backref_count[k];
}
/* plus replacement text size minus match text size */
newsize += matches[i].submatch_length[k] * (size_t)job->substitute->backref_count[k];
}
/* plus replacement text size minus match text size */
- newsize += strlen(job->substitute->text) - matches[i].submatch_length[0];
+ newsize += job->substitute->length - matches[i].submatch_length[0];
/* chunk before match */
matches[i].submatch_offset[PCRS_MAX_SUBMATCHES] = 0;
/* chunk before match */
matches[i].submatch_offset[PCRS_MAX_SUBMATCHES] = 0;
*
* Revisions :
* $Log: pcrs.h,v $
*
* Revisions :
* $Log: pcrs.h,v $
+ * Revision 1.14 2006/12/24 17:27:37 fabiankeil
+ * Increase pcrs error code offset to prevent overlaps
+ * with pcre versions newer than our own.
+ *
* Revision 1.13 2006/07/18 14:48:47 david__schmidt
* Reorganizing the repository: swapping out what was HEAD (the old 3.1 branch)
* with what was really the latest development (the v_3_0_branch branch)
* Revision 1.13 2006/07/18 14:48:47 david__schmidt
* Reorganizing the repository: swapping out what was HEAD (the old 3.1 branch)
* with what was really the latest development (the v_3_0_branch branch)
*
*********************************************************************/
*
*********************************************************************/
-#define PCRS_H_VERSION "$Id: pcrs.h,v 1.13 2006/07/18 14:48:47 david__schmidt Exp $"
+#define PCRS_H_VERSION "$Id: pcrs.h,v 1.14 2006/12/24 17:27:37 fabiankeil Exp $"
typedef struct {
char *text; /* The plaintext part of the substitute, with all backreferences stripped */
typedef struct {
char *text; /* The plaintext part of the substitute, with all backreferences stripped */
+ size_t length; /* The substitute may not be a valid C string so we can't rely on strlen(). */
int backrefs; /* The number of backreferences */
int block_offset[PCRS_MAX_SUBMATCHES]; /* Array with the offsets of all plaintext blocks in text */
size_t block_length[PCRS_MAX_SUBMATCHES]; /* Array with the lengths of all plaintext blocks in text */
int backrefs; /* The number of backreferences */
int block_offset[PCRS_MAX_SUBMATCHES]; /* Array with the offsets of all plaintext blocks in text */
size_t block_length[PCRS_MAX_SUBMATCHES]; /* Array with the lengths of all plaintext blocks in text */
projects / privoxy.git / commitdiff