X-Git-Url: http://www.privoxy.org/gitweb/gpl.html?a=blobdiff_plain;f=pcrs.c;h=007f7cc104d9b9cb40648434f938a597df30508c;hb=f46a632a6bb78c63a349cd6c4628fa31a4d52e9a;hp=52d7b9062f95a95a9cfb2567674486e56f49661a;hpb=aaeeb414357ff75414ed705302c4624f083bd512;p=privoxy.git
diff --git a/pcrs.c b/pcrs.c
index 52d7b906..007f7cc1 100644
--- a/pcrs.c
+++ b/pcrs.c
@@ -1,4 +1,3 @@
-const char pcrs_rcs[] = "$Id: pcrs.c,v 1.40 2012/03/09 17:55:50 fabiankeil Exp $";
/*********************************************************************
*
* File : $Source: /cvsroot/ijbswa/current/pcrs.c,v $
@@ -17,21 +16,20 @@ const char pcrs_rcs[] = "$Id: pcrs.c,v 1.40 2012/03/09 17:55:50 fabiankeil Exp $
* Copyright (C) 2006, 2007 Fabian Keil
*
* This program is free software; you can redistribute it
- * and/or modify it under the terms of the GNU Lesser
- * General Public License (LGPL), version 2.1, which should
- * be included in this distribution (see LICENSE.txt), with
- * the exception that the permission to replace that license
- * with the GNU General Public License (GPL) given in section
- * 3 is restricted to version 2 of the GPL.
+ * and/or modify it under the terms of the GNU General
+ * Public License as published by the Free Software
+ * Foundation; either version 2 of the License, or (at
+ * your option) any later version.
*
* This program is distributed in the hope that it will
* be useful, but WITHOUT ANY WARRANTY; without even the
* implied warranty of MERCHANTABILITY or FITNESS FOR A
- * PARTICULAR PURPOSE. See the license for more details.
+ * PARTICULAR PURPOSE. See the GNU General Public
+ * License for more details.
*
- * The GNU Lesser General Public License should be included
- * with this file. If not, you can view it at
- * http://www.gnu.org/licenses/lgpl.html
+ * The GNU General Public License should be included with
+ * this file. If not, you can view it at
+ * http://www.gnu.org/copyleft/gpl.html
* or write to the Free Software Foundation, Inc., 59
* Temple Place - Suite 330, Boston, MA 02111-1307, USA.
*
@@ -55,8 +53,6 @@ const char pcrs_rcs[] = "$Id: pcrs.c,v 1.40 2012/03/09 17:55:50 fabiankeil Exp $
#include "pcrs.h"
-const char pcrs_h_rcs[] = PCRS_H_VERSION;
-
/*
* Internal prototypes
*/
@@ -80,6 +76,8 @@ static int is_hex_sequence(const char *sequence);
*********************************************************************/
const char *pcrs_strerror(const int error)
{
+ static char buf[100];
+
if (error != 0)
{
switch (error)
@@ -119,7 +117,11 @@ const char *pcrs_strerror(const int error)
* version. If Privoxy is linked against a newer
* PCRE version all bets are off ...
*/
- default: return "Unknown error. Privoxy out of sync with PCRE?";
+ default:
+ snprintf(buf, sizeof(buf),
+ "Error code %d. For details, check the pcre documentation.",
+ error);
+ return buf;
}
}
/* error >= 0: No error */
@@ -166,6 +168,7 @@ static int pcrs_parse_perl_options(const char *optstring, int *flags)
case 'o': break;
case 's': rc |= PCRE_DOTALL; break;
case 'x': rc |= PCRE_EXTENDED; break;
+ case 'D': *flags |= PCRS_DYNAMIC; break;
case 'U': rc |= PCRE_UNGREEDY; break;
case 'T': *flags |= PCRS_TRIVIAL; break;
default: break;
@@ -176,6 +179,38 @@ static int pcrs_parse_perl_options(const char *optstring, int *flags)
}
+#ifdef FUZZ
+/*********************************************************************
+ *
+ * Function : pcrs_compile_fuzzed_replacement
+ *
+ * Description : Wrapper around pcrs_compile_replacement() for
+ * fuzzing purposes.
+ *
+ * Parameters :
+ * 1 : replacement = replacement part of s/// operator
+ * in perl syntax
+ * 2 : errptr = pointer to an integer in which error
+ * conditions can be returned.
+ *
+ * Returns : pcrs_substitute data structure, or NULL if an
+ * error is encountered. In that case, *errptr has
+ * the reason.
+ *
+ *********************************************************************/
+extern pcrs_substitute *pcrs_compile_fuzzed_replacement(const char *replacement, int *errptr)
+{
+ int capturecount = PCRS_MAX_SUBMATCHES; /* XXX: fuzzworthy? */
+ int trivial_flag = 0; /* We don't want to fuzz strncpy() */
+
+ *errptr = 0; /* XXX: Should pcrs_compile_replacement() do this? */
+
+ return pcrs_compile_replacement(replacement, trivial_flag, capturecount, errptr);
+
+}
+#endif
+
+
/*********************************************************************
*
* Function : pcrs_compile_replacement
@@ -203,10 +238,13 @@ static int pcrs_parse_perl_options(const char *optstring, int *flags)
static pcrs_substitute *pcrs_compile_replacement(const char *replacement, int trivialflag, int capturecount, int *errptr)
{
int i, k, l, quoted;
- size_t length;
char *text;
pcrs_substitute *r;
-
+#ifndef FUZZ
+ size_t length;
+#else
+ static size_t length;
+#endif
i = k = l = quoted = 0;
/*
@@ -243,7 +281,7 @@ static pcrs_substitute *pcrs_compile_replacement(const char *replacement, int tr
*/
if (trivialflag)
{
- text = strncpy(text, replacement, length + 1);
+ strlcpy(text, replacement, length + 1);
k = (int)length;
}
@@ -301,7 +339,7 @@ static pcrs_substitute *pcrs_compile_replacement(const char *replacement, int tr
*/
const int ascii_value = xtoi(&replacement[i+2]);
- assert(ascii_value > 0);
+ assert(ascii_value >= 0);
assert(ascii_value < 256);
text[k++] = (char)ascii_value;
i += 4;
@@ -319,6 +357,13 @@ static pcrs_substitute *pcrs_compile_replacement(const char *replacement, int tr
if (replacement[i] == '$' && !quoted && i < (int)(length - 1))
{
char *symbol, symbols[] = "'`+&";
+ if (l >= PCRS_MAX_SUBMATCHES)
+ {
+ freez(text);
+ freez(r);
+ *errptr = PCRS_WARN_BADREF;
+ return NULL;
+ }
r->block_length[l] = (size_t)(k - r->block_offset[l]);
/* Numerical backreferences */
@@ -330,7 +375,10 @@ static pcrs_substitute *pcrs_compile_replacement(const char *replacement, int tr
}
if (r->backref[l] > capturecount)
{
+ freez(text);
+ freez(r);
*errptr = PCRS_WARN_BADREF;
+ return NULL;
}
}
@@ -359,15 +407,21 @@ static pcrs_substitute *pcrs_compile_replacement(const char *replacement, int tr
goto plainchar;
}
+ assert(r->backref[l] < PCRS_MAX_SUBMATCHES + 2);
/* Valid and in range? -> record */
- if (r->backref[l] < PCRS_MAX_SUBMATCHES + 2)
+ if ((0 <= r->backref[l]) &&
+ (r->backref[l] < PCRS_MAX_SUBMATCHES + 2) &&
+ (l < PCRS_MAX_SUBMATCHES - 1))
{
r->backref_count[r->backref[l]] += 1;
r->block_offset[++l] = k;
}
else
{
+ freez(text);
+ freez(r);
*errptr = PCRS_WARN_BADREF;
+ return NULL;
}
continue;
}
@@ -418,7 +472,14 @@ pcrs_job *pcrs_free_job(pcrs_job *job)
{
next = job->next;
if (job->pattern != NULL) free(job->pattern);
- if (job->hints != NULL) free(job->hints);
+ if (job->hints != NULL)
+ {
+#ifdef PCRE_CONFIG_JIT
+ pcre_free_study(job->hints);
+#else
+ free(job->hints);
+#endif
+ }
if (job->substitute != NULL)
{
if (job->substitute->text != NULL) free(job->substitute->text);
@@ -568,6 +629,7 @@ pcrs_job *pcrs_compile(const char *pattern, const char *substitute, const char *
int flags;
int capturecount;
const char *error;
+ int pcre_study_options = 0;
*errptr = 0;
@@ -607,11 +669,22 @@ pcrs_job *pcrs_compile(const char *pattern, const char *substitute, const char *
}
+#ifdef PCRE_STUDY_JIT_COMPILE
+#ifdef DISABLE_PCRE_JIT_COMPILATION
+#warning PCRE_STUDY_JIT_COMPILE is supported but Privoxy has been configured not to use it
+#else
+ if (!(flags & PCRS_DYNAMIC))
+ {
+ pcre_study_options = PCRE_STUDY_JIT_COMPILE;
+ }
+#endif
+#endif
+
/*
* Generate hints. This has little overhead, since the
* hints will be NULL for a boring pattern anyway.
*/
- newjob->hints = pcre_study(newjob->pattern, 0, &error);
+ newjob->hints = pcre_study(newjob->pattern, pcre_study_options, &error);
if (error != NULL)
{
*errptr = PCRS_ERR_STUDY;
@@ -725,7 +798,7 @@ int pcrs_execute_list(pcrs_job *joblist, char *subject, size_t subject_length, c
* 1 : job = the pcrs_job to be executed
* 2 : subject = the subject (== original) string
* 3 : subject_length = the subject's length
- * 4 : result = char** for returning the result
+ * 4 : result = char** for returning the result (NULL on error)
* 5 : result_length = size_t* for returning the result's length
*
* Returns : On success, the number of substitutions that were made.
@@ -747,19 +820,18 @@ int pcrs_execute(pcrs_job *job, const char *subject, size_t subject_length, char
char *result_offset;
offset = i = 0;
+ *result = NULL;
/*
* Sanity check & memory allocation
*/
if (job == NULL || job->pattern == NULL || job->substitute == NULL || NULL == subject)
{
- *result = NULL;
return(PCRS_ERR_BADJOB);
}
if (NULL == (matches = (pcrs_match *)malloc((size_t)max_matches * sizeof(pcrs_match))))
{
- *result = NULL;
return(PCRS_ERR_NOMEM);
}
memset(matches, '\0', (size_t)max_matches * sizeof(pcrs_match));
@@ -806,7 +878,6 @@ int pcrs_execute(pcrs_job *job, const char *subject, size_t subject_length, char
if (NULL == (dummy = (pcrs_match *)realloc(matches, (size_t)max_matches * sizeof(pcrs_match))))
{
free(matches);
- *result = NULL;
return(PCRS_ERR_NOMEM);
}
matches = dummy;
@@ -825,7 +896,7 @@ int pcrs_execute(pcrs_job *job, const char *subject, size_t subject_length, char
else
offset = offsets[1];
}
- /* Pass pcre error through if (bad) failiure */
+ /* Pass pcre error through if (bad) failure */
if (submatches < PCRE_ERROR_NOMATCH)
{
free(matches);
@@ -944,7 +1015,7 @@ static int is_hex_sequence(const char *sequence)
* FALSE
*
*********************************************************************/
-int pcrs_job_is_dynamic (char *job)
+int pcrs_job_is_dynamic(char *job)
{
const char delimiter = job[1];
const size_t length = strlen(job);
@@ -997,8 +1068,8 @@ char pcrs_get_delimiter(const char *string)
* Some characters that are unlikely to
* be part of pcrs replacement strings.
*/
- char delimiters[] = "><#+*~%^-:;!@";
- char *d = delimiters;
+ static const char delimiters[] = "><#+*~%^-:;!@";
+ const char *d = delimiters;
/* Take the first delimiter that isn't part of the string */
while (*d && NULL != strchr(string, *d))
@@ -1055,7 +1126,6 @@ char *pcrs_execute_single_command(const char *subject, const char *pcrs_command,
}
-static const char warning[] = "... [too long, truncated]";
/*********************************************************************
*
* Function : pcrs_compile_dynamic_command
@@ -1102,6 +1172,7 @@ pcrs_job *pcrs_compile_dynamic_command(char *pcrs_command, const struct pcrs_var
{
/* No proper delimiter found */
*error = PCRS_ERR_CMDSYNTAX;
+ freez(pcrs_command_tmp);
return NULL;
}
@@ -1111,7 +1182,7 @@ pcrs_job *pcrs_compile_dynamic_command(char *pcrs_command, const struct pcrs_var
*/
assert(NULL == strchr(v->name, d));
- ret = snprintf(buf, sizeof(buf), "s%c\\$%s%c%s%cgT", d, v->name, d, v->value, d);
+ ret = snprintf(buf, sizeof(buf), "s%c\\$%s%c%s%cDgT", d, v->name, d, v->value, d);
assert(ret >= 0);
if (ret >= sizeof(buf))
{
@@ -1121,10 +1192,11 @@ pcrs_job *pcrs_compile_dynamic_command(char *pcrs_command, const struct pcrs_var
* with a truncation message and close the pattern
* properly.
*/
- const size_t trailer_size = sizeof(warning) + 3; /* 3 for d + "gT" */
+ static const char warning[] = "... [too long, truncated]";
+ const size_t trailer_size = sizeof(warning) + 4; /* 4 for d + "DgT" */
char *trailer_start = buf + sizeof(buf) - trailer_size;
- ret = snprintf(trailer_start, trailer_size, "%s%cgT", warning, d);
+ ret = snprintf(trailer_start, trailer_size, "%s%cDgT", warning, d);
assert(ret == trailer_size - 1);
assert(sizeof(buf) == strlen(buf) + 1);
truncation = 1;