Mercurial > hg > nginx
view src/core/ngx_regex.h @ 7674:7731c710796f
Memcached: protect from too long responses.
If a memcached response was followed by a correct trailer, and then
the NUL character followed by some extra data - this was accepted by
the trailer checking code. This in turn resulted in ctx->rest underflow
and caused negative size buffer on the next reading from the upstream,
followed by the "negative size buf in writer" alert.
Fix is to always check for too long responses, so a correct trailer cannot
be followed by extra data.
author | Maxim Dounin <mdounin@mdounin.ru> |
---|---|
date | Mon, 06 Jul 2020 18:36:17 +0300 |
parents | 6e1a48bcf915 |
children | 0b5f12d5c531 |
line wrap: on
line source
/* * Copyright (C) Igor Sysoev * Copyright (C) Nginx, Inc. */ #ifndef _NGX_REGEX_H_INCLUDED_ #define _NGX_REGEX_H_INCLUDED_ #include <ngx_config.h> #include <ngx_core.h> #include <pcre.h> #define NGX_REGEX_NO_MATCHED PCRE_ERROR_NOMATCH /* -1 */ #define NGX_REGEX_CASELESS PCRE_CASELESS typedef struct { pcre *code; pcre_extra *extra; } ngx_regex_t; typedef struct { ngx_str_t pattern; ngx_pool_t *pool; ngx_int_t options; ngx_regex_t *regex; int captures; int named_captures; int name_size; u_char *names; ngx_str_t err; } ngx_regex_compile_t; typedef struct { ngx_regex_t *regex; u_char *name; } ngx_regex_elt_t; void ngx_regex_init(void); ngx_int_t ngx_regex_compile(ngx_regex_compile_t *rc); #define ngx_regex_exec(re, s, captures, size) \ pcre_exec(re->code, re->extra, (const char *) (s)->data, (s)->len, 0, 0, \ captures, size) #define ngx_regex_exec_n "pcre_exec()" ngx_int_t ngx_regex_exec_array(ngx_array_t *a, ngx_str_t *s, ngx_log_t *log); #endif /* _NGX_REGEX_H_INCLUDED_ */