Mercurial > hg > nginx

changeset 6644:af642539cd53

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Fixed regex captures handling without PCRE. If PCRE is disabled, captures were treated as normal variables in ngx_http_script_compile(), while code calculating flushes array length in ngx_http_compile_complex_value() did not account captures as variables. This could lead to write outside of the array boundary when setting last element to -1. Found with AddressSanitizer.
author Vladimir Homutov <vl@nginx.com>
date Wed, 06 Jul 2016 14:33:40 +0300
parents 9757cffc1e2f
children b83a067949a3
files src/http/ngx_http_script.c src/stream/ngx_stream_script.c
diffstat 2 files changed, 16 insertions(+), 12 deletions(-) [+]
line wrap: on
line diff
--- a/src/http/ngx_http_script.c
+++ b/src/http/ngx_http_script.c
@@ -350,11 +350,9 @@ ngx_http_script_compile(ngx_http_script_
                 goto invalid_variable;
             }
 
+            if (sc->source->data[i] >= '1' && sc->source->data[i] <= '9') {
 #if (NGX_PCRE)
-            {
-            ngx_uint_t  n;
-
-            if (sc->source->data[i] >= '1' && sc->source->data[i] <= '9') {
+                ngx_uint_t  n;
 
                 n = sc->source->data[i] - '0';
 
@@ -371,9 +369,13 @@ ngx_http_script_compile(ngx_http_script_
                 i++;
 
                 continue;
-            }
+#else
+                ngx_conf_log_error(NGX_LOG_EMERG, sc->cf, 0,
+                                   "using variable \"$%c\" requires "
+                                   "PCRE library", sc->source->data[i]);
+                return NGX_ERROR;
+#endif
             }
-#endif
 
             if (sc->source->data[i] == '{') {
                 bracket = 1;
--- a/src/stream/ngx_stream_script.c
+++ b/src/stream/ngx_stream_script.c
@@ -282,11 +282,9 @@ ngx_stream_script_compile(ngx_stream_scr
                 goto invalid_variable;
             }
 
+            if (sc->source->data[i] >= '1' && sc->source->data[i] <= '9') {
 #if (NGX_PCRE)
-            {
-            ngx_uint_t  n;
-
-            if (sc->source->data[i] >= '1' && sc->source->data[i] <= '9') {
+                ngx_uint_t  n;
 
                 n = sc->source->data[i] - '0';
 
@@ -297,9 +295,13 @@ ngx_stream_script_compile(ngx_stream_scr
                 i++;
 
                 continue;
-            }
+#else
+                ngx_conf_log_error(NGX_LOG_EMERG, sc->cf, 0,
+                                   "using variable \"$%c\" requires "
+                                   "PCRE library", sc->source->data[i]);
+                return NGX_ERROR;
+#endif
             }
-#endif
 
             if (sc->source->data[i] == '{') {
                 bracket = 1;