Use non-releaseable memory for regex match strings. Bug 3047

[exim.git] / src / src / regex.c

diff --git a/src/src/regex.c b/src/src/regex.c
index 210620f26314ca7c8e23de32d8e1d825fc4e24bd..bb34e5b23f4ad1a63167c503e6cf87fa6e328ba9 100644 (file)
--- a/src/src/regex.c
+++ b/src/src/regex.c
@@ -3,9 +3,10 @@
 *************************************************/
 
 /*
- * Copyright (c) The Exim Maintainers 2016 - 2022
+ * Copyright (c) The Exim Maintainers 2016 - 2023
  * Copyright (c) Tom Kistner <tom@duncanthrax.net> 2003-2015
  * License: GPL
+ * SPDX-License-Identifier: GPL-2.0-or-later
  */
 
 /* Code for matching regular expressions against headers and body.
@@ -30,12 +31,11 @@ extern uschar *mime_current_boundary;
 
 
 static pcre_list *
-compile(const uschar * list, BOOL cacheable)
+compile(const uschar * list, BOOL cacheable, int * cntp)
 {
-int sep = 0;
+int sep = 0, cnt = 0;
 uschar * regex_string;
-pcre_list * re_list_head = NULL;
-pcre_list * ri;
+pcre_list * re_list_head = NULL, * ri;
 
 /* precompile our regexes */
 while ((regex_string = string_nextinlist(&list, &sep, NULL, 0)))
@@ -57,10 +57,19 @@ while ((regex_string = string_nextinlist(&list, &sep, NULL, 0)))
     ri->pcre_text = regex_string;
     ri->next = re_list_head;
     re_list_head = ri;
+    cnt++;
     }
+if (cntp) *cntp = cnt;
 return re_list_head;
 }
 
+
+/* Check list of REs against buffer, returning OK for (first) match,
+else FAIL.  On match return allocated result strings in regex_vars[]. 
+
+We use the perm-pool for that, so that our caller can release
+other allocations.
+*/
 static int
 matcher(pcre_list * re_list_head, uschar * linebuffer, int len)
 {
@@ -73,6 +82,9 @@ for (pcre_list * ri = re_list_head; ri; ri = ri->next)
   /* try matcher on the line */
   if ((n = pcre2_match(ri->re, (PCRE2_SPTR)linebuffer, len, 0, 0, md, pcre_gen_mtc_ctx)) > 0)
     {
+    int save_pool = store_pool;
+    store_pool = POOL_PERM;
+
     Ustrncpy(regex_match_string_buffer, ri->pcre_text,
              sizeof(regex_match_string_buffer)-1);
     regex_match_string = regex_match_string_buffer;
@@ -85,6 +97,7 @@ for (pcre_list * ri = re_list_head; ri; ri = ri->next)
       regex_vars[nn-1] = string_copyn(linebuffer + ovec[off], len);
       }
 
+    store_pool = save_pool;
     return OK;
     }
   }
@@ -111,7 +124,8 @@ FILE * mbox_file;
 pcre_list * re_list_head;
 uschar * linebuffer;
 long f_pos = 0;
-int ret = FAIL;
+int ret = FAIL, cnt, lcount = REGEX_LOOPCOUNT_STORE_RESET;
+rmark reset_point;
 
 regex_vars_clear();
 
@@ -135,26 +149,34 @@ else
   mbox_file = mime_stream;
   }
 
-/* precompile our regexes */
-if (!(re_list_head = compile(*listptr, cacheable)))
-  return FAIL;                 /* no regexes -> nothing to do */
-
-/* match each line against all regexes */
-linebuffer = store_get(32767, GET_TAINTED);
-while (fgets(CS linebuffer, 32767, mbox_file))
+reset_point = store_mark();
   {
-  if (  mime_stream && mime_current_boundary           /* check boundary */
-     && Ustrncmp(linebuffer, "--", 2) == 0
-     && Ustrncmp((linebuffer+2), mime_current_boundary,
-                 Ustrlen(mime_current_boundary)) == 0)
-      break;                                           /* found boundary */
-
-  if ((ret = matcher(re_list_head, linebuffer, (int)Ustrlen(linebuffer))) == OK)
-    goto done;
+  /* precompile our regexes */
+  if ((re_list_head = compile(*listptr, cacheable, &cnt)))
+    {
+    /* match each line against all regexes */
+    linebuffer = store_get(32767, GET_TAINTED);
+    while (fgets(CS linebuffer, 32767, mbox_file))
+      {
+      if (  mime_stream && mime_current_boundary               /* check boundary */
+        && Ustrncmp(linebuffer, "--", 2) == 0
+        && Ustrncmp((linebuffer+2), mime_current_boundary,
+                     Ustrlen(mime_current_boundary)) == 0)
+       break;                                          /* found boundary */
+
+      if ((ret = matcher(re_list_head, linebuffer, (int)Ustrlen(linebuffer))) == OK)
+       break;
+
+      if ((lcount -= cnt) <= 0)
+       {
+       store_reset(reset_point); reset_point = store_mark();
+       lcount = REGEX_LOOPCOUNT_STORE_RESET;
+       }
+      }
+    }
   }
-/* no matches ... */
+store_reset(reset_point);
 
-done:
 if (!mime_stream)
   (void)fclose(mbox_file);
 else
@@ -179,14 +201,11 @@ pcre_list * re_list_head = NULL;
 FILE * f;
 uschar * mime_subject = NULL;
 int mime_subject_len = 0;
-int ret;
+int ret = FAIL;
+rmark reset_point;
 
 regex_vars_clear();
 
-/* precompile our regexes */
-if (!(re_list_head = compile(*listptr, cacheable)))
-  return FAIL;                 /* no regexes -> nothing to do */
-
 /* check if the file is already decoded */
 if (!mime_decoded_filename)
   {                            /* no, decode it first */
@@ -209,12 +228,20 @@ if (!(f = fopen(CS mime_decoded_filename, "rb")))
   return DEFER;
   }
 
-/* get 32k memory, tainted */
-mime_subject = store_get(32767, GET_TAINTED);
+reset_point = store_mark();
+  {
+  /* precompile our regexes */
+  if ((re_list_head = compile(*listptr, cacheable, NULL)))
+    {
+    /* get 32k memory, tainted */
+    mime_subject = store_get(32767, GET_TAINTED);
 
-mime_subject_len = fread(mime_subject, 1, 32766, f);
+    mime_subject_len = fread(mime_subject, 1, 32766, f);
 
-ret = matcher(re_list_head, mime_subject, mime_subject_len);
+    ret = matcher(re_list_head, mime_subject, mime_subject_len);
+    }
+  }
+store_reset(reset_point);
 (void)fclose(f);
 return ret;
 }