X-Git-Url: https://git.exim.org/exim.git/blobdiff_plain/7ad1a2b2cc57b5f4bcb59186a9a8abcbed9f4f76..6bf0021993572586f031ac7d973ca33358c2dac8:/src/src/exim.c?ds=sidebyside diff --git a/src/src/exim.c b/src/src/exim.c index 16c0184e0..3cd1d5f6d 100644 --- a/src/src/exim.c +++ b/src/src/exim.c @@ -104,7 +104,9 @@ pcre_gen_mtc_ctx = pcre2_match_context_create(pcre_gen_ctx); /* This function runs a regular expression match, and sets up the pointers to the matched substrings. The matched strings are copied so the lifetime of -the subject is not a problem. +the subject is not a problem. Matched strings will have the same taint status +as the subject string (this is not a de-taint method, and must not be made so +given the support for wildcards in REs). Arguments: re the compiled expression @@ -132,6 +134,11 @@ if ((yield = (res >= 0))) expand_nmax = setup < 0 ? 0 : setup + 1; for (int matchnum = setup < 0 ? 0 : 1; matchnum < res; matchnum++) { + /* Although PCRE2 has a pcre2_substring_get_bynumber() conveneience, it + seems to return a bad pointer when a capture group had no data, eg. (.*) + matching zero letters. So use the underlying ovec and hope (!) that the + offsets are sane (including that case). Should we go further and range- + check each one vs. the subject string length? */ int off = matchnum * 2; int len = ovec[off + 1] - ovec[off]; expand_nstring[expand_nmax] = string_copyn(subject + ovec[off], len); @@ -241,17 +248,17 @@ void * buf[STACKDUMP_MAX]; char ** ss; int nptrs = backtrace(buf, STACKDUMP_MAX); -log_write(0, LOG_MAIN|LOG_PANIC, "backtrace\n"); -log_write(0, LOG_MAIN|LOG_PANIC, "---\n"); +log_write(0, LOG_MAIN|LOG_PANIC, "backtrace"); +log_write(0, LOG_MAIN|LOG_PANIC, "---"); if ((ss = backtrace_symbols(buf, nptrs))) { for (int i = 0; i < nptrs; i++) - log_write(0, LOG_MAIN|LOG_PANIC, "\t%s\n", ss[i]); + log_write(0, LOG_MAIN|LOG_PANIC, "\t%s", ss[i]); free(ss); } else - log_write(0, LOG_MAIN|LOG_PANIC, "backtrace_symbols: %s\n", strerror(errno)); -log_write(0, LOG_MAIN|LOG_PANIC, "---\n"); + log_write(0, LOG_MAIN|LOG_PANIC, "backtrace_symbols: %s", strerror(errno)); +log_write(0, LOG_MAIN|LOG_PANIC, "---"); #endif } #undef STACKDUMP_MAX