From: Jeremy Harris <jgh146exb@wizmail.org>
Date: Fri, 11 Nov 2022 00:05:59 +0000 (+0000)
Subject: Fix regext substring capture variables for null matches.  Bug 2933
X-Git-Tag: exim-4.97-RC0~214
X-Git-Url: https://git.exim.org/exim.git/commitdiff_plain/e63825824cc406c160ccbf2b154c5d81b168604a

Fix regext substring capture variables for null matches.  Bug 2933

broken-by: 59d66fdc13f0
---

diff --git a/doc/doc-txt/ChangeLog b/doc/doc-txt/ChangeLog
index 290ca36b9..5f2cff6f5 100644
--- a/doc/doc-txt/ChangeLog
+++ b/doc/doc-txt/ChangeLog
@@ -57,6 +57,11 @@ JH/12 Bug 2930: Fix daemon startup.  When started from any process apart from
 JH/13 Bug 2929: Fix using $recipients after ${run...}.  A change made for 4.96
       resulted in the variable appearing empty.  Find and fix by Ruben Jenster.
 
+JH/14 Bug 2933: Fix regex substring match variables for null matches. Since 4.96
+      a capture group which obtained no text (eg. "(abc)*" matching zero
+      occurrences) could cause a segfault if the corresponding $<n> was
+      expanded.
+
 
 Exim version 4.96
 -----------------
diff --git a/src/src/exim.c b/src/src/exim.c
index b3fd9eff0..47a685aa7 100644
--- a/src/src/exim.c
+++ b/src/src/exim.c
@@ -134,6 +134,8 @@ if ((yield = (res >= 0)))
     PCRE2_SIZE len;
     pcre2_substring_get_bynumber(md, matchnum,
       (PCRE2_UCHAR **)&expand_nstring[expand_nmax], &len);
+    if (!expand_nstring[expand_nmax])
+      { expand_nstring[expand_nmax] = US""; len = 0; }
     expand_nlength[expand_nmax++] = (int)len;
     }
   expand_nmax--;
diff --git a/src/src/malware.c b/src/src/malware.c
index 8b5ec27c4..423a5b692 100644
--- a/src/src/malware.c
+++ b/src/src/malware.c
@@ -314,7 +314,10 @@ PCRE2_UCHAR * substr = NULL;
 PCRE2_SIZE slen;
 
 if (i >= 2)				/* Got it */
+  {
   pcre2_substring_get_bynumber(md, 1, &substr, &slen);	/* uses same ctx as md */
+  if (!substr) substr = US"";
+  }
 /* pcre2_match_data_free(md);	gen ctx needs no free */
 return US substr;
 }
diff --git a/src/src/regex.c b/src/src/regex.c
index 25496f950..b401ba0d7 100644
--- a/src/src/regex.c
+++ b/src/src/regex.c
@@ -82,7 +82,7 @@ for (pcre_list * ri = re_list_head; ri; ri = ri->next)
       PCRE2_UCHAR * cstr;
       PCRE2_SIZE cslen;
       pcre2_substring_get_bynumber(md, nn, &cstr, &cslen);	/* uses same ctx as md */
-      regex_vars[nn-1] = CUS cstr;
+      regex_vars[nn-1] = cstr ? CUS cstr : CUS"";
       }
 
     return OK;