CLEANUP: The function "regex_exec" needs the string length but in many case they expect null terminated char.
If haproxy is compiled with the USE_PCRE_JIT option, the length of the
string is used. If it is compiled without this option the function doesn't
use the length and expects a null terminated string.
The prototype of the function is ambiguous, and depends on the
compilation option. The developer can think that the length is always
used, and many bugs can be created.
This patch makes sure that the length is used. The regex_exec function
adds the final '\0' if it is needed.
diff --git a/include/common/regex.h b/include/common/regex.h
index 9080bda..59730ca 100644
--- a/include/common/regex.h
+++ b/include/common/regex.h
@@ -83,11 +83,20 @@
const char *chain_regex(struct hdr_exp **head, const regex_t *preg,
int action, const char *replace, void *cond);
-static inline int regex_exec(const regex *preg, const char *subject, int length) {
+/* Note that <subject> MUST be at least <length+1> characters long and must
+ * be writable because the function will temporarily force a zero past the
+ * last character.
+ */
+static inline int regex_exec(const regex *preg, char *subject, int length) {
#ifdef USE_PCRE_JIT
return pcre_exec(preg->reg, preg->extra, subject, length, 0, 0, NULL, 0);
#else
- return regexec(preg, subject, 0, NULL, 0);
+ int match;
+ char old_char = subject[length];
+ subject[length] = 0;
+ match = regexec(preg, subject, 0, NULL, 0);
+ subject[length] = old_char;
+ return match;
#endif
}