From 3873b23c53de31074d294d127077e691662150c2 Mon Sep 17 00:00:00 2001 From: Sébastien Marie Date: Tue, 23 Jun 2015 12:03:53 +0200 Subject: add a new control for repetitor items - add a counter for limiting the search for repetitor items ('*', '+', '-' and '?') - add test case for this new kind of error --- httpd/patterns.c | 7 +++++++ httpd/patterns.h | 1 + regress/patterns/test-patterns.in | 4 ++++ regress/patterns/test-patterns.out | 12 ++++++++++++ 4 files changed, 24 insertions(+) diff --git a/httpd/patterns.c b/httpd/patterns.c index 1dbea15..62c8078 100644 --- a/httpd/patterns.c +++ b/httpd/patterns.c @@ -48,6 +48,7 @@ struct match_state { int matchdepth; /* control for recursive depth (to avoid C * stack overflow) */ + int repetitioncounter; /* control the repetition items */ int maxcaptures; /* configured capture limit */ const char *src_init; /* init of source string */ const char *src_end; /* end ('\0') of source string */ @@ -425,6 +426,11 @@ match(struct match_state *ms, const char *s, const char *p) /* does not match at least once? */ if (!singlematch(ms, s, p, ep)) { + if (ms->repetitioncounter-- == 0) { + match_error(ms, "max repetition items"); + s = NULL; /* fail */ + } else + /* accept empty? */ if (*ep == '*' || *ep == '?' || *ep == '-') { p = ep + 1; @@ -615,6 +621,7 @@ str_find_aux(struct match_state *ms, const char *pattern, const char *string, } ms->maxcaptures = (nsm > MAXCAPTURES ? MAXCAPTURES : nsm) - 1; ms->matchdepth = MAXCCALLS; + ms->repetitioncounter = MAXREPETITION; ms->src_init = s; ms->src_end = s + ls; ms->p_end = p + lp; diff --git a/httpd/patterns.h b/httpd/patterns.h index ddda0dd..6db5991 100644 --- a/httpd/patterns.h +++ b/httpd/patterns.h @@ -24,6 +24,7 @@ #define MAXCAPTURES 32 /* Max no. of allowed captures in pattern */ #define MAXCCALLS 200 /* Max recusion depth in pattern matching */ +#define MAXREPETITION 0xfffff /* Max for repetition items */ struct str_find { off_t sm_so; /* start offset of match */ diff --git a/regress/patterns/test-patterns.in b/regress/patterns/test-patterns.in index 46aa506..5abef1f 100644 --- a/regress/patterns/test-patterns.in +++ b/regress/patterns/test-patterns.in @@ -21,3 +21,7 @@ xxxx ^x*$ same as before /page/51 ()()()()()()()()()()()()()()()()()()()()()()()()()()()()()()()()()()()()()()()()()()()()() too many captures /page/51 /page/%f missing '[' after '%f' in pattern /page/51 /page%f/51 missing '[' after '%f' in pattern +q********************************* *************************************q max repetition items +q+++++++++++++++++++++++++++++++++ +++++++++++++++++++++++++++++++++++++q max repetition items +q--------------------------------- -------------------------------------q max repetition items +q????????????????????????????????? ?????????????????????????????????????q max repetition items diff --git a/regress/patterns/test-patterns.out b/regress/patterns/test-patterns.out index 1999cc1..aecb9f0 100644 --- a/regress/patterns/test-patterns.out +++ b/regress/patterns/test-patterns.out @@ -85,3 +85,15 @@ pattern='/page/%f' patterns-tester: str_match: missing '[' after '%f' in pattern string='/page/51' pattern='/page%f/51' +patterns-tester: str_match: max repetition items +string='q*********************************' +pattern='*************************************q' +patterns-tester: str_match: max repetition items +string='q+++++++++++++++++++++++++++++++++' +pattern='+++++++++++++++++++++++++++++++++++++q' +patterns-tester: str_match: max repetition items +string='q---------------------------------' +pattern='-------------------------------------q' +patterns-tester: str_match: max repetition items +string='q?????????????????????????????????' +pattern='?????????????????????????????????????q' -- cgit v1.2.3-54-g00ecf