ap_regex: Follow up to r1897244: Fix pmatch overflow and returned value at limits.

Don't write to pmatch[nlimit:] when ncaps > nlimit, rc should not exceed nmatch either as before r1897244. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1897248 13f79535-47bb-0310-9956-ffa450edef68
author: Yann Ylavic <ylavic@apache.org> 2022-01-20 13:47:02 +0100
committer: Yann Ylavic <ylavic@apache.org> 2022-01-20 13:47:02 +0100
commit: 38dddb187af8189d12fee18aea367824a20ffd10 (patch)
tree: f345ecca5ac2a2994777ea47db060376398cd419
parent: ap_regex: PCRE needs buffers sized against the number of captures only. (diff)
download: apache2-38dddb187af8189d12fee18aea367824a20ffd10.tar.xz
apache2-38dddb187af8189d12fee18aea367824a20ffd10.zip
1 files changed, 2 insertions, 4 deletions
diff --git a/server/util_pcre.c b/server/util_pcre.c
index 9bfa4791d8..0233d161d6 100644
--- a/server/util_pcre.c
+++ b/server/util_pcre.c
@@ -428,10 +428,8 @@ AP_DECLARE(int) ap_regexec_len(const ap_regex_t *preg, const char *buff,
 
     if (rc >= 0) {
         apr_size_t n = rc, i;
-        if (rc == 0)
-            rc = ncaps; /* All captured slots were filled in */
-        else if (n > nmatch)
-            n = nmatch;
+        if (n == 0 || n > nmatch)
+            rc = n = nmatch; /* All capture slots were filled in */
         for (i = 0; i < n; i++) {
             pmatch[i].rm_so = ovector[i * 2];
             pmatch[i].rm_eo = ovector[i * 2 + 1];
author	Yann Ylavic <ylavic@apache.org>	2022-01-20 13:47:02 +0100
committer	Yann Ylavic <ylavic@apache.org>	2022-01-20 13:47:02 +0100
commit	38dddb187af8189d12fee18aea367824a20ffd10 (patch)
tree	f345ecca5ac2a2994777ea47db060376398cd419
parent	ap_regex: PCRE needs buffers sized against the number of captures only. (diff)
download	apache2-38dddb187af8189d12fee18aea367824a20ffd10.tar.xz apache2-38dddb187af8189d12fee18aea367824a20ffd10.zip