From 38dddb187af8189d12fee18aea367824a20ffd10 Mon Sep 17 00:00:00 2001
From: Yann Ylavic <ylavic@apache.org>
Date: Thu, 20 Jan 2022 12:47:02 +0000
Subject: ap_regex: Follow up to r1897244: Fix pmatch overflow and returned
 value at limits.

Don't write to pmatch[nlimit:] when ncaps > nlimit, rc should not exceed nmatch
either as before r1897244.



git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1897248 13f79535-47bb-0310-9956-ffa450edef68
---
 server/util_pcre.c | 6 ++----
 1 file changed, 2 insertions(+), 4 deletions(-)

diff --git a/server/util_pcre.c b/server/util_pcre.c
index 9bfa4791d8..0233d161d6 100644
--- a/server/util_pcre.c
+++ b/server/util_pcre.c
@@ -428,10 +428,8 @@ AP_DECLARE(int) ap_regexec_len(const ap_regex_t *preg, const char *buff,
 
     if (rc >= 0) {
         apr_size_t n = rc, i;
-        if (rc == 0)
-            rc = ncaps; /* All captured slots were filled in */
-        else if (n > nmatch)
-            n = nmatch;
+        if (n == 0 || n > nmatch)
+            rc = n = nmatch; /* All capture slots were filled in */
         for (i = 0; i < n; i++) {
             pmatch[i].rm_so = ovector[i * 2];
             pmatch[i].rm_eo = ovector[i * 2 + 1];
-- 
cgit v1.2.3