diff -Naur squidGuard-1.2.0/src/sgDiv.c squidGuard-1.2.0-patch/src/sgDiv.c
--- squidGuard-1.2.0/src/sgDiv.c Tue May 15 05:01:37 2001
+++ squidGuard-1.2.0-patch/src/sgDiv.c Tue Aug 6 14:39:55 2002
@@ -500,13 +500,13 @@
#endif
{
struct sgRegExp *re;
- regmatch_t pm;
+ regmatch_t pm[10];
static char newstring[MAX_BUF];
char *result = NULL, *p;
int substlen;
*newstring='\0';
for(re = regexp; re != NULL; re = re->next){
- if (regexec (re->compiled, pattern, 1, &pm, 0) != 0){
+ if (regexec (re->compiled, pattern, sizeof(pm) / sizeof(pm[0]), pm, 0) != 0){
result = NULL;
} else {
substlen = strlen(re->substitute);
@@ -516,14 +516,65 @@
*newstring = '\0';
p = newstring;
do {
- if((p - newstring)+ pm.rm_so >= MAX_BUF)
+ if((p - newstring)+ pm[0].rm_so >= MAX_BUF)
break;
- p = strncat(newstring,pattern,pm.rm_so);
- if((p - newstring)+ substlen >= MAX_BUF)
- break;
- p = strcat(newstring,re->substitute);
- pattern = pattern + pm.rm_eo;
- } while(regexec (re->compiled, pattern, 1, &pm, REG_NOTBOL)== 0 &&
+ p = strncat(newstring,pattern,pm[0].rm_so);
+ {
+ char *p_cur;
+ char *p_next;
+
+ for (p_next = p_cur = re->substitute;
+ p_next < (re->substitute + substlen);
+ p_next++)
+ {
+ if (*p_next == '\\')
+ {
+ if (p_cur < p_next)
+ {
+ if (((p - newstring) + (p_next - p_cur)) >= MAX_BUF)
+ goto err;
+ p = strncat(newstring, p_cur, p_next - p_cur);
+ }
+ p_next++;
+ if (p_next < (re->substitute + substlen)
+ && '0' <= *p_next && *p_next <= '9')
+ {
+ int i = *p_next - '0';
+ if ((p - newstring) + (pm[i].rm_eo - pm[i].rm_so) >= MAX_BUF)
+ goto err;
+ p = strncat(newstring, pattern + pm[i].rm_so, pm[i].rm_eo - pm[i].rm_so);
+ }
+ else
+ {
+ if ((p - newstring + 1) >= MAX_BUF)
+ goto err;
+ p = strncat(newstring, p_next, 1);
+ }
+ p_cur = p_next + 1;
+ }
+ else if (*p_next == '&')
+ {
+ if (p_cur < p_next)
+ {
+ if (((p - newstring) + (p_next - p_cur)) >= MAX_BUF)
+ goto err;
+ p = strncat(newstring, p_cur, p_next - p_cur);
+ }
+ if (((p - newstring) + (pm[0].rm_eo - pm[0].rm_so)) >= MAX_BUF)
+ goto err;
+ p = strncat(newstring, pattern + pm[0].rm_so, pm[0].rm_eo - pm[0].rm_so);
+ p_cur = p_next + 1;
+ }
+ }
+ if (p_cur < p_next)
+ {
+ if (((p - newstring) + (p_next - p_cur)) >= MAX_BUF)
+ goto err;
+ p = strncat(newstring, p_cur, p_next - p_cur);
+ }
+ }
+ pattern = pattern + pm[0].rm_eo;
+ } while(regexec (re->compiled, pattern, sizeof(pm) / sizeof(pm[0]), pm, REG_NOTBOL)== 0 &&
re->global);
if((p - newstring)+ strlen(pattern) <= MAX_BUF)
p = strcat(newstring,pattern);
@@ -531,6 +582,7 @@
break;
}
}
+err:
return result;
}