diff -Naur squidGuard-1.2.0/src/sgDiv.c squidGuard-1.2.0-patch/src/sgDiv.c
--- squidGuard-1.2.0/src/sgDiv.c	Tue May 15 05:01:37 2001
+++ squidGuard-1.2.0-patch/src/sgDiv.c	Tue Aug  6 14:39:55 2002
@@ -500,13 +500,13 @@
 #endif
 {
   struct sgRegExp *re;
-  regmatch_t pm;
+  regmatch_t pm[10];
   static char newstring[MAX_BUF];
   char *result = NULL, *p;
   int substlen;
   *newstring='\0';
   for(re = regexp; re != NULL; re = re->next){
-    if (regexec (re->compiled, pattern, 1, &pm, 0) != 0){
+    if (regexec (re->compiled, pattern, sizeof(pm) / sizeof(pm[0]), pm, 0) != 0){
       result = NULL;
     } else {
       substlen = strlen(re->substitute);
@@ -516,14 +516,65 @@
 	*newstring = '\0';
       p = newstring;
       do {
-	if((p - newstring)+ pm.rm_so  >= MAX_BUF)
+	if((p - newstring)+ pm[0].rm_so  >= MAX_BUF)
 	  break;
-	p = strncat(newstring,pattern,pm.rm_so);
-	if((p - newstring)+ substlen  >= MAX_BUF)
-	  break;
-	p = strcat(newstring,re->substitute);	
-	pattern = pattern + pm.rm_eo;
-      } while(regexec (re->compiled, pattern, 1, &pm, REG_NOTBOL)== 0 &&
+      p = strncat(newstring,pattern,pm[0].rm_so);
+      {
+          char *p_cur;
+          char *p_next;
+
+          for (p_next = p_cur = re->substitute;
+              p_next < (re->substitute + substlen);
+              p_next++)
+          {
+              if (*p_next == '\\')
+              {
+                  if (p_cur < p_next)
+                  {
+                      if (((p - newstring) + (p_next - p_cur)) >= MAX_BUF)
+                          goto err;
+                      p = strncat(newstring, p_cur, p_next - p_cur);
+                  }
+                  p_next++;
+                  if (p_next < (re->substitute + substlen)
+                      && '0' <= *p_next && *p_next <= '9')
+                  {
+                      int i = *p_next - '0';
+                      if ((p - newstring) + (pm[i].rm_eo - pm[i].rm_so) >= MAX_BUF)
+                          goto err;
+                      p = strncat(newstring, pattern + pm[i].rm_so, pm[i].rm_eo - pm[i].rm_so);
+                  }
+                  else
+                  {
+                      if ((p - newstring + 1) >= MAX_BUF)
+                          goto err;
+                      p = strncat(newstring, p_next, 1);
+                  }
+                  p_cur = p_next + 1;
+              }
+              else if (*p_next == '&')
+              {
+                  if (p_cur < p_next)
+                  {
+                      if (((p - newstring) + (p_next - p_cur)) >= MAX_BUF)
+                          goto err;
+                      p = strncat(newstring, p_cur, p_next - p_cur);
+                  }
+                  if (((p - newstring) + (pm[0].rm_eo - pm[0].rm_so)) >= MAX_BUF)
+                      goto err;
+                  p = strncat(newstring, pattern + pm[0].rm_so, pm[0].rm_eo - pm[0].rm_so);
+                  p_cur = p_next + 1;
+              }
+          }
+          if (p_cur < p_next)
+          {
+              if (((p - newstring) + (p_next - p_cur)) >= MAX_BUF)
+                  goto err;
+              p = strncat(newstring, p_cur, p_next - p_cur);
+          }
+      }
+      pattern = pattern + pm[0].rm_eo;
+     } while(regexec (re->compiled, pattern, sizeof(pm) / sizeof(pm[0]), pm, REG_NOTBOL)== 0 &&
 	      re->global);
       if((p - newstring)+ strlen(pattern)  <= MAX_BUF)
 	p = strcat(newstring,pattern);
@@ -531,6 +582,7 @@
       break;
     }
   }
+err:
   return result;
 }