BUG/MINOR: lua: const attribute of a string is overridden

If HAProxy is compiled without PCRE regexes, this can cause
a write in const memory. The probability of a consequence is
very low.

diff --git a/src/hlua_fcn.c b/src/hlua_fcn.c
index c37e2a96ebea13f9dc9f9c231b774f43de094a70..a5cae8676de2e03e64e80f5fba318cf9a1d5eb22 100644 (file)
--- a/src/hlua_fcn.c
+++ b/src/hlua_fcn.c
@@ -1119,11 +1119,22 @@ static int hlua_regex_exec(struct lua_State *L)
        struct my_regex *regex;
        const char *str;
        size_t len;
+       struct chunk *tmp;
 
        regex = hlua_check_regex(L, 1);
        str = luaL_checklstring(L, 2, &len);
 
-       lua_pushboolean(L, regex_exec2(regex, (char *)str, len));
+       /* Copy the string because regex_exec2 require a 'char *'
+        * and not a 'const char *'.
+        */
+       tmp = get_trash_chunk();
+       if (len >= tmp->size) {
+               lua_pushboolean(L, 0);
+               return 1;
+       }
+       memcpy(tmp->str, str, len);
+
+       lua_pushboolean(L, regex_exec2(regex, tmp->str, len));
 
        return 1;
 }
@@ -1136,11 +1147,22 @@ static int hlua_regex_match(struct lua_State *L)
        regmatch_t pmatch[20];
        int ret;
        int i;
+       struct chunk *tmp;
 
        regex = hlua_check_regex(L, 1);
        str = luaL_checklstring(L, 2, &len);
 
-       ret = regex_exec_match2(regex, (char *)str, len, 20, pmatch, 0);
+       /* Copy the string because regex_exec2 require a 'char *'
+        * and not a 'const char *'.
+        */
+       tmp = get_trash_chunk();
+       if (len >= tmp->size) {
+               lua_pushboolean(L, 0);
+               return 1;
+       }
+       memcpy(tmp->str, str, len);
+
+       ret = regex_exec_match2(regex, tmp->str, len, 20, pmatch, 0);
        lua_pushboolean(L, ret);
        lua_newtable(L);
        if (ret) {