From: Aki Tuomi Date: Mon, 22 Dec 2025 09:04:16 +0000 (+0200) Subject: lib-regex: Separate maximum capture groups and match limit X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=d96c98e08ca0d445bd46192829685fbeaf4014d1;p=thirdparty%2Fdovecot%2Fcore.git lib-regex: Separate maximum capture groups and match limit These are not related. --- diff --git a/src/lib-regex/regex.c b/src/lib-regex/regex.c index e402e6a49d..51e7d6c513 100644 --- a/src/lib-regex/regex.c +++ b/src/lib-regex/regex.c @@ -15,6 +15,7 @@ #define DREGEX_MAX_DEPTH 100 #define DREGEX_MAX_MATCHES 100 +#define DREGEX_MAX_CAPTURE_GROUPS 100 #define DREGEX_MAX_CPU_SECONDS 1 struct dregex_code { @@ -85,7 +86,7 @@ static void dregex_code_init(struct dregex_code *code) #endif /* Set some limits */ - pcre2_set_match_limit(code->mctx, code->max_capture_groups); + pcre2_set_match_limit(code->mctx, DREGEX_MAX_MATCHES); pcre2_set_depth_limit(code->mctx, code->max_depth); } @@ -104,7 +105,7 @@ struct dregex_code *dregex_code_create_params(const struct dregex_params *params static const struct dregex_params default_params = { .max_depth = DREGEX_MAX_DEPTH, .max_cpu_seconds = DREGEX_MAX_CPU_SECONDS, - .max_capture_groups = DREGEX_MAX_MATCHES, + .max_capture_groups = DREGEX_MAX_CAPTURE_GROUPS, }; struct dregex_code *dregex_code_create(void) @@ -337,7 +338,10 @@ int dregex_code_match_groups(struct dregex_code *code, const char *subject, pcre2_match_data *mdata = pcre2_match_data_create_from_pattern(code->pat, code->gctx); ret = dregex_code_match_int(code, subject, mdata, error_r); - if (ret > 1) { + /* Avoid extracting way too many capture groups */ + if (ret > (int)code->max_capture_groups + 1) + ret = handle_error(PCRE2_ERROR_TOO_MANY_CAPTURES, error_r); + else if (ret > 1) { bool skip_empty = HAS_ALL_BITS(code->flags, DREGEX_NO_EMPTY_SUB); /* ret is number of groups */ extract_matches((uint32_t)ret, mdata, skip_empty, groups_r);