From: Yann Ylavic <ylavic@apache.org>
Date: Thu, 20 Jan 2022 12:47:02 +0000 (+0000)
Subject: ap_regex: Follow up to r1897244: Fix pmatch overflow and returned value at limits.
X-Git-Tag: 2.5.0-alpha2-ci-test-only~575
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=38dddb187af8189d12fee18aea367824a20ffd10;p=thirdparty%2Fapache%2Fhttpd.git

ap_regex: Follow up to r1897244: Fix pmatch overflow and returned value at limits.

Don't write to pmatch[nlimit:] when ncaps > nlimit, rc should not exceed nmatch
either as before r1897244.



git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1897248 13f79535-47bb-0310-9956-ffa450edef68
---

diff --git a/server/util_pcre.c b/server/util_pcre.c
index 9bfa4791d8a..0233d161d6c 100644
--- a/server/util_pcre.c
+++ b/server/util_pcre.c
@@ -428,10 +428,8 @@ AP_DECLARE(int) ap_regexec_len(const ap_regex_t *preg, const char *buff,
 
     if (rc >= 0) {
         apr_size_t n = rc, i;
-        if (rc == 0)
-            rc = ncaps; /* All captured slots were filled in */
-        else if (n > nmatch)
-            n = nmatch;
+        if (n == 0 || n > nmatch)
+            rc = n = nmatch; /* All capture slots were filled in */
         for (i = 0; i < n; i++) {
             pmatch[i].rm_so = ovector[i * 2];
             pmatch[i].rm_eo = ovector[i * 2 + 1];