We have some special functions to wrap malloc, calloc, and realloc to
make sure we don't allocate more than some limit, similar to the
max-filesize and max-scansize limits. Our wrappers are really only
needed when allocating memory for scans based on untrusted user input,
where a scan file could have bytes that claim you need to allocate
some ridiculous amount of memory. Right now they're named:
- cli_malloc
- cli_calloc
- cli_realloc
- cli_realloc2
... and these names do not convey their purpose
This commit renames them to:
- cli_max_malloc
- cli_max_calloc
- cli_max_realloc
- cli_max_realloc2
The realloc ones also have an additional feature in that they will not
free your pointer if you try to realloc to 0 bytes. Freeing the memory
is undefined by the C spec, and only done with some realloc
implementations, so this stabilizes on the behavior of not doing that,
which should prevent accidental double-free's.
So for the case where you may want to realloc and do not need to have a
maximum, this commit adds the following functions:
- cli_safer_realloc
- cli_safer_realloc2
These are used for the MPOOL_REALLOC and MPOOL_REALLOC2 macros when
MPOOL is disabled (e.g. because mmap-support is not found), so as to
match the behavior in the mpool_realloc/2 functions that do not make use
of the allocation-limit.
Changes include:
* Change include of system regex headers to internal
* Add cli prefix to regex functions
* Change cli_regcomp to cli_regcomp_real to work with the
others_common.c regex interface
* Optimize re_guts struct:
- Reordering fields allows the struct to fit within 16 bytes vs 20
bytes. This helps to fix a bug on legacy 64-bit systems where
there was a behaviour difference between 32 and 64 systems.
- see bb 474 for further details
* Fix out of memory condition
- see bb 849 for further details
- reported by Gianluigi Tiesi <sherpya*netfarm.it>
* Remove duplicate nomem check
* Avoid passing out-of-range values to isalnum
- reported by Nigel
* Avoid name collisions on AIX
* Fix compiler warnings
* Fix error path leak in regex/engine.c
* Fix regex when sizeof(void*) != sizeof(long) for 64bit Windows
- see bb 2232 for further Details
- reported by Martin Olsen
* Add error case safety checks and cleanups
* Add patch for 'possible' heap overflow
- see bb11264 for further details
- patch submitted by the Debian team
* Use clam internal allocation functions
* Replace bounds check asserts with if checks (asserts are compiled
out of production builds)
Contributors to the above include:
* Nigel Horne
* aCaB
* Török Edvin
* David Raynor
* Shawn Webb
* Steven Morgan
* Micah Snyder
* Mickey Sola
Updated using the openbsd github repo using the code in this directory:
https://github.com/openbsd/src/tree/master/lib/libc/regex
This build will not function without its child commit, which introduces
clam specific modifications. The two have been separated to make future
upgrades easier.
This code is licensed under the 3-clause BSD.
This will be used instead of system provided regexec()/regcomp() to
have consistent behaviour across platforms.
git-svn: trunk@3225
