Commit 62ab6836 authored by Poul-Henning Kamp's avatar Poul-Henning Kamp Committed by Tollef Fog Heen

Make it possible to set limits for VRE matching.

parent 0d77e838
...@@ -76,7 +76,7 @@ VRT_re_match(const struct sess *sp, const char *s, void *re) ...@@ -76,7 +76,7 @@ VRT_re_match(const struct sess *sp, const char *s, void *re)
s = ""; s = "";
AN(re); AN(re);
t = re; t = re;
i = VRE_exec(t, s, strlen(s), 0, 0, NULL, 0); i = VRE_exec(t, s, strlen(s), 0, 0, NULL, 0, &params->vre_limits);
if (i >= 0) if (i >= 0)
return (1); return (1);
if (i < VRE_ERROR_NOMATCH ) if (i < VRE_ERROR_NOMATCH )
...@@ -101,7 +101,8 @@ VRT_regsub(const struct sess *sp, int all, const char *str, void *re, ...@@ -101,7 +101,8 @@ VRT_regsub(const struct sess *sp, int all, const char *str, void *re,
str = ""; str = "";
t = re; t = re;
memset(ovector, 0, sizeof(ovector)); memset(ovector, 0, sizeof(ovector));
i = VRE_exec(t, str, strlen(str), 0, 0, ovector, 30); i = VRE_exec(t, str, strlen(str), 0, 0, ovector, 30,
&params->vre_limits);
/* If it didn't match, we can return the original string */ /* If it didn't match, we can return the original string */
if (i == VRE_ERROR_NOMATCH) if (i == VRE_ERROR_NOMATCH)
...@@ -139,7 +140,8 @@ VRT_regsub(const struct sess *sp, int all, const char *str, void *re, ...@@ -139,7 +140,8 @@ VRT_regsub(const struct sess *sp, int all, const char *str, void *re,
if (!all) if (!all)
break; break;
memset(&ovector, 0, sizeof(ovector)); memset(&ovector, 0, sizeof(ovector));
i = VRE_exec(t, str, strlen(str), 0, 0, ovector, 30); i = VRE_exec(t, str, strlen(str), 0, 0, ovector, 30,
&params->vre_limits);
if (i < VRE_ERROR_NOMATCH ) { if (i < VRE_ERROR_NOMATCH ) {
WSP(sp, SLT_VCL_error, WSP(sp, SLT_VCL_error,
"Regexp matching returned %d", i); "Regexp matching returned %d", i);
......
...@@ -30,6 +30,7 @@ ...@@ -30,6 +30,7 @@
*/ */
#include <pthread.h> #include <pthread.h>
#include "vre.h"
struct listen_sock { struct listen_sock {
VTAILQ_ENTRY(listen_sock) list; VTAILQ_ENTRY(listen_sock) list;
...@@ -211,6 +212,8 @@ struct params { ...@@ -211,6 +212,8 @@ struct params {
double critbit_cooloff; double critbit_cooloff;
double shortlived; double shortlived;
struct vre_limits vre_limits;
}; };
/* /*
......
...@@ -948,6 +948,24 @@ static const struct parspec input_parspec[] = { ...@@ -948,6 +948,24 @@ static const struct parspec input_parspec[] = {
"Unreferenced VCL objects result in error.\n", "Unreferenced VCL objects result in error.\n",
0, 0,
"on", "bool" }, "on", "bool" },
{ "pcre_match_limit", tweak_uint,
&master.vre_limits.match,
1, UINT_MAX,
"The limit for the number of internal matching function"
" calls in a pcre_exec() execution.",
0,
"10000", ""},
{ "pcre_match_limit_recursion", tweak_uint,
&master.vre_limits.match_recursion,
1, UINT_MAX,
"The limit for the number of internal matching function"
" recursions in a pcre_exec() execution.",
0,
"10000", ""},
{ NULL, NULL, NULL } { NULL, NULL, NULL }
}; };
......
...@@ -27,9 +27,21 @@ ...@@ -27,9 +27,21 @@
* *
* Regular expression support * Regular expression support
* *
* We wrap PCRE in VRE to make to make it feasible to use something else
* without hunting down stuff through out the Varnish source code.
*
*/ */
#ifndef VRE_H_INCLUDED
#define VRE_H_INCLUDED
struct vre; struct vre;
struct vre_limits {
unsigned match;
unsigned match_recursion;
};
typedef struct vre vre_t; typedef struct vre vre_t;
/* This maps to PCRE error codes */ /* This maps to PCRE error codes */
...@@ -39,5 +51,9 @@ typedef struct vre vre_t; ...@@ -39,5 +51,9 @@ typedef struct vre vre_t;
#define VRE_CASELESS 0x00000001 #define VRE_CASELESS 0x00000001
vre_t *VRE_compile(const char *, int, const char **, int *); vre_t *VRE_compile(const char *, int, const char **, int *);
int VRE_exec(const vre_t *, const char *, int, int, int, int *, int); int VRE_exec(const vre_t *code, const char *subject, int length,
int startoffset, int options, int *ovector, int ovecsize,
const volatile struct vre_limits *lim);
void VRE_free(vre_t **); void VRE_free(vre_t **);
#endif /* VRE_H_INCLUDED */
...@@ -27,6 +27,7 @@ ...@@ -27,6 +27,7 @@
*/ */
#include <pcre.h> #include <pcre.h>
#include <string.h>
#include "libvarnish.h" #include "libvarnish.h"
#include "miniobj.h" #include "miniobj.h"
...@@ -58,17 +59,27 @@ VRE_compile(const char *pattern, int options, ...@@ -58,17 +59,27 @@ VRE_compile(const char *pattern, int options,
int int
VRE_exec(const vre_t *code, const char *subject, int length, VRE_exec(const vre_t *code, const char *subject, int length,
int startoffset, int options, int *ovector, int ovecsize) int startoffset, int options, int *ovector, int ovecsize,
const volatile struct vre_limits *lim)
{ {
CHECK_OBJ_NOTNULL(code, VRE_MAGIC); CHECK_OBJ_NOTNULL(code, VRE_MAGIC);
int ov[30]; int ov[30];
pcre_extra extra;
if (ovector == NULL) { if (ovector == NULL) {
ovector = ov; ovector = ov;
ovecsize = sizeof(ov)/sizeof(ov[0]); ovecsize = sizeof(ov)/sizeof(ov[0]);
} }
return (pcre_exec(code->re, NULL, subject, length, memset(&extra, 0, sizeof extra);
if (lim != NULL) {
extra.match_limit = lim->match;
extra.flags |= PCRE_EXTRA_MATCH_LIMIT;
extra.match_limit_recursion = lim->match_recursion;
extra.flags |= PCRE_EXTRA_MATCH_LIMIT_RECURSION;
}
return (pcre_exec(code->re, &extra, subject, length,
startoffset, options, ovector, ovecsize)); startoffset, options, ovector, ovecsize));
} }
......
...@@ -258,13 +258,13 @@ VSL_NextLog(const struct VSM_data *vd, uint32_t **pp, uint64_t *bits) ...@@ -258,13 +258,13 @@ VSL_NextLog(const struct VSM_data *vd, uint32_t **pp, uint64_t *bits)
continue; continue;
if (vsl->regincl != NULL) { if (vsl->regincl != NULL) {
i = VRE_exec(vsl->regincl, VSL_DATA(p), VSL_LEN(p), i = VRE_exec(vsl->regincl, VSL_DATA(p), VSL_LEN(p),
0, 0, NULL, 0); 0, 0, NULL, 0, NULL);
if (i == VRE_ERROR_NOMATCH) if (i == VRE_ERROR_NOMATCH)
continue; continue;
} }
if (vsl->regexcl != NULL) { if (vsl->regexcl != NULL) {
i = VRE_exec(vsl->regexcl, VSL_DATA(p), VSL_LEN(p), i = VRE_exec(vsl->regexcl, VSL_DATA(p), VSL_LEN(p),
0, 0, NULL, 0); 0, 0, NULL, 0, NULL);
if (i != VRE_ERROR_NOMATCH) if (i != VRE_ERROR_NOMATCH)
continue; continue;
} }
...@@ -274,7 +274,7 @@ VSL_NextLog(const struct VSM_data *vd, uint32_t **pp, uint64_t *bits) ...@@ -274,7 +274,7 @@ VSL_NextLog(const struct VSM_data *vd, uint32_t **pp, uint64_t *bits)
VTAILQ_FOREACH(vrm, &vsl->matchers, next) { VTAILQ_FOREACH(vrm, &vsl->matchers, next) {
if (vrm->tag == t) { if (vrm->tag == t) {
i = VRE_exec(vrm->re, VSL_DATA(p), i = VRE_exec(vrm->re, VSL_DATA(p),
VSL_LEN(p), 0, 0, NULL, 0); VSL_LEN(p), 0, 0, NULL, 0, NULL);
if (i >= 0) if (i >= 0)
*bits |= (uintmax_t)1 << j; *bits |= (uintmax_t)1 << j;
} }
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment