+++ /dev/null
-From 8fed2be3d5b83949fabb2bdf39d6de4f24d2e68f Mon Sep 17 00:00:00 2001
-Date: Mon, 30 Oct 2023 18:10:51 +0100
-Subject: [PATCH] Move from PCRE to PCRE2
-
-Move from PCRE to PCRE2. PCRE is EOL and won't receive any security
-updates anymore. Convert to PCRE2 by converting any function PCRE2 new
-API.
-
----
- configure.ac | 18 ++++----
- src/lib/ndpi_utils.c | 46 ++++++++++-----------
- src/lib/third_party/include/rce_injection.h | 6 +--
- tests/do.sh.in | 4 +-
- 4 files changed, 37 insertions(+), 37 deletions(-)
-
---- a/configure.ac
-+++ b/configure.ac
-@@ -359,14 +359,14 @@ AS_IF([test "${with_local_libgcrypt+set}
- AC_DEFINE_UNQUOTED(USE_HOST_LIBGCRYPT, 1, [Use locally installed libgcrypt instead of builtin gcrypt-light])
- ])
-
--dnl> PCRE
--PCRE_ENABLED=0
--AC_ARG_WITH(pcre, AS_HELP_STRING([--with-pcre], [Enable nDPI build with libpcre]))
--if test "${with_pcre+set}" = set; then :
-- AC_CHECK_LIB(pcre, pcre_compile, AC_DEFINE_UNQUOTED(HAVE_PCRE, 1, [libpcre(-dev) is present]))
-- if test "x$ac_cv_lib_pcre_pcre_compile" = xyes; then :
-- ADDITIONAL_LIBS="${ADDITIONAL_LIBS} -lpcre"
-- PCRE_ENABLED=1
-+dnl> PCRE2
-+PCRE2_ENABLED=0
-+AC_ARG_WITH(pcre2, AS_HELP_STRING([--with-pcre2], [Enable nDPI build with libpcre2]))
-+if test "${with_pcre2+set}" = set; then :
-+ AC_CHECK_LIB(pcre2-8, pcre2_compile_8, AC_DEFINE_UNQUOTED(HAVE_PCRE2, 1, [libpcre2(-dev) is present]))
-+ if test "x$ac_cv_lib_pcre2_8_pcre2_compile_8" = xyes; then :
-+ ADDITIONAL_LIBS="${ADDITIONAL_LIBS} -lpcre2-8"
-+ PCRE2_ENABLED=1
- fi
- fi
-
-@@ -420,7 +420,7 @@ AC_SUBST(GPROF_CFLAGS)
- AC_SUBST(GPROF_LIBS)
- AC_SUBST(GPROF_ENABLED)
- AC_SUBST(USE_HOST_LIBGCRYPT)
--AC_SUBST(PCRE_ENABLED)
-+AC_SUBST(PCRE2_ENABLED)
- AC_SUBST(NBPF_ENABLED)
- AC_SUBST(HANDLE_TLS_SIGS)
- AC_SUBST(DISABLE_NPCAP)
---- a/src/lib/ndpi_utils.c
-+++ b/src/lib/ndpi_utils.c
-@@ -62,12 +62,12 @@
-
- // #define DEBUG_REASSEMBLY
-
--#ifdef HAVE_PCRE
--#include <pcre.h>
-+#ifdef HAVE_PCRE2
-+#define PCRE2_CODE_UNIT_WIDTH 8
-+#include <pcre2.h>
-
--struct pcre_struct {
-- pcre *compiled;
-- pcre_extra *optimized;
-+struct pcre2_struct {
-+ pcre2_code *compiled;
- };
- #endif
-
-@@ -1712,18 +1712,19 @@ static int ndpi_is_xss_injection(char* q
-
- /* ********************************** */
-
--#ifdef HAVE_PCRE
-+#ifdef HAVE_PCRE2
-
- static void ndpi_compile_rce_regex() {
-- const char *pcreErrorStr = NULL;
-- int pcreErrorOffset;
-+ PCRE2_UCHAR pcreErrorStr[128];
-+ PCRE2_SIZE pcreErrorOffset;
-+ int pcreErrorCode;
-
- for(int i = 0; i < N_RCE_REGEX; i++) {
-- comp_rx[i] = (struct pcre_struct*)ndpi_malloc(sizeof(struct pcre_struct));
-+ comp_rx[i] = (struct pcre2_struct*)ndpi_malloc(sizeof(struct pcre2_struct));
-
-- comp_rx[i]->compiled = pcre_compile(rce_regex[i], 0, &pcreErrorStr,
-+ comp_rx[i]->compiled = pcre2_compile((PCRE2_SPTR)rce_regex[i], PCRE2_ZERO_TERMINATED, 0, &pcreErrorCode,
- &pcreErrorOffset, NULL);
--
-+ pcre2_get_error_message(pcreErrorCode, pcreErrorStr, 128);
- if(comp_rx[i]->compiled == NULL) {
- #ifdef DEBUG
- NDPI_LOG_ERR(ndpi_str, "ERROR: Could not compile '%s': %s\n", rce_regex[i],
-@@ -1733,17 +1734,16 @@ static void ndpi_compile_rce_regex() {
- continue;
- }
-
-- comp_rx[i]->optimized = pcre_study(comp_rx[i]->compiled, 0, &pcreErrorStr);
-+ pcreErrorCode = pcre2_jit_compile(comp_rx[i]->compiled, PCRE2_JIT_COMPLETE);
-
- #ifdef DEBUG
-- if(pcreErrorStr != NULL) {
-- NDPI_LOG_ERR(ndpi_str, "ERROR: Could not study '%s': %s\n", rce_regex[i],
-+ if(pcreErrorCode < 0) {
-+ pcre2_get_error_message(pcreErrorCode, pcreErrorStr, 128);
-+ NDPI_LOG_ERR(ndpi_str, "ERROR: Could not jit compile '%s': %s\n", rce_regex[i],
- pcreErrorStr);
- }
- #endif
- }
--
-- ndpi_free((void *)pcreErrorStr);
- }
-
- static int ndpi_is_rce_injection(char* query) {
-@@ -1752,17 +1752,17 @@ static int ndpi_is_rce_injection(char* q
- initialized_comp_rx = 1;
- }
-
-+ pcre2_match_data *pcreMatchData;
- int pcreExecRet;
-- int subStrVec[30];
-
- for(int i = 0; i < N_RCE_REGEX; i++) {
- unsigned int length = strlen(query);
-
-- pcreExecRet = pcre_exec(comp_rx[i]->compiled,
-- comp_rx[i]->optimized,
-- query, length, 0, 0, subStrVec, 30);
--
-- if(pcreExecRet >= 0) {
-+ pcreMatchData = pcre2_match_data_create_from_pattern(comp_rx[i]->compiled, NULL);
-+ pcreExecRet = pcre2_match(comp_rx[i]->compiled,
-+ (PCRE2_SPTR)query, length, 0, 0, pcreMatchData, NULL);
-+ pcre2_match_data_free(pcreMatchData);
-+ if(pcreExecRet > 0) {
- return 1;
- }
- #ifdef DEBUG
-@@ -1852,7 +1852,7 @@ ndpi_risk_enum ndpi_validate_url(char *u
- rc = NDPI_URL_POSSIBLE_XSS;
- else if(ndpi_is_sql_injection(decoded))
- rc = NDPI_URL_POSSIBLE_SQL_INJECTION;
--#ifdef HAVE_PCRE
-+#ifdef HAVE_PCRE2
- else if(ndpi_is_rce_injection(decoded))
- rc = NDPI_URL_POSSIBLE_RCE_INJECTION;
- #endif
---- a/src/lib/third_party/include/rce_injection.h
-+++ b/src/lib/third_party/include/rce_injection.h
-@@ -1,4 +1,4 @@
--#ifdef HAVE_PCRE
-+#ifdef HAVE_PCRE2
-
- #ifndef NDPI_RCE_H
- #define NDPI_RCE_H
-@@ -8,7 +8,7 @@
- #define N_RCE_REGEX 7
-
- /* Compiled regex */
--static struct pcre_struct *comp_rx[N_RCE_REGEX];
-+static struct pcre2_struct *comp_rx[N_RCE_REGEX];
-
- static unsigned int initialized_comp_rx = 0;
-
-@@ -615,4 +615,4 @@ static const char *pwsh_commands[] = {
- "-PSConsoleFile"
- };
-
--#endif //HAVE_PCRE
-\ No newline at end of file
-+#endif //HAVE_PCRE2
-\ No newline at end of file
---- a/tests/do.sh.in
-+++ b/tests/do.sh.in
-@@ -26,7 +26,7 @@ CMD_COLORDIFF="$(which colordiff)"
-
- EXE_SUFFIX=@EXE_SUFFIX@
- GPROF_ENABLED=@GPROF_ENABLED@
--PCRE_ENABLED=@PCRE_ENABLED@
-+PCRE2_ENABLED=@PCRE2_ENABLED@
- PCRE_PCAPS="WebattackRCE.pcap"
- NBPF_ENABLED=@NBPF_ENABLED@
- NBPF_PCAPS="h323-overflow.pcap"
-@@ -84,7 +84,7 @@ check_results() {
- [ $SKIP_PCAP = 1 ] && continue
- fi
- SKIP_PCAP=0
-- if [ $PCRE_ENABLED -eq 0 ]; then
-+ if [ $PCRE2_ENABLED -eq 0 ]; then
- for p in $PCRE_PCAPS; do
- if [ $f = $p ]; then
- SKIP_PCAP=1
projects / feed / packages.git / commitdiff