bugfix: buffer overrun if re_extract function was called for submatch 50

Thanks to Pavel Levshin for reporting the problem and its location.
author: Rainer Gerhards <rgerhards@adiscon.com> 2013-10-25 14:20:36 +0200
committer: Rainer Gerhards <rgerhards@adiscon.com> 2013-10-25 14:20:36 +0200
commit: bf95d5f034221fbc49904c30774f4ae269d4df68 (patch)
tree: 594376aa7a9d7b40717ec03b26b6fecf952d6526 /grammar/rainerscript.c
parent: 171def31f9630fc8bc47e5fc3a562d19111ca546 (diff)
download: rsyslog-bf95d5f034221fbc49904c30774f4ae269d4df68.tar.gz
rsyslog-bf95d5f034221fbc49904c30774f4ae269d4df68.tar.bz2
rsyslog-bf95d5f034221fbc49904c30774f4ae269d4df68.zip
1 files changed, 1 insertions, 1 deletions
diff --git a/grammar/rainerscript.c b/grammar/rainerscript.c
index 9cacb4ae..b86f7c30 100644
--- a/grammar/rainerscript.c
+++ b/grammar/rainerscript.c
@@ -1259,7 +1259,7 @@ doFunc_re_extract(struct cnffunc *func, struct var *ret, void* usrptr)
 	str = (char*) var2CString(&r[0], &bMustFree);
 	matchnbr = (short) var2Number(&r[2], NULL);
 	submatchnbr = (size_t) var2Number(&r[3], NULL);
-	if(submatchnbr > sizeof(pmatch)/sizeof(regmatch_t)) {
+	if(submatchnbr >= sizeof(pmatch)/sizeof(regmatch_t)) {
 		DBGPRINTF("re_extract() submatch %d is too large\n", submatchnbr);
 		bHadNoMatch = 1;
 		goto finalize_it;
author	Rainer Gerhards <rgerhards@adiscon.com>	2013-10-25 14:20:36 +0200
committer	Rainer Gerhards <rgerhards@adiscon.com>	2013-10-25 14:20:36 +0200
commit	bf95d5f034221fbc49904c30774f4ae269d4df68 (patch)
tree	594376aa7a9d7b40717ec03b26b6fecf952d6526 /grammar/rainerscript.c
parent	171def31f9630fc8bc47e5fc3a562d19111ca546 (diff)
download	rsyslog-bf95d5f034221fbc49904c30774f4ae269d4df68.tar.gz rsyslog-bf95d5f034221fbc49904c30774f4ae269d4df68.tar.bz2 rsyslog-bf95d5f034221fbc49904c30774f4ae269d4df68.zip