Core: added NGX_REGEX_MULTILINE for 3rd party modules.

Notably, NAXSI is known to misuse ngx_regex_compile() with rc.options set
to PCRE_CASELESS | PCRE_MULTILINE.  With PCRE2 support, and notably binary
compatibility changes, it is no longer possible to set PCRE[2]_MULTILINE
option without using proper interface.  To facilitate correct usage,
this change adds the NGX_REGEX_MULTILINE option.
This commit is contained in:
Maxim Dounin 2021-12-25 01:07:18 +03:00
parent 5d40152946
commit 358936940d
2 changed files with 11 additions and 2 deletions

View file

@ -159,7 +159,11 @@ ngx_regex_compile(ngx_regex_compile_t *rc)
options |= PCRE2_CASELESS; options |= PCRE2_CASELESS;
} }
if (rc->options & ~NGX_REGEX_CASELESS) { if (rc->options & NGX_REGEX_MULTILINE) {
options |= PCRE2_MULTILINE;
}
if (rc->options & ~(NGX_REGEX_CASELESS|NGX_REGEX_MULTILINE)) {
rc->err.len = ngx_snprintf(rc->err.data, rc->err.len, rc->err.len = ngx_snprintf(rc->err.data, rc->err.len,
"regex \"%V\" compilation failed: invalid options", "regex \"%V\" compilation failed: invalid options",
&rc->pattern) &rc->pattern)
@ -275,7 +279,11 @@ ngx_regex_compile(ngx_regex_compile_t *rc)
options |= PCRE_CASELESS; options |= PCRE_CASELESS;
} }
if (rc->options & ~NGX_REGEX_CASELESS) { if (rc->options & NGX_REGEX_MULTILINE) {
options |= PCRE_MULTILINE;
}
if (rc->options & ~(NGX_REGEX_CASELESS|NGX_REGEX_MULTILINE)) {
rc->err.len = ngx_snprintf(rc->err.data, rc->err.len, rc->err.len = ngx_snprintf(rc->err.data, rc->err.len,
"regex \"%V\" compilation failed: invalid options", "regex \"%V\" compilation failed: invalid options",
&rc->pattern) &rc->pattern)

View file

@ -37,6 +37,7 @@ typedef struct {
#define NGX_REGEX_CASELESS 0x00000001 #define NGX_REGEX_CASELESS 0x00000001
#define NGX_REGEX_MULTILINE 0x00000002
typedef struct { typedef struct {