regexec doesn't seem to initialised unused elements of rxmatch

diff --git a/src/main/evaluate.c b/src/main/evaluate.c
index c50a85f..01ee49a 100644 (file)
--- a/src/main/evaluate.c
+++ b/src/main/evaluate.c
@@ -236,6 +236,7 @@ static int do_regex(REQUEST *request, char const *lhs, char const *rhs, bool ifl
                return -1;
        }
 
+       memset(&rxmatch, 0, sizeof(rxmatch));   /* regexec does not seem to initialise unused elements */
        compare = regexec(&reg, lhs, REQUEST_MAX_REGEX + 1, rxmatch, 0);
        regfree(&reg);
        rad_regcapture(request, compare, lhs, rxmatch);

diff --git a/src/main/util.c b/src/main/util.c
index dfa3d68..1196d4a 100644 (file)
--- a/src/main/util.c
+++ b/src/main/util.c
@@ -1068,6 +1068,11 @@ void rad_regcapture(REQUEST *request, int compare, char const *value, regmatch_t
 
                len = rxmatch[i].rm_eo - rxmatch[i].rm_so;
                p = talloc_array(request, char, len + 1);
+               if (!p) {
+                       ERROR("Out of memory");
+                       return;
+               }
+
                memcpy(p, value + rxmatch[i].rm_so, len);
                p[len] = '\0';
 

diff --git a/src/main/valuepair.c b/src/main/valuepair.c
index b9a0179..624b368 100644 (file)
--- a/src/main/valuepair.c
+++ b/src/main/valuepair.c
@@ -95,6 +95,8 @@ int radius_compare_vps(REQUEST *request, VALUE_PAIR *check, VALUE_PAIR *vp)
                        RDEBUG("Invalid regular expression %s: %s", check->vp_strvalue, buffer);
                        return -2;
                }
+
+               memset(&rxmatch, 0, sizeof(rxmatch));   /* regexec does not seem to initialise unused elements */
                compare = regexec(&reg, value, REQUEST_MAX_REGEX + 1, rxmatch, 0);
                regfree(&reg);
                rad_regcapture(request, compare, value, rxmatch);