From d5f1f169bc71d32b96960266d54e189c69af00ba Mon Sep 17 00:00:00 2001 From: Maxim Dounin Date: Sat, 25 Dec 2021 01:07:18 +0300 Subject: [PATCH] Core: added NGX_REGEX_MULTILINE for 3rd party modules. Notably, NAXSI is known to misuse ngx_regex_compile() with rc.options set to PCRE_CASELESS | PCRE_MULTILINE. With PCRE2 support, and notably binary compatibility changes, it is no longer possible to set PCRE[2]_MULTILINE option without using proper interface. To facilitate correct usage, this change adds the NGX_REGEX_MULTILINE option. --- src/core/ngx_regex.c | 12 ++++++++++-- src/core/ngx_regex.h | 1 + 2 files changed, 11 insertions(+), 2 deletions(-) diff --git a/src/core/ngx_regex.c b/src/core/ngx_regex.c index 991728b27..bebf3b6a8 100644 --- a/src/core/ngx_regex.c +++ b/src/core/ngx_regex.c @@ -159,7 +159,11 @@ ngx_regex_compile(ngx_regex_compile_t *rc) options |= PCRE2_CASELESS; } - if (rc->options & ~NGX_REGEX_CASELESS) { + if (rc->options & NGX_REGEX_MULTILINE) { + options |= PCRE2_MULTILINE; + } + + if (rc->options & ~(NGX_REGEX_CASELESS|NGX_REGEX_MULTILINE)) { rc->err.len = ngx_snprintf(rc->err.data, rc->err.len, "regex \"%V\" compilation failed: invalid options", &rc->pattern) @@ -275,7 +279,11 @@ ngx_regex_compile(ngx_regex_compile_t *rc) options |= PCRE_CASELESS; } - if (rc->options & ~NGX_REGEX_CASELESS) { + if (rc->options & NGX_REGEX_MULTILINE) { + options |= PCRE_MULTILINE; + } + + if (rc->options & ~(NGX_REGEX_CASELESS|NGX_REGEX_MULTILINE)) { rc->err.len = ngx_snprintf(rc->err.data, rc->err.len, "regex \"%V\" compilation failed: invalid options", &rc->pattern) diff --git a/src/core/ngx_regex.h b/src/core/ngx_regex.h index 74e694d2e..182373a22 100644 --- a/src/core/ngx_regex.h +++ b/src/core/ngx_regex.h @@ -37,6 +37,7 @@ typedef struct { #define NGX_REGEX_CASELESS 0x00000001 +#define NGX_REGEX_MULTILINE 0x00000002 typedef struct {