Revert back to using captured regex execution as it seems to be more effecient as the ovector can be used for working space even if it is not used for captures.

Warn when captures are used in the regex, but "capture" not specified.
2025-08-13 21:36:00 +03:00 · 2007-03-27 15:32:53 +00:00 · 2007-03-27 15:32:53 +00:00 · 891859f9c5
commit 891859f9c5
parent 59928bfe60
4 changed files with 23 additions and 11 deletions
--- a/3
+++ b/3
@ -8,7 +8,8 @@

 * Do not log 'allow' action as intercepted in the debug log.

-* Optimize regex execution to not capture unless 'capture' action used.
+* Warn if a regular expression captures subexpressions, but the
+  "capture" action was not specified.

 * Performance improvements in memory management.

--- a/apache2/msc_pcre.c
+++ b/apache2/msc_pcre.c
@ -91,3 +91,11 @@ int msc_regexec(msc_regex_t *regex, const char *s, unsigned int slen,

    return msc_regexec_capture(regex, s, slen, NULL, 0, error_msg);
 }
+
+/**
+ * Gets info on a compiled regex.
+ */
+int msc_fullinfo(msc_regex_t *regex, int what, void *where)
+{
+    return pcre_fullinfo(regex->re, regex->pe, what, where);
+}
--- a/apache2/msc_pcre.h
+++ b/apache2/msc_pcre.h
@ -36,4 +36,6 @@ int DSOLOCAL msc_regexec_capture(msc_regex_t *regex, const char *s,
 int DSOLOCAL msc_regexec(msc_regex_t *regex, const char *s, unsigned int slen,
    char **error_msg);

+int DSOLOCAL msc_fullinfo(msc_regex_t *regex, int what, void *where);
+
 #endif
--- a/apache2/re_operators.c
+++ b/apache2/re_operators.c
@ -108,18 +108,19 @@ static int msre_op_rx_execute(modsec_rec *msr, msre_rule *rule, msre_var *var, c
    /* Are we supposed to capture subexpressions? */
    capture = apr_table_get(rule->actionset->actions, "capture") ? 1 : 0;

-    if (capture) {
-        if (msr->txcfg->debuglog_level >= 9) {
-            msr_log(msr, 9, "Using captured regex execution.");
+    /* Warn when the regex captures but "capture" is not set */
+    if (msr->txcfg->debuglog_level >= 2) {
+        int capcount;
+        rc = msc_fullinfo(regex, PCRE_INFO_CAPTURECOUNT, &capcount);
+        if ((capture == 0) && (capcount > 0)) {
+            msr_log(msr, 2, "Warning. regex captures, but \"capture\" action not set.");
        }
-        rc = msc_regexec_capture(regex, target, target_length, ovector, 30, &my_error_msg);
-    }
-    else {
-        if (msr->txcfg->debuglog_level >= 9) {
-            msr_log(msr, 9, "Using uncaptured regex execution.");
-        }
-        rc = msc_regexec(regex, target, target_length, &my_error_msg);
    }
+
+    /* We always use capture so that ovector can be used as working space
+     * and no memory has to be allocated for any backreferences.
+     */
+    rc = msc_regexec_capture(regex, target, target_length, ovector, 30, &my_error_msg);
    if (rc < -1) {
        *error_msg = apr_psprintf(msr->mp, "Regex execution failed: %s", my_error_msg);
        return -1;