Bug 255182

Summary: www/hiawatha : regexp error on 13
Product: Ports & Packages Reporter: Ascilia <ascilia>
Component: Individual Port(s)Assignee: freebsd-ports-bugs (Nobody) <ports-bugs>
Status: Closed FIXED    
Severity: Affects Some People CC: fernape, kevans
Priority: ---    
Version: Latest   
Hardware: Any   
OS: Any   
Attachments:
Description Flags
Patch to fix regexp none

Description Ascilia 2021-04-18 12:51:18 UTC 
Server doesn't run anymore on 13, probably because of regexp changes.
It fails with message :
"Error in regexp '\s*(;\s*)?--(\s|')
Error initializing SQL injection detection."
I'm on freshly installed 13.0-RELEASE so I assume everyone is affected?

Problem is at the beginning of session.c I think.
Since I needed to run it I replaced every occurence of \\s with [[:space:]]
Not sure if that's right though, I don't use sqli detection, just needed it to not die on this initialization.
Comment 1 Fernando Apesteguía freebsd_committer freebsd_triage 2021-04-23 08:03:49 UTC 
Small repro:

#include <regex.h>
#include <stdio.h>

int
main()
{
        regex_t regexp;
        int ret = regcomp(&regexp, "\\s*", REG_EXTENDED | REG_ICASE | REG_NOSUB);
        if ( ret != 0) {
                printf("regexp compilation failed: %d\n", ret);
        }

        return 0;
}

This one works in 12.2 but fails to compile the regexp in FreeBSD 14.0-CURRENT #11 main-n245984-15221c552b3c with error 5 REG_EESCAPE   `\' applied to unescapable character.
Comment 2 Kyle Evans freebsd_committer freebsd_triage 2021-04-27 03:30:35 UTC 
(In reply to Fernando Apesteguía from comment #1)

Two paths forward, either is fine:

1.) As recommended by the reporter, \\s -> [[:space:]] to make these POSIX compliant expressions, OR

2.) Link against libregex, using devel/libgnuregex for FreeBSD < 13.0 and base libregex for >= 13.0

I'd tend to advise #1 because this is a GNUism.
Comment 3 Fernando Apesteguía freebsd_committer freebsd_triage 2021-04-27 07:47:46 UTC 
Created attachment 224467 [details]
Patch to fix regexp
Comment 4 Fernando Apesteguía freebsd_committer freebsd_triage 2021-04-27 07:48:37 UTC 
Thanks Kyle!

Ascilia, would you mind trying the attached patch? It seems to work for me, but I don't use this port and would appreciate if you could do some testing :-)

Thanks!
Comment 5 Ascilia 2021-04-27 10:52:34 UTC 
It is identical to what i've done, so yea it works fine for me,
then again I won't guarantee sql injection detection still works.
Thanks
Comment 6 Fernando Apesteguía freebsd_committer freebsd_triage 2021-04-27 13:50:06 UTC 
Committed,

Thanks!
Comment 7 commit-hook freebsd_committer freebsd_triage 2021-04-27 13:50:14 UTC 
A commit in branch main references this bug:

URL: https://cgit.FreeBSD.org/ports/commit/?id=f9372d01e096cb391b3ebc5cd69d7bebd640b5e9

commit f9372d01e096cb391b3ebc5cd69d7bebd640b5e9
Author:     Fernando Apesteguía <fernape@FreeBSD.org>
AuthorDate: 2021-04-27 07:17:30 +0000
Commit:     Fernando Apesteguía <fernape@FreeBSD.org>
CommitDate: 2021-04-27 13:45:53 +0000

    www/hiawatha : Fix run errors on 13

    Change regular expressions to POSIX-style.

    References:
    https://lists.freebsd.org/pipermail/freebsd-hackers/2021-April/057275.html

    PR:     255182
    Reported by:    ascilia@free.fr

 www/hiawatha/files/patch-src_session.c (new) | 27 +++++++++++++++++++++++++++
 1 file changed, 27 insertions(+)
Comment 8 Kyle Evans freebsd_committer freebsd_triage 2021-04-27 16:30:28 UTC 
(In reply to Ascilia from comment #5)

FWIW, having hit this means that sql injection detection was almost certainly not working before, it just silently failed trying to match the literal s rather than a space.