github_mirrors/ModSecurity
3
0
Fork 1
mirror of https://github.com/owasp-modsecurity/ModSecurity.git synced 2025-08-14 13:56:01 +03:00
Code Issues Packages Projects Releases Wiki Activity

added more NULL checks at run-time

Browse Source
This commit is contained in:
Marc Stern 2024-08-14 19:00:25 +02:00
parent 22a6829690
commit 0066a67911
2 changed files with 38 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

36
apache2/apache2_config.c
View File

@ -2781,6 +2781,10 @@ static const char *cmd_rule_remove_by_tag(cmd_parms *cmd, void *_dcfg,
ap_log_perror(APLOG_MARK, APLOG_EMERG, 0, cmd->pool, NULL, "cmd_rule_remove_by_tag: _dcfg is NULL");
return NULL;
}
if (p1 == NULL) {
ap_log_perror(APLOG_MARK, APLOG_EMERG, 0, cmd->pool, NULL, "cmd_rule_remove_by_tag: p1 is NULL");
return NULL;
}
directory_config *dcfg = (directory_config *)_dcfg;
rule_exception *re = apr_pcalloc(cmd->pool, sizeof(rule_exception));
@ -3165,6 +3169,10 @@ static const char *cmd_hash_key(cmd_parms *cmd, void *_dcfg, const char *_p1, co
ap_log_perror(APLOG_MARK, APLOG_EMERG, 0, cmd->pool, NULL, "cmd_hash_key: _dcfg is NULL");
return NULL;
}
if (_p1 == NULL) {
ap_log_perror(APLOG_MARK, APLOG_EMERG, 0, cmd->pool, NULL, "cmd_hash_key: _p1 is NULL");
return NULL;
}
directory_config *dcfg = (directory_config *)_dcfg;
char *p1 = NULL;
@ -3211,6 +3219,10 @@ static const char *cmd_hash_method_pm(cmd_parms *cmd, void *_dcfg,
ap_log_perror(APLOG_MARK, APLOG_EMERG, 0, cmd->pool, NULL, "cmd_hash_method_pm: _dcfg is NULL");
return NULL;
}
if (p1 == NULL) {
ap_log_perror(APLOG_MARK, APLOG_EMERG, 0, cmd->pool, NULL, "cmd_hash_method_pm: p1 is NULL");
return NULL;
}
directory_config *dcfg = (directory_config *)_dcfg;
rule_exception *re = apr_pcalloc(cmd->pool, sizeof(hash_method));
const char *_p2 = apr_pstrdup(cmd->pool, p2);
@ -3383,6 +3395,10 @@ static const char *cmd_httpBl_key(cmd_parms *cmd, void *_dcfg, const char *p1)
ap_log_perror(APLOG_MARK, APLOG_EMERG, 0, cmd->pool, NULL, "cmd_httpBl_key: _dcfg is NULL");
return NULL;
}
if (p1 == NULL) {
ap_log_perror(APLOG_MARK, APLOG_EMERG, 0, cmd->pool, NULL, "cmd_httpBl_key: p1 is NULL");
return NULL;
}
directory_config *dcfg = (directory_config *)_dcfg;
dcfg->httpBlkey = p1;
@ -3397,6 +3413,11 @@ static const char *cmd_pcre_match_limit(cmd_parms *cmd,
{
assert(cmd != NULL);
assert(p1 != NULL);
// Normally useless code, left to be safe for the moment
if (p1 == NULL) {
ap_log_perror(APLOG_MARK, APLOG_EMERG, 0, cmd->pool, NULL, "cmd_pcre_match_limit: p1 is NULL");
return NULL;
}
long val;
if (cmd->server->is_virtual) {
@ -3418,6 +3439,11 @@ static const char *cmd_pcre_match_limit_recursion(cmd_parms *cmd,
{
assert(cmd != NULL);
assert(p1 != NULL);
// Normally useless code, left to be safe for the moment
if (p1 == NULL) {
ap_log_perror(APLOG_MARK, APLOG_EMERG, 0, cmd->pool, NULL, "cmd_pcre_match_limit_recursion: p1 is NULL");
return NULL;
}
long val;
if (cmd->server->is_virtual) {
@ -3442,6 +3468,16 @@ static const char *cmd_geo_lookup_db(cmd_parms *cmd, void *_dcfg,
{
assert(cmd != NULL);
assert(p1 != NULL);
assert(_dcfg != NULL);
// Normally useless code, left to be safe for the moment
if (_dcfg == NULL) {
ap_log_perror(APLOG_MARK, APLOG_EMERG, 0, cmd->pool, NULL, "cmd_geo_lookup_db: _dcfg is NULL");
return NULL;
}
if (p1 == NULL) {
ap_log_perror(APLOG_MARK, APLOG_EMERG, 0, cmd->pool, NULL, "cmd_geo_lookup_db: p1 is NULL");
return NULL;
}
const char *filename = resolve_relative_path(cmd->pool, cmd->directive->filename, p1);
char *error_msg;
directory_config *dcfg = (directory_config *)_dcfg;

2
apache2/msc_geo.c
View File

@ -12,6 +12,7 @@
* directly using the email address security@modsecurity.org.
*/
#include <assert.h>
#include "msc_geo.h"
@ -244,6 +245,7 @@ static int field_length(const char *field, int maxlen)
*/
int geo_init(directory_config *dcfg, const char *dbfn, char **error_msg)
{
assert(dcfg != NULL);
*error_msg = NULL;
if ((dcfg->geo == NULL) || (dcfg->geo == NOT_SET_P)) {