github_mirrors/ModSecurity
3
0
Fork 1
mirror of https://github.com/owasp-modsecurity/ModSecurity.git synced 2025-08-17 06:36:13 +03:00
Code Issues Packages Projects Releases Wiki Activity

Check for NULL pointers

Browse Source
This commit is contained in:
Marc Stern 2024-02-07 12:04:50 +01:00
parent e406bcadcd
commit 07f4076f46
3 changed files with 148 additions and 148 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
apache2/apache2_config.c
View File

@ -906,16 +906,16 @@ static const char *add_rule(cmd_parms *cmd, directory_config *dcfg, int type,
*/ */
rule->actionset = msre_actionset_merge(modsecurity->msre, cmd->pool, dcfg->tmp_default_actionset, rule->actionset = msre_actionset_merge(modsecurity->msre, cmd->pool, dcfg->tmp_default_actionset,
rule->actionset, 1); rule->actionset, 1);
if (rule->actionset == NULL) {
/* Keep track of the parent action for "block" */ return apr_psprintf(cmd->pool, "ModSecurity: cannot merge actionset (memory full?).");
if (rule->actionset) {
rule->actionset->parent_intercept_action_rec = dcfg->tmp_default_actionset->intercept_action_rec;
rule->actionset->parent_intercept_action = dcfg->tmp_default_actionset->intercept_action;
} }
/* Keep track of the parent action for "block" */
rule->actionset->parent_intercept_action_rec = dcfg->tmp_default_actionset->intercept_action_rec;
rule->actionset->parent_intercept_action = dcfg->tmp_default_actionset->intercept_action;
/* Must NOT specify a disruptive action in logging phase. */ /* Must NOT specify a disruptive action in logging phase. */
if ((rule->actionset != NULL) if ( (rule->actionset->phase == PHASE_LOGGING)
&& (rule->actionset->phase == PHASE_LOGGING)
&& (rule->actionset->intercept_action != ACTION_ALLOW) && (rule->actionset->intercept_action != ACTION_ALLOW)
&& (rule->actionset->intercept_action != ACTION_ALLOW_REQUEST) && (rule->actionset->intercept_action != ACTION_ALLOW_REQUEST)
&& (rule->actionset->intercept_action != ACTION_NONE) && (rule->actionset->intercept_action != ACTION_NONE)
@ -926,10 +926,8 @@ static const char *add_rule(cmd_parms *cmd, directory_config *dcfg, int type,
if (dcfg->tmp_chain_starter != NULL) { if (dcfg->tmp_chain_starter != NULL) {
rule->chain_starter = dcfg->tmp_chain_starter; rule->chain_starter = dcfg->tmp_chain_starter;
if (rule->actionset) {
rule->actionset->phase = rule->chain_starter->actionset->phase; rule->actionset->phase = rule->chain_starter->actionset->phase;
} }
}
if (rule->actionset->is_chained != 1) { if (rule->actionset->is_chained != 1) {
/* If this rule is part of the chain but does /* If this rule is part of the chain but does

1
apache2/msc_tree.c
View File

@ -656,6 +656,7 @@ TreeNode *CPTFindElementIPNetblock(modsec_rec *msr, unsigned char *ipdata, unsig
} }
node = CPTRetriveNode(msr, ipdata, ip_bitmask, node); node = CPTRetriveNode(msr, ipdata, ip_bitmask, node);
if (node == NULL) return NULL;
if (node && node->bit != ip_bitmask) { if (node && node->bit != ip_bitmask) {
if (msr && msr->txcfg->debuglog_level >= 9) { if (msr && msr->txcfg->debuglog_level >= 9) {

9
apache2/re_operators.c
View File

@ -1098,6 +1098,7 @@ static int msre_op_rx_execute(modsec_rec *msr, msre_rule *rule, msre_var *var, c
} }
/* Are we supposed to capture subexpressions? */ /* Are we supposed to capture subexpressions? */
if (rule->actionset) {
capture = apr_table_get(rule->actionset->actions, "capture") ? 1 : 0; capture = apr_table_get(rule->actionset->actions, "capture") ? 1 : 0;
matched_bytes = apr_table_get(rule->actionset->actions, "sanitizeMatchedBytes") ? 1 : 0; matched_bytes = apr_table_get(rule->actionset->actions, "sanitizeMatchedBytes") ? 1 : 0;
if(!matched_bytes) if(!matched_bytes)
@ -1121,6 +1122,7 @@ static int msre_op_rx_execute(modsec_rec *msr, msre_rule *rule, msre_var *var, c
} }
} }
} }
}
/* We always use capture so that ovector can be used as working space /* We always use capture so that ovector can be used as working space
* and no memory has to be allocated for any backreferences. * and no memory has to be allocated for any backreferences.
@ -2934,11 +2936,9 @@ static int msre_op_verifyCC_execute(modsec_rec *msr, msre_rule *rule, msre_var *
if (rule->actionset) { if (rule->actionset) {
matched_bytes = apr_table_get(rule->actionset->actions, "sanitizeMatchedBytes") ? 1 : 0; matched_bytes = apr_table_get(rule->actionset->actions, "sanitizeMatchedBytes") ? 1 : 0;
}
if(!matched_bytes) if(!matched_bytes)
matched_bytes = apr_table_get(rule->actionset->actions, "sanitiseMatchedBytes") ? 1 : 0; matched_bytes = apr_table_get(rule->actionset->actions, "sanitiseMatchedBytes") ? 1 : 0;
if (apr_table_get(rule->actionset->actions, "capture")) { if (apr_table_get(rule->actionset->actions, "capture")) {
for(; i < rc; i++) { for(; i < rc; i++) {
msc_string *s = (msc_string *)apr_pcalloc(msr->mp, sizeof(msc_string)); msc_string *s = (msc_string *)apr_pcalloc(msr->mp, sizeof(msc_string));
@ -2982,6 +2982,7 @@ static int msre_op_verifyCC_execute(modsec_rec *msr, msre_rule *rule, msre_var *
} }
} }
}
/* Unset the remaining TX vars (from previous invocations). */ /* Unset the remaining TX vars (from previous invocations). */
for(; i <= 9; i++) { for(; i <= 9; i++) {
@ -3264,7 +3265,6 @@ static int msre_op_verifyCPF_execute(modsec_rec *msr, msre_rule *rule, msre_var
if (rule->actionset) { if (rule->actionset) {
matched_bytes = apr_table_get(rule->actionset->actions, "sanitizeMatchedBytes") ? 1 : 0; matched_bytes = apr_table_get(rule->actionset->actions, "sanitizeMatchedBytes") ? 1 : 0;
}
if(!matched_bytes) if(!matched_bytes)
matched_bytes = apr_table_get(rule->actionset->actions, "sanitiseMatchedBytes") ? 1 : 0; matched_bytes = apr_table_get(rule->actionset->actions, "sanitiseMatchedBytes") ? 1 : 0;
@ -3311,6 +3311,7 @@ static int msre_op_verifyCPF_execute(modsec_rec *msr, msre_rule *rule, msre_var
} }
} }
}
/* Unset the remaining TX vars (from previous invocations). */ /* Unset the remaining TX vars (from previous invocations). */
for(; i <= 9; i++) { for(; i <= 9; i++) {
@ -3578,7 +3579,6 @@ static int msre_op_verifySSN_execute(modsec_rec *msr, msre_rule *rule, msre_var
if (rule->actionset) { if (rule->actionset) {
matched_bytes = apr_table_get(rule->actionset->actions, "sanitizeMatchedBytes") ? 1 : 0; matched_bytes = apr_table_get(rule->actionset->actions, "sanitizeMatchedBytes") ? 1 : 0;
}
if(!matched_bytes) if(!matched_bytes)
matched_bytes = apr_table_get(rule->actionset->actions, "sanitiseMatchedBytes") ? 1 : 0; matched_bytes = apr_table_get(rule->actionset->actions, "sanitiseMatchedBytes") ? 1 : 0;
@ -3625,6 +3625,7 @@ static int msre_op_verifySSN_execute(modsec_rec *msr, msre_rule *rule, msre_var
} }
} }
}
/* Unset the remaining TX vars (from previous invocations). */ /* Unset the remaining TX vars (from previous invocations). */
for(; i <= 9; i++) { for(; i <= 9; i++) {