github_mirrors/ModSecurity
3
0
Fork 1
mirror of https://github.com/owasp-modsecurity/ModSecurity.git synced 2025-08-16 07:56:12 +03:00
Code Issues Packages Projects Releases Wiki Activity

Check for NULL pointers

Browse Source
This commit is contained in:
Marc Stern 2024-02-07 12:04:50 +01:00
parent e406bcadcd
commit 07f4076f46
3 changed files with 148 additions and 148 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

18
apache2/apache2_config.c
View File

@ -906,16 +906,16 @@ static const char *add_rule(cmd_parms *cmd, directory_config *dcfg, int type,
*/ */
rule->actionset = msre_actionset_merge(modsecurity->msre, cmd->pool, dcfg->tmp_default_actionset, rule->actionset = msre_actionset_merge(modsecurity->msre, cmd->pool, dcfg->tmp_default_actionset,
rule->actionset, 1); rule->actionset, 1);
if (rule->actionset == NULL) {
/* Keep track of the parent action for "block" */ return apr_psprintf(cmd->pool, "ModSecurity: cannot merge actionset (memory full?).");
if (rule->actionset) {
rule->actionset->parent_intercept_action_rec = dcfg->tmp_default_actionset->intercept_action_rec;
rule->actionset->parent_intercept_action = dcfg->tmp_default_actionset->intercept_action;
} }
/* Keep track of the parent action for "block" */
rule->actionset->parent_intercept_action_rec = dcfg->tmp_default_actionset->intercept_action_rec;
rule->actionset->parent_intercept_action = dcfg->tmp_default_actionset->intercept_action;
/* Must NOT specify a disruptive action in logging phase. */ /* Must NOT specify a disruptive action in logging phase. */
if ((rule->actionset != NULL) if ( (rule->actionset->phase == PHASE_LOGGING)
&& (rule->actionset->phase == PHASE_LOGGING)
&& (rule->actionset->intercept_action != ACTION_ALLOW) && (rule->actionset->intercept_action != ACTION_ALLOW)
&& (rule->actionset->intercept_action != ACTION_ALLOW_REQUEST) && (rule->actionset->intercept_action != ACTION_ALLOW_REQUEST)
&& (rule->actionset->intercept_action != ACTION_NONE) && (rule->actionset->intercept_action != ACTION_NONE)
@ -926,9 +926,7 @@ static const char *add_rule(cmd_parms *cmd, directory_config *dcfg, int type,
if (dcfg->tmp_chain_starter != NULL) { if (dcfg->tmp_chain_starter != NULL) {
rule->chain_starter = dcfg->tmp_chain_starter; rule->chain_starter = dcfg->tmp_chain_starter;
if (rule->actionset) { rule->actionset->phase = rule->chain_starter->actionset->phase;
rule->actionset->phase = rule->chain_starter->actionset->phase;
}
} }
if (rule->actionset->is_chained != 1) { if (rule->actionset->is_chained != 1) {

1
apache2/msc_tree.c
View File

@ -656,6 +656,7 @@ TreeNode *CPTFindElementIPNetblock(modsec_rec *msr, unsigned char *ipdata, unsig
} }
node = CPTRetriveNode(msr, ipdata, ip_bitmask, node); node = CPTRetriveNode(msr, ipdata, ip_bitmask, node);
if (node == NULL) return NULL;
if (node && node->bit != ip_bitmask) { if (node && node->bit != ip_bitmask) {
if (msr && msr->txcfg->debuglog_level >= 9) { if (msr && msr->txcfg->debuglog_level >= 9) {

277
apache2/re_operators.c
View File

@ -1098,26 +1098,28 @@ static int msre_op_rx_execute(modsec_rec *msr, msre_rule *rule, msre_var *var, c
} }
/* Are we supposed to capture subexpressions? */ /* Are we supposed to capture subexpressions? */
capture = apr_table_get(rule->actionset->actions, "capture") ? 1 : 0; if (rule->actionset) {
matched_bytes = apr_table_get(rule->actionset->actions, "sanitizeMatchedBytes") ? 1 : 0; capture = apr_table_get(rule->actionset->actions, "capture") ? 1 : 0;
if(!matched_bytes) matched_bytes = apr_table_get(rule->actionset->actions, "sanitizeMatchedBytes") ? 1 : 0;
matched_bytes = apr_table_get(rule->actionset->actions, "sanitiseMatchedBytes") ? 1 : 0; if(!matched_bytes)
matched_bytes = apr_table_get(rule->actionset->actions, "sanitiseMatchedBytes") ? 1 : 0;
matched = apr_table_get(rule->actionset->actions, "sanitizeMatched") ? 1 : 0; matched = apr_table_get(rule->actionset->actions, "sanitizeMatched") ? 1 : 0;
if(!matched) if(!matched)
matched = apr_table_get(rule->actionset->actions, "sanitiseMatched") ? 1 : 0; matched = apr_table_get(rule->actionset->actions, "sanitiseMatched") ? 1 : 0;
/* Show when the regex captures but "capture" is not set */ /* Show when the regex captures but "capture" is not set */
if (msr->txcfg->debuglog_level >= 6) {
int capcount = 0;
#ifdef WITH_PCRE2
rc = msc_fullinfo(regex, PCRE2_INFO_CAPTURECOUNT, &capcount);
#else
rc = msc_fullinfo(regex, PCRE_INFO_CAPTURECOUNT, &capcount);
#endif
if (msr->txcfg->debuglog_level >= 6) { if (msr->txcfg->debuglog_level >= 6) {
if ((capture == 0) && (capcount > 0)) { int capcount = 0;
msr_log(msr, 6, "Ignoring regex captures since \"capture\" action is not enabled."); #ifdef WITH_PCRE2
rc = msc_fullinfo(regex, PCRE2_INFO_CAPTURECOUNT, &capcount);
#else
rc = msc_fullinfo(regex, PCRE_INFO_CAPTURECOUNT, &capcount);
#endif
if (msr->txcfg->debuglog_level >= 6) {
if ((capture == 0) && (capcount > 0)) {
msr_log(msr, 6, "Ignoring regex captures since \"capture\" action is not enabled.");
}
} }
} }
} }
@ -2934,52 +2936,51 @@ static int msre_op_verifyCC_execute(modsec_rec *msr, msre_rule *rule, msre_var *
if (rule->actionset) { if (rule->actionset) {
matched_bytes = apr_table_get(rule->actionset->actions, "sanitizeMatchedBytes") ? 1 : 0; matched_bytes = apr_table_get(rule->actionset->actions, "sanitizeMatchedBytes") ? 1 : 0;
} if(!matched_bytes)
if(!matched_bytes) matched_bytes = apr_table_get(rule->actionset->actions, "sanitiseMatchedBytes") ? 1 : 0;
matched_bytes = apr_table_get(rule->actionset->actions, "sanitiseMatchedBytes") ? 1 : 0;
if (apr_table_get(rule->actionset->actions, "capture")) {
for(; i < rc; i++) {
msc_string *s = (msc_string *)apr_pcalloc(msr->mp, sizeof(msc_string));
if (s == NULL) return -1;
s->name = apr_psprintf(msr->mp, "%d", i);
if (s->name == NULL) return -1;
s->name_len = strlen(s->name);
s->value = apr_pstrmemdup(msr->mp, match, length);
if (s->value == NULL) return -1;
s->value_len = length;
if (apr_table_get(rule->actionset->actions, "capture")) { apr_table_setn(msr->tx_vars, s->name, (void *)s);
for(; i < rc; i++) {
msc_string *s = (msc_string *)apr_pcalloc(msr->mp, sizeof(msc_string));
if (s == NULL) return -1;
s->name = apr_psprintf(msr->mp, "%d", i);
if (s->name == NULL) return -1;
s->name_len = strlen(s->name);
s->value = apr_pstrmemdup(msr->mp, match, length);
if (s->value == NULL) return -1;
s->value_len = length;
apr_table_setn(msr->tx_vars, s->name, (void *)s); if (msr->txcfg->debuglog_level >= 9) {
msr_log(msr, 9, "Added regex subexpression to TX.%d: %s", i,
if (msr->txcfg->debuglog_level >= 9) { log_escape_nq_ex(msr->mp, s->value, s->value_len));
msr_log(msr, 9, "Added regex subexpression to TX.%d: %s", i,
log_escape_nq_ex(msr->mp, s->value, s->value_len));
}
if((matched_bytes == 1) && (var != NULL) && (var->name != NULL)) {
qspos = apr_psprintf(msr->mp, "%s", var->name);
parm = strstr(qspos, ":");
if (parm != NULL) {
parm++;
mparm = apr_palloc(msr->mp, sizeof(msc_parm));
if (mparm == NULL)
continue;
mparm->value = apr_pstrmemdup(msr->mp,s->value,s->value_len);
mparm->pad_1 = rule->actionset->arg_min;
mparm->pad_2 = rule->actionset->arg_max;
apr_table_addn(msr->pattern_to_sanitize, parm, (void *)mparm);
} else {
mparm = apr_palloc(msr->mp, sizeof(msc_parm));
if (mparm == NULL)
continue;
mparm->value = apr_pstrmemdup(msr->mp,s->value,s->value_len);
apr_table_addn(msr->pattern_to_sanitize, qspos, (void *)mparm);
} }
}
if((matched_bytes == 1) && (var != NULL) && (var->name != NULL)) {
qspos = apr_psprintf(msr->mp, "%s", var->name);
parm = strstr(qspos, ":");
if (parm != NULL) {
parm++;
mparm = apr_palloc(msr->mp, sizeof(msc_parm));
if (mparm == NULL)
continue;
mparm->value = apr_pstrmemdup(msr->mp,s->value,s->value_len);
mparm->pad_1 = rule->actionset->arg_min;
mparm->pad_2 = rule->actionset->arg_max;
apr_table_addn(msr->pattern_to_sanitize, parm, (void *)mparm);
} else {
mparm = apr_palloc(msr->mp, sizeof(msc_parm));
if (mparm == NULL)
continue;
mparm->value = apr_pstrmemdup(msr->mp,s->value,s->value_len);
apr_table_addn(msr->pattern_to_sanitize, qspos, (void *)mparm);
}
}
}
} }
} }
@ -3264,51 +3265,51 @@ static int msre_op_verifyCPF_execute(modsec_rec *msr, msre_rule *rule, msre_var
if (rule->actionset) { if (rule->actionset) {
matched_bytes = apr_table_get(rule->actionset->actions, "sanitizeMatchedBytes") ? 1 : 0; matched_bytes = apr_table_get(rule->actionset->actions, "sanitizeMatchedBytes") ? 1 : 0;
} if(!matched_bytes)
if(!matched_bytes) matched_bytes = apr_table_get(rule->actionset->actions, "sanitiseMatchedBytes") ? 1 : 0;
matched_bytes = apr_table_get(rule->actionset->actions, "sanitiseMatchedBytes") ? 1 : 0;
if (apr_table_get(rule->actionset->actions, "capture")) { if (apr_table_get(rule->actionset->actions, "capture")) {
for(; i < rc; i++) { for(; i < rc; i++) {
msc_string *s = (msc_string *)apr_pcalloc(msr->mp, sizeof(msc_string)); msc_string *s = (msc_string *)apr_pcalloc(msr->mp, sizeof(msc_string));
if (s == NULL) return -1; if (s == NULL) return -1;
s->name = apr_psprintf(msr->mp, "%d", i); s->name = apr_psprintf(msr->mp, "%d", i);
if (s->name == NULL) return -1; if (s->name == NULL) return -1;
s->name_len = strlen(s->name); s->name_len = strlen(s->name);
s->value = apr_pstrmemdup(msr->mp, match, length); s->value = apr_pstrmemdup(msr->mp, match, length);
if (s->value == NULL) return -1; if (s->value == NULL) return -1;
s->value_len = length; s->value_len = length;
apr_table_setn(msr->tx_vars, s->name, (void *)s); apr_table_setn(msr->tx_vars, s->name, (void *)s);
if (msr->txcfg->debuglog_level >= 9) { if (msr->txcfg->debuglog_level >= 9) {
msr_log(msr, 9, "Added regex subexpression to TX.%d: %s", i, msr_log(msr, 9, "Added regex subexpression to TX.%d: %s", i,
log_escape_nq_ex(msr->mp, s->value, s->value_len)); log_escape_nq_ex(msr->mp, s->value, s->value_len));
}
if((matched_bytes == 1) && (var != NULL) && (var->name != NULL)) {
qspos = apr_psprintf(msr->mp, "%s", var->name);
parm = strstr(qspos, ":");
if (parm != NULL) {
parm++;
mparm = apr_palloc(msr->mp, sizeof(msc_parm));
if (mparm == NULL)
continue;
mparm->value = apr_pstrmemdup(msr->mp,s->value,s->value_len);
mparm->pad_1 = rule->actionset->arg_min;
mparm->pad_2 = rule->actionset->arg_max;
apr_table_addn(msr->pattern_to_sanitize, parm, (void *)mparm);
} else {
mparm = apr_palloc(msr->mp, sizeof(msc_parm));
if (mparm == NULL)
continue;
mparm->value = apr_pstrmemdup(msr->mp,s->value,s->value_len);
apr_table_addn(msr->pattern_to_sanitize, qspos, (void *)mparm);
} }
}
if((matched_bytes == 1) && (var != NULL) && (var->name != NULL)) {
qspos = apr_psprintf(msr->mp, "%s", var->name);
parm = strstr(qspos, ":");
if (parm != NULL) {
parm++;
mparm = apr_palloc(msr->mp, sizeof(msc_parm));
if (mparm == NULL)
continue;
mparm->value = apr_pstrmemdup(msr->mp,s->value,s->value_len);
mparm->pad_1 = rule->actionset->arg_min;
mparm->pad_2 = rule->actionset->arg_max;
apr_table_addn(msr->pattern_to_sanitize, parm, (void *)mparm);
} else {
mparm = apr_palloc(msr->mp, sizeof(msc_parm));
if (mparm == NULL)
continue;
mparm->value = apr_pstrmemdup(msr->mp,s->value,s->value_len);
apr_table_addn(msr->pattern_to_sanitize, qspos, (void *)mparm);
}
}
}
} }
} }
@ -3578,51 +3579,51 @@ static int msre_op_verifySSN_execute(modsec_rec *msr, msre_rule *rule, msre_var
if (rule->actionset) { if (rule->actionset) {
matched_bytes = apr_table_get(rule->actionset->actions, "sanitizeMatchedBytes") ? 1 : 0; matched_bytes = apr_table_get(rule->actionset->actions, "sanitizeMatchedBytes") ? 1 : 0;
} if(!matched_bytes)
if(!matched_bytes) matched_bytes = apr_table_get(rule->actionset->actions, "sanitiseMatchedBytes") ? 1 : 0;
matched_bytes = apr_table_get(rule->actionset->actions, "sanitiseMatchedBytes") ? 1 : 0;
if (apr_table_get(rule->actionset->actions, "capture")) { if (apr_table_get(rule->actionset->actions, "capture")) {
for(; i < rc; i++) { for(; i < rc; i++) {
msc_string *s = (msc_string *)apr_pcalloc(msr->mp, sizeof(msc_string)); msc_string *s = (msc_string *)apr_pcalloc(msr->mp, sizeof(msc_string));
if (s == NULL) return -1; if (s == NULL) return -1;
s->name = apr_psprintf(msr->mp, "%d", i); s->name = apr_psprintf(msr->mp, "%d", i);
if (s->name == NULL) return -1; if (s->name == NULL) return -1;
s->name_len = strlen(s->name); s->name_len = strlen(s->name);
s->value = apr_pstrmemdup(msr->mp, match, length); s->value = apr_pstrmemdup(msr->mp, match, length);
if (s->value == NULL) return -1; if (s->value == NULL) return -1;
s->value_len = length; s->value_len = length;
apr_table_setn(msr->tx_vars, s->name, (void *)s); apr_table_setn(msr->tx_vars, s->name, (void *)s);
if (msr->txcfg->debuglog_level >= 9) { if (msr->txcfg->debuglog_level >= 9) {
msr_log(msr, 9, "Added regex subexpression to TX.%d: %s", i, msr_log(msr, 9, "Added regex subexpression to TX.%d: %s", i,
log_escape_nq_ex(msr->mp, s->value, s->value_len)); log_escape_nq_ex(msr->mp, s->value, s->value_len));
}
if((matched_bytes == 1) && (var != NULL) && (var->name != NULL)) {
qspos = apr_psprintf(msr->mp, "%s", var->name);
parm = strstr(qspos, ":");
if (parm != NULL) {
parm++;
mparm = apr_palloc(msr->mp, sizeof(msc_parm));
if (mparm == NULL)
continue;
mparm->value = apr_pstrmemdup(msr->mp,s->value,s->value_len);
mparm->pad_1 = rule->actionset->arg_min;
mparm->pad_2 = rule->actionset->arg_max;
apr_table_addn(msr->pattern_to_sanitize, parm, (void *)mparm);
} else {
mparm = apr_palloc(msr->mp, sizeof(msc_parm));
if (mparm == NULL)
continue;
mparm->value = apr_pstrmemdup(msr->mp,s->value,s->value_len);
apr_table_addn(msr->pattern_to_sanitize, qspos, (void *)mparm);
} }
}
if((matched_bytes == 1) && (var != NULL) && (var->name != NULL)) {
qspos = apr_psprintf(msr->mp, "%s", var->name);
parm = strstr(qspos, ":");
if (parm != NULL) {
parm++;
mparm = apr_palloc(msr->mp, sizeof(msc_parm));
if (mparm == NULL)
continue;
mparm->value = apr_pstrmemdup(msr->mp,s->value,s->value_len);
mparm->pad_1 = rule->actionset->arg_min;
mparm->pad_2 = rule->actionset->arg_max;
apr_table_addn(msr->pattern_to_sanitize, parm, (void *)mparm);
} else {
mparm = apr_palloc(msr->mp, sizeof(msc_parm));
if (mparm == NULL)
continue;
mparm->value = apr_pstrmemdup(msr->mp,s->value,s->value_len);
apr_table_addn(msr->pattern_to_sanitize, qspos, (void *)mparm);
}
}
}
} }
} }