Check for NULL pointers

apache2/apache2_config.c

@@ -906,16 +906,16 @@ static const char *add_rule(cmd_parms *cmd, directory_config *dcfg, int type,
      */
     rule->actionset = msre_actionset_merge(modsecurity->msre, cmd->pool, dcfg->tmp_default_actionset,
         rule->actionset, 1);
-
-    /* Keep track of the parent action for "block" */
-    if (rule->actionset) {
-        rule->actionset->parent_intercept_action_rec = dcfg->tmp_default_actionset->intercept_action_rec;
-        rule->actionset->parent_intercept_action = dcfg->tmp_default_actionset->intercept_action;
+    if (rule->actionset == NULL) {
+        return apr_psprintf(cmd->pool, "ModSecurity: cannot merge actionset (memory full?).");
     }
 
+    /* Keep track of the parent action for "block" */
+    rule->actionset->parent_intercept_action_rec = dcfg->tmp_default_actionset->intercept_action_rec;
+    rule->actionset->parent_intercept_action = dcfg->tmp_default_actionset->intercept_action;
+
     /* Must NOT specify a disruptive action in logging phase. */
-    if ((rule->actionset != NULL)
-        && (rule->actionset->phase == PHASE_LOGGING)
+    if (   (rule->actionset->phase == PHASE_LOGGING)
         && (rule->actionset->intercept_action != ACTION_ALLOW)
         && (rule->actionset->intercept_action != ACTION_ALLOW_REQUEST)
         && (rule->actionset->intercept_action != ACTION_NONE)
@@ -926,10 +926,8 @@ static const char *add_rule(cmd_parms *cmd, directory_config *dcfg, int type,
 
     if (dcfg->tmp_chain_starter != NULL) {
         rule->chain_starter = dcfg->tmp_chain_starter;
-        if (rule->actionset) {
         rule->actionset->phase = rule->chain_starter->actionset->phase;
     }
-    }
 
     if (rule->actionset->is_chained != 1) {
         /* If this rule is part of the chain but does

apache2/msc_tree.c

@@ -656,6 +656,7 @@ TreeNode *CPTFindElementIPNetblock(modsec_rec *msr, unsigned char *ipdata, unsig
         }
 
         node = CPTRetriveNode(msr, ipdata, ip_bitmask, node);
+        if (node == NULL) return NULL;
 
         if (node && node->bit != ip_bitmask)    {
             if (msr && msr->txcfg->debuglog_level >= 9) {

apache2/re_operators.c

@@ -1098,6 +1098,7 @@ static int msre_op_rx_execute(modsec_rec *msr, msre_rule *rule, msre_var *var, c
     }
 
     /* Are we supposed to capture subexpressions? */
+    if (rule->actionset) {
         capture = apr_table_get(rule->actionset->actions, "capture") ? 1 : 0;
         matched_bytes = apr_table_get(rule->actionset->actions, "sanitizeMatchedBytes") ? 1 : 0;
         if(!matched_bytes)
@@ -1121,6 +1122,7 @@ static int msre_op_rx_execute(modsec_rec *msr, msre_rule *rule, msre_var *var, c
                 }
             }
         }
+    }
 
     /* We always use capture so that ovector can be used as working space
      * and no memory has to be allocated for any backreferences.
@@ -2934,11 +2936,9 @@ static int msre_op_verifyCC_execute(modsec_rec *msr, msre_rule *rule, msre_var *
 
             if (rule->actionset) {
                 matched_bytes = apr_table_get(rule->actionset->actions, "sanitizeMatchedBytes") ? 1 : 0;
-            }
                 if(!matched_bytes)
                     matched_bytes = apr_table_get(rule->actionset->actions, "sanitiseMatchedBytes") ? 1 : 0;
 
-
                 if (apr_table_get(rule->actionset->actions, "capture")) {
                     for(; i < rc; i++) {
                         msc_string *s = (msc_string *)apr_pcalloc(msr->mp, sizeof(msc_string));
@@ -2982,6 +2982,7 @@ static int msre_op_verifyCC_execute(modsec_rec *msr, msre_rule *rule, msre_var *
 
                     }
                 }
+            }
 
             /* Unset the remaining TX vars (from previous invocations). */
             for(; i <= 9; i++) {
@@ -3264,7 +3265,6 @@ static int msre_op_verifyCPF_execute(modsec_rec *msr, msre_rule *rule, msre_var
 
             if (rule->actionset) {
                 matched_bytes = apr_table_get(rule->actionset->actions, "sanitizeMatchedBytes") ? 1 : 0;
-            }
                 if(!matched_bytes)
                     matched_bytes = apr_table_get(rule->actionset->actions, "sanitiseMatchedBytes") ? 1 : 0;
 
@@ -3311,6 +3311,7 @@ static int msre_op_verifyCPF_execute(modsec_rec *msr, msre_rule *rule, msre_var
 
                     }
                 }
+            }
 
             /* Unset the remaining TX vars (from previous invocations). */
             for(; i <= 9; i++) {
@@ -3578,7 +3579,6 @@ static int msre_op_verifySSN_execute(modsec_rec *msr, msre_rule *rule, msre_var
 
             if (rule->actionset) {
                 matched_bytes = apr_table_get(rule->actionset->actions, "sanitizeMatchedBytes") ? 1 : 0;
-            }
                 if(!matched_bytes)
                     matched_bytes = apr_table_get(rule->actionset->actions, "sanitiseMatchedBytes") ? 1 : 0;
 
@@ -3625,6 +3625,7 @@ static int msre_op_verifySSN_execute(modsec_rec *msr, msre_rule *rule, msre_var
 
                     }
                 }
+            }
 
             /* Unset the remaining TX vars (from previous invocations). */
             for(; i <= 9; i++) {