github_mirrors/ModSecurity
3
0
Fork 1
mirror of https://github.com/owasp-modsecurity/ModSecurity.git synced 2025-08-15 23:55:03 +03:00
Code Issues Packages Projects Releases Wiki Activity

Fixed utf8ToUnicode bad memory access

Browse Source
This commit is contained in:
Felipe Zimmerle 2017-01-06 02:01:23 -03:00 committed by Felipe Zimmerle
parent a8e5cce744
commit 0c37ba336b
No known key found for this signature in database
GPG Key ID: E6DFB08CE8B11277
1 changed files with 10 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
src/actions/transformations/utf8_to_unicode.cc
View File

@ -38,6 +38,7 @@ std::string Utf8ToUnicode::evaluate(std::string value,
std::string ret; std::string ret;
unsigned char *input = NULL; unsigned char *input = NULL;
int changed = 0; int changed = 0;
char *out;
input = reinterpret_cast<unsigned char *> input = reinterpret_cast<unsigned char *>
(malloc(sizeof(char) * value.length()+1)); (malloc(sizeof(char) * value.length()+1));
@ -48,11 +49,13 @@ std::string Utf8ToUnicode::evaluate(std::string value,
memcpy(input, value.c_str(), value.length()+1); memcpy(input, value.c_str(), value.length()+1);
inplace(input, value.size() + 1, &changed); out = inplace(input, value.size() + 1, &changed);
ret.assign(reinterpret_cast<char *>(input),
strlen(reinterpret_cast<char *>(input)));
free(input); free(input);
if (out != NULL) {
ret.assign(reinterpret_cast<char *>(out),
strlen(reinterpret_cast<char *>(out)));
free(out);
}
return ret; return ret;
} }
@ -64,6 +67,7 @@ char *Utf8ToUnicode::inplace(unsigned char *input,
unsigned int count = 0; unsigned int count = 0;
unsigned char c; unsigned char c;
char *data; char *data;
char *data_orig;
unsigned int i, len, j; unsigned int i, len, j;
unsigned int bytes_left = input_len; unsigned int bytes_left = input_len;
unsigned char unicode[8]; unsigned char unicode[8];
@ -74,6 +78,7 @@ char *Utf8ToUnicode::inplace(unsigned char *input,
if (data == NULL) { if (data == NULL) {
return NULL; return NULL;
} }
data_orig = data;
if (input == NULL) { if (input == NULL) {
free(data); free(data);
@ -299,7 +304,7 @@ char *Utf8ToUnicode::inplace(unsigned char *input,
*data ='\0'; *data ='\0';
return data; return data_orig;
} }