From 0edf943d2557a414f4a7a92418e3ad0591a76f24 Mon Sep 17 00:00:00 2001 From: brectanus Date: Tue, 6 Mar 2007 16:42:15 +0000 Subject: [PATCH] Merge in updates from trunk --- CHANGES | 15 ++++++++++++++- apache2/apache2_config.c | 2 +- apache2/apache2_io.c | 2 +- apache2/modsecurity.c | 6 ++++-- apache2/modsecurity.h | 4 ++-- apache2/msc_multipart.c | 2 +- apache2/msc_parsers.c | 12 ++++++------ apache2/msc_parsers.h | 4 ++-- apache2/msc_reqbody.c | 4 ++-- apache2/msc_util.c | 20 ++++++++++---------- apache2/msc_util.h | 4 ++-- apache2/re.c | 2 +- apache2/re_actions.c | 2 +- apache2/re_operators.c | 2 +- apache2/re_tfns.c | 24 ++++++++++++------------ apache2/re_variables.c | 15 ++++----------- 16 files changed, 64 insertions(+), 56 deletions(-) diff --git a/CHANGES b/CHANGES index ba2eb2e2..13c24803 100644 --- a/CHANGES +++ b/CHANGES @@ -1,5 +1,18 @@ -23 Feb 2006 - 2.1.0 +01 Mar 2007 - 2.1.x +------------------- + +* Fixed ASCIIZ (NUL) parsing for application/x-www-form-urlencoded forms + +* Fixed the faulty REQUEST_FILENAME variable, which used to change + the internal Apache structures by mistake. + +* Updates to quiet some compiler warnings. + +* Fixed some casting issues for compiling on NetWare (patch from Guenter Knauf). + + +23 Feb 2007 - 2.1.0 ------------------- * Removed the "Connection reset by peer" message, which has nothing diff --git a/apache2/apache2_config.c b/apache2/apache2_config.c index a69a62da..b19ea014 100644 --- a/apache2/apache2_config.c +++ b/apache2/apache2_config.c @@ -867,7 +867,7 @@ static const char *cmd_response_body_mime_type(cmd_parms *cmd, void *_dcfg, cons dcfg->of_mime_types = apr_table_make(cmd->pool, 10); } - strtolower_inplace(p1); + strtolower_inplace((unsigned char *)p1); apr_table_setn(dcfg->of_mime_types, p1, "1"); return NULL; diff --git a/apache2/apache2_io.c b/apache2/apache2_io.c index ab130ceb..3221047a 100644 --- a/apache2/apache2_io.c +++ b/apache2/apache2_io.c @@ -308,7 +308,7 @@ static int output_filter_should_run(modsec_rec *msr, request_rec *r) { *p = '\0'; } - strtolower_inplace(content_type); + strtolower_inplace((unsigned char *)content_type); if (strcmp(content_type, "text/html") == 0) { /* Useful information to have should we later diff --git a/apache2/modsecurity.c b/apache2/modsecurity.c index a097210e..8ae49b6d 100644 --- a/apache2/modsecurity.c +++ b/apache2/modsecurity.c @@ -252,8 +252,10 @@ apr_status_t modsecurity_tx_init(modsec_rec *msr) { if (msr->query_string != NULL) { int invalid_count = 0; - if (parse_arguments(msr, msr->query_string, msr->txcfg->argument_separator, - "QUERY_STRING", msr->arguments, &invalid_count) < 0) { + if (parse_arguments(msr, msr->query_string, strlen(msr->query_string), + msr->txcfg->argument_separator, "QUERY_STRING", msr->arguments, + &invalid_count) < 0) + { msr_log(msr, 1, "Initialisation: Error occurred while parsing QUERY_STRING arguments."); return -1; } diff --git a/apache2/modsecurity.h b/apache2/modsecurity.h index 4d2c1511..4109443b 100644 --- a/apache2/modsecurity.h +++ b/apache2/modsecurity.h @@ -26,7 +26,7 @@ typedef struct msc_data_chunk msc_data_chunk; typedef struct msc_arg msc_arg; typedef struct msc_string msc_string; -#ifndef WIN32 +#if !(defined(WIN32) || defined(NETWARE)) #define DSOLOCAL __attribute__((visibility("hidden"))) #else #define DSOLOCAL @@ -50,7 +50,7 @@ typedef struct msc_string msc_string; #include "http_protocol.h" #define MODULE_NAME "ModSecurity" -#define MODULE_RELEASE "2.1.0" +#define MODULE_RELEASE "2.1.x" #define MODULE_NAME_FULL (MODULE_NAME " v" MODULE_RELEASE " (Apache 2.x)") #define PHASE_REQUEST_HEADERS 1 diff --git a/apache2/msc_multipart.c b/apache2/msc_multipart.c index 2b5b0946..a540ce46 100644 --- a/apache2/msc_multipart.c +++ b/apache2/msc_multipart.c @@ -291,7 +291,7 @@ static int multipart_process_part_header(modsec_rec *msr, char **error_msg) { */ static int multipart_process_part_data(modsec_rec *msr, char **error_msg) { char *p = msr->mpd->buf + (MULTIPART_BUF_SIZE - msr->mpd->bufleft) - 2; - char localreserve[2]; + char localreserve[2] = { '\0', '\0' }; /* initialized to quiet warning */ int bytes_reserved = 0; if (error_msg == NULL) return -1; diff --git a/apache2/msc_parsers.c b/apache2/msc_parsers.c index 3d2deff4..2922bf0b 100644 --- a/apache2/msc_parsers.c +++ b/apache2/msc_parsers.c @@ -199,19 +199,19 @@ int parse_cookies_v1(modsec_rec *msr, char *_cookie_header, apr_table_t *cookies /** * */ -int parse_arguments(modsec_rec *msr, const char *s, int argument_separator, const char *origin, +int parse_arguments(modsec_rec *msr, const char *s, apr_size_t inputlength, + int argument_separator, const char *origin, apr_table_t *arguments, int *invalid_count) { msc_arg *arg; - long inputlength, i, j; + apr_size_t i, j; char *value = NULL; char *buf; int status; if (s == NULL) return -1; - inputlength = strlen(s); if (inputlength == 0) return 1; - if (inputlength + 1 <= 0) return -1; + if (inputlength < 0) return -1; buf = (char *)malloc(inputlength + 1); if (buf == NULL) return -1; @@ -247,7 +247,7 @@ int parse_arguments(modsec_rec *msr, const char *s, int argument_separator, cons } if (status == 0) { - arg->name_len = urldecode_nonstrict_inplace_ex(buf, arg->name_origin_len, invalid_count); + arg->name_len = urldecode_nonstrict_inplace_ex((unsigned char *)buf, arg->name_origin_len, invalid_count); arg->name = apr_pstrmemdup(msr->mp, buf, arg->name_len); if (s[i] == argument_separator) { @@ -271,7 +271,7 @@ int parse_arguments(modsec_rec *msr, const char *s, int argument_separator, cons } } else { - arg->value_len = urldecode_nonstrict_inplace_ex(value, arg->value_origin_len, invalid_count); + arg->value_len = urldecode_nonstrict_inplace_ex((unsigned char *)value, arg->value_origin_len, invalid_count); arg->value = apr_pstrmemdup(msr->mp, value, arg->value_len); apr_table_addn(arguments, arg->name, (void *)arg); diff --git a/apache2/msc_parsers.h b/apache2/msc_parsers.h index 89a49875..ff7c0b8d 100644 --- a/apache2/msc_parsers.h +++ b/apache2/msc_parsers.h @@ -19,7 +19,7 @@ int DSOLOCAL parse_cookies_v0(modsec_rec *msr, char *_cookie_header, apr_table_t int DSOLOCAL parse_cookies_v1(modsec_rec *msr, char *_cookie_header, apr_table_t *cookies); -int DSOLOCAL parse_arguments(modsec_rec *msr, const char *s, int argument_separator, - const char *origin, apr_table_t *arguments, int *invalid_count); +int DSOLOCAL parse_arguments(modsec_rec *msr, const char *s, apr_size_t inputlength, + int argument_separator, const char *origin, apr_table_t *arguments, int *invalid_count); #endif diff --git a/apache2/msc_reqbody.c b/apache2/msc_reqbody.c index f60893e5..f0f40530 100644 --- a/apache2/msc_reqbody.c +++ b/apache2/msc_reqbody.c @@ -336,8 +336,8 @@ static apr_status_t modsecurity_request_body_end_urlencoded(modsec_rec *msr) { /* Parse URL-encoded arguments in the request body. */ - if (parse_arguments(msr, msr->msc_reqbody_buffer, msr->txcfg->argument_separator, - "BODY", msr->arguments, &invalid_count) < 0) + if (parse_arguments(msr, msr->msc_reqbody_buffer, msr->msc_reqbody_length, + msr->txcfg->argument_separator, "BODY", msr->arguments, &invalid_count) < 0) { msr_log(msr, 1, "Initialisation: Error occurred while parsing BODY arguments."); return -1; diff --git a/apache2/msc_util.c b/apache2/msc_util.c index 261745f8..e0c3e44d 100644 --- a/apache2/msc_util.c +++ b/apache2/msc_util.c @@ -410,7 +410,7 @@ char *strtolower_inplace(unsigned char *str) { c++; } - return str; + return (char *)str; } /** @@ -531,8 +531,8 @@ char *_log_escape(apr_pool_t *mp, const unsigned char *input, unsigned long int /** * */ -int urldecode_uni_nonstrict_inplace_ex(char *input, long int input_len) { - unsigned char *d = (unsigned char *)input; +int urldecode_uni_nonstrict_inplace_ex(unsigned char *input, long int input_len) { + unsigned char *d = input; long int i, count; if (input == NULL) return -1; @@ -635,7 +635,7 @@ int urldecode_uni_nonstrict_inplace_ex(char *input, long int input_len) { /** * */ -int urldecode_nonstrict_inplace_ex(char *input, long int input_len, int *invalid_count) { +int urldecode_nonstrict_inplace_ex(unsigned char *input, long int input_len, int *invalid_count) { unsigned char *d = (unsigned char *)input; long int i, count; @@ -666,11 +666,11 @@ int urldecode_nonstrict_inplace_ex(char *input, long int input_len, int *invalid *d++ = c2; count += 3; i += 3; - *invalid_count++; + (*invalid_count)++; /* parens quiet compiler warning */ } } else { /* Not enough bytes available, copy the raw bytes. */ - *invalid_count++; + (*invalid_count)++; /* parens quiet compiler warning */ *d++ = '%'; count++; @@ -736,7 +736,7 @@ int html_entities_decode_inplace(apr_pool_t *mp, unsigned char *input, int input while((j < input_len)&&(isxdigit(input[j]))) j++; if (j > k) { /* Do we have at least one digit? */ /* Decode the entity. */ - char *x = apr_pstrmemdup(mp, &input[k], j - k); + char *x = apr_pstrmemdup(mp, (const char*)&input[k], j - k); *d++ = (unsigned char)strtol(x, NULL, 16); count++; @@ -754,7 +754,7 @@ int html_entities_decode_inplace(apr_pool_t *mp, unsigned char *input, int input while((j < input_len)&&(isdigit(input[j]))) j++; if (j > k) { /* Do we have at least one digit? */ /* Decode the entity. */ - char *x = apr_pstrmemdup(mp, &input[k], j - k); + char *x = apr_pstrmemdup(mp, (const char*)&input[k], j - k); *d++ = (unsigned char)strtol(x, NULL, 10); count++; @@ -773,7 +773,7 @@ int html_entities_decode_inplace(apr_pool_t *mp, unsigned char *input, int input k = j; while((j < input_len)&&(isalnum(input[j]))) j++; if (j > k) { /* Do we have at least one digit? */ - char *x = apr_pstrmemdup(mp, &input[k], j - k); + char *x = apr_pstrmemdup(mp, (const char*)&input[k], j - k); /* Decode the entity. */ if (strcasecmp(x, "quot") == 0) *d++ = '"'; @@ -941,7 +941,7 @@ int normalise_path_inplace(unsigned char *input, int input_len, int win) { * purpose. */ if ((count >= 5)&&(*(d - 1) == '.')&&(*(d - 2) == '.')&&(*(d - 3) == '/')) { - char *cd = d - 4; + unsigned char *cd = d - 4; int ccount = count - 4; /* Go back until we reach the beginning or a forward slash. */ diff --git a/apache2/msc_util.h b/apache2/msc_util.h index a3e2ae76..9a969c70 100644 --- a/apache2/msc_util.h +++ b/apache2/msc_util.h @@ -64,9 +64,9 @@ char DSOLOCAL *log_escape_header_name(apr_pool_t *p, const char *text); char DSOLOCAL *_log_escape(apr_pool_t *p, const unsigned char *input, unsigned long int input_length, int escape_quotes, int escape_colon); -int DSOLOCAL urldecode_uni_nonstrict_inplace_ex(char *input, long int input_length); +int DSOLOCAL urldecode_uni_nonstrict_inplace_ex(unsigned char *input, long int input_length); -int DSOLOCAL urldecode_nonstrict_inplace_ex(char *input, long int input_length, int *invalid_count); +int DSOLOCAL urldecode_nonstrict_inplace_ex(unsigned char *input, long int input_length, int *invalid_count); int DSOLOCAL html_entities_decode_inplace(apr_pool_t *mp, unsigned char *input, int len); diff --git a/apache2/re.c b/apache2/re.c index dd2afb5f..8b5b7cc0 100644 --- a/apache2/re.c +++ b/apache2/re.c @@ -1391,7 +1391,7 @@ apr_status_t msre_rule_process(msre_rule *rule, modsec_rec *msr) { action = (msre_action *)telts[k].val; metadata = (msre_tfn_metadata *)action->param_data; - rc = metadata->execute(mptmp, (char *)var->value, var->value_len, + rc = metadata->execute(mptmp, (unsigned char *)var->value, var->value_len, &rval, &rval_length); if (rc < 0) { apr_pool_destroy(mptmp); diff --git a/apache2/re_actions.c b/apache2/re_actions.c index 460febc2..ed71a0c7 100644 --- a/apache2/re_actions.c +++ b/apache2/re_actions.c @@ -646,7 +646,7 @@ static apr_status_t msre_action_ctl_execute(modsec_rec *msr, apr_pool_t *mptmp, if (*s != c) { *d++ = *s++; } else { - *s++; + (*s)++; /* parens quiet compiler warning */ } } *d = '\0'; diff --git a/apache2/re_operators.c b/apache2/re_operators.c index 80284c4a..4e47bac8 100644 --- a/apache2/re_operators.c +++ b/apache2/re_operators.c @@ -261,7 +261,7 @@ static int msre_op_validateDTD_execute(modsec_rec *msr, msre_rule *rule, msre_va return -1; } - dtd = xmlParseDTD(NULL, rule->op_param); /* EHN support relative filenames */ + dtd = xmlParseDTD(NULL, (const xmlChar *)rule->op_param); /* EHN support relative filenames */ if (dtd == NULL) { *error_msg = apr_psprintf(msr->mp, "XML: Failed to load DTD: %s", rule->op_param); return -1; diff --git a/apache2/re_tfns.c b/apache2/re_tfns.c index 8bea8846..eaaebc01 100644 --- a/apache2/re_tfns.c +++ b/apache2/re_tfns.c @@ -229,7 +229,7 @@ static int msre_fn_urlDecodeUni_execute(apr_pool_t *mptmp, unsigned char *input, static int msre_fn_urlEncode_execute(apr_pool_t *mptmp, unsigned char *input, long int input_len, char **rval, long int *rval_len) { - *rval = url_encode(mptmp, input, input_len); + *rval = url_encode(mptmp, (char *)input, input_len); *rval_len = strlen(*rval); return (*rval_len == input_len ? 0 : 1); @@ -242,7 +242,7 @@ static int msre_fn_base64Encode_execute(apr_pool_t *mptmp, unsigned char *input, { *rval_len = apr_base64_encode_len(input_len); /* returns len with NULL byte included */ *rval = apr_palloc(mptmp, *rval_len); - apr_base64_encode(*rval, input, input_len); + apr_base64_encode(*rval, (const char *)input, input_len); (*rval_len)--; return 1; @@ -253,9 +253,9 @@ static int msre_fn_base64Encode_execute(apr_pool_t *mptmp, unsigned char *input, static int msre_fn_base64Decode_execute(apr_pool_t *mptmp, unsigned char *input, long int input_len, char **rval, long int *rval_len) { - *rval_len = apr_base64_decode_len(input); /* returns len with NULL byte included */ + *rval_len = apr_base64_decode_len((const char *)input); /* returns len with NULL byte included */ *rval = apr_palloc(mptmp, *rval_len); - apr_base64_decode(*rval, input); + apr_base64_decode(*rval, (const char *)input); (*rval_len)--; return 1; @@ -271,7 +271,7 @@ static int msre_fn_md5_execute(apr_pool_t *mptmp, unsigned char *input, apr_md5(digest, input, input_len); *rval_len = APR_MD5_DIGESTSIZE; - *rval = apr_pstrmemdup(mptmp, digest, APR_MD5_DIGESTSIZE); + *rval = apr_pstrmemdup(mptmp, (const char *)digest, APR_MD5_DIGESTSIZE); return 1; } @@ -285,11 +285,11 @@ static int msre_fn_sha1_execute(apr_pool_t *mptmp, unsigned char *input, apr_sha1_ctx_t context; apr_sha1_init(&context); - apr_sha1_update(&context, input, input_len); + apr_sha1_update(&context, (const char *)input, input_len); apr_sha1_final(digest, &context); *rval_len = APR_SHA1_DIGESTSIZE; - *rval = apr_pstrmemdup(mptmp, digest, APR_SHA1_DIGESTSIZE); + *rval = apr_pstrmemdup(mptmp, (const char *)digest, APR_SHA1_DIGESTSIZE); return 1; } @@ -300,7 +300,7 @@ static int msre_fn_hexDecode_execute(apr_pool_t *mptmp, unsigned char *input, long int input_len, char **rval, long int *rval_len) { *rval_len = hex2bytes_inplace(input, input_len); - *rval = input; + *rval = (char *)input; return 1; } @@ -322,7 +322,7 @@ static int msre_fn_htmlEntityDecode_execute(apr_pool_t *mptmp, unsigned char *in long int input_len, char **rval, long int *rval_len) { *rval_len = html_entities_decode_inplace(mptmp, input, input_len); - *rval = input; + *rval = (char *)input; return (*rval_len == input_len ? 0 : 1); } @@ -333,7 +333,7 @@ static int msre_fn_escapeSeqDecode_execute(apr_pool_t *mptmp, unsigned char *inp long int input_len, char **rval, long int *rval_len) { *rval_len = ansi_c_sequences_decode_inplace(input, input_len); - *rval = input; + *rval = (char *)input; return (*rval_len == input_len ? 0 : 1); } @@ -344,7 +344,7 @@ static int msre_fn_normalisePath_execute(apr_pool_t *mptmp, unsigned char *input long int input_len, char **rval, long int *rval_len) { *rval_len = normalise_path_inplace(input, input_len, 0); - *rval = input; + *rval = (char *)input; return (*rval_len == input_len ? 0 : 1); } @@ -355,7 +355,7 @@ static int msre_fn_normalisePathWin_execute(apr_pool_t *mptmp, unsigned char *in long int input_len, char **rval, long int *rval_len) { *rval_len = normalise_path_inplace(input, input_len, 1); - *rval = input; + *rval = (char *)input; return (*rval_len == input_len ? 0 : 1); } diff --git a/apache2/re_variables.c b/apache2/re_variables.c index a7cf29e2..9a9b85ad 100644 --- a/apache2/re_variables.c +++ b/apache2/re_variables.c @@ -370,7 +370,7 @@ static int var_xml_generate(modsec_rec *msr, msre_var *var, msre_rule *rule, /* Process the XPath expression. */ count = 0; - xpathExpr = var->param; + xpathExpr = (const xmlChar*)var->param; xpathCtx = xmlXPathNewContext(msr->xml->doc); if (xpathCtx == NULL) { @@ -392,7 +392,7 @@ static int var_xml_generate(modsec_rec *msr, msre_var *var, msre_rule *rule, if (parse_name_eq_value(mptmp, action->param, &prefix, &href) < 0) return -1; if ((prefix == NULL)||(href == NULL)) return -1; - if(xmlXPathRegisterNs(xpathCtx, prefix, href) != 0) { + if(xmlXPathRegisterNs(xpathCtx, (const xmlChar*)prefix, (const xmlChar*)href) != 0) { msr_log(msr, 1, "Failed to register XML namespace href \"%s\" prefix \"%s\".", log_escape(mptmp, prefix), log_escape(mptmp, href)); return -1; @@ -424,7 +424,7 @@ static int var_xml_generate(modsec_rec *msr, msre_var *var, msre_rule *rule, msre_var *rvar = NULL; char *content = NULL; - content = xmlNodeGetContent(nodes->nodeTab[i]); + content = (char *)xmlNodeGetContent(nodes->nodeTab[i]); if (content != NULL) { rvar = apr_pmemdup(mptmp, var, sizeof(msre_var)); rvar->value = apr_pstrdup(mptmp, content); @@ -1359,14 +1359,7 @@ static int var_request_headers_names_generate(modsec_rec *msr, msre_var *var, ms static int var_request_filename_generate(modsec_rec *msr, msre_var *var, msre_rule *rule, apr_table_t *vartab, apr_pool_t *mptmp) { - char *value = msr->r->parsed_uri.path; - - if (value != NULL) { - int invalid_count = 0; - urldecode_nonstrict_inplace_ex(value, strlen(value), &invalid_count); - } - - return var_simple_generate(var, vartab, mptmp, value); + return var_simple_generate(var, vartab, mptmp, msr->r->parsed_uri.path); } /* REQUEST_LINE */