github_mirrors/ModSecurity
3
0
Fork 1
mirror of https://github.com/owasp-modsecurity/ModSecurity.git synced 2025-08-15 23:55:03 +03:00
Code Issues Packages Projects Releases Wiki Activity

Adds a sanity check before use ctl:ruleRemove(TargetById|TargetByMsg)

Browse Source 
This commit closes the issue #2033.
This commit is contained in:
studersi 2019-10-23 15:01:10 +02:00 committed by Felipe Zimmerle
parent 176276a931
commit 12cefbd70f
2 changed files with 14 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
CHANGES
View File

@ -1,6 +1,8 @@
DD mmm YYYY - 2.9.x (to be released) DD mmm YYYY - 2.9.x (to be released)
------------------------------------ ------------------------------------
* Adds a sanity check before use ctl:ruleRemoveTargetById and ctl:ruleRemoveTargetByMsg.
[Issue #2033 - @studersi]
* Fix the order of error_msg validation * Fix the order of error_msg validation
[Issue #2128 - @marcstern, @zimmerle] [Issue #2128 - @marcstern, @zimmerle]
* Added missing Geo Countries * Added missing Geo Countries

15
apache2/re_actions.c
View File

@ -1235,6 +1235,11 @@ static apr_status_t msre_action_ctl_execute(modsec_rec *msr, apr_pool_t *mptmp,
if (msr->txcfg->debuglog_level >= 4) { if (msr->txcfg->debuglog_level >= 4) {
msr_log(msr, 4, "Ctl: ruleRemoveTargetById id=%s targets=%s", p1, p2); msr_log(msr, 4, "Ctl: ruleRemoveTargetById id=%s targets=%s", p1, p2);
} }
if (p2 == NULL) {
msr_log(msr, 1, "ModSecurity: Missing target for id \"%s\"", p1);
return -1;
}
re = apr_pcalloc(msr->mp, sizeof(rule_exception)); re = apr_pcalloc(msr->mp, sizeof(rule_exception));
re->type = RULE_EXCEPTION_REMOVE_ID; re->type = RULE_EXCEPTION_REMOVE_ID;
re->param = (const char *)apr_pstrdup(msr->mp, p1); re->param = (const char *)apr_pstrdup(msr->mp, p1);
@ -1253,10 +1258,10 @@ static apr_status_t msre_action_ctl_execute(modsec_rec *msr, apr_pool_t *mptmp,
if (msr->txcfg->debuglog_level >= 4) { if (msr->txcfg->debuglog_level >= 4) {
msr_log(msr, 4, "Ctl: ruleRemoveTargetByTag tag=%s targets=%s", p1, p2); msr_log(msr, 4, "Ctl: ruleRemoveTargetByTag tag=%s targets=%s", p1, p2);
} }
if (p2 == NULL) { if (p2 == NULL) {
msr_log(msr, 1, "ModSecurity: Missing target for tag \"%s\"", p1); msr_log(msr, 1, "ModSecurity: Missing target for tag \"%s\"", p1);
return -1; return -1;
} }
re = apr_pcalloc(msr->mp, sizeof(rule_exception)); re = apr_pcalloc(msr->mp, sizeof(rule_exception));
re->type = RULE_EXCEPTION_REMOVE_TAG; re->type = RULE_EXCEPTION_REMOVE_TAG;
@ -1281,6 +1286,10 @@ static apr_status_t msre_action_ctl_execute(modsec_rec *msr, apr_pool_t *mptmp,
if (msr->txcfg->debuglog_level >= 4) { if (msr->txcfg->debuglog_level >= 4) {
msr_log(msr, 4, "Ctl: ruleRemoveTargetByMsg msg=%s targets=%s", p1, p2); msr_log(msr, 4, "Ctl: ruleRemoveTargetByMsg msg=%s targets=%s", p1, p2);
} }
if (p2 == NULL) {
msr_log(msr, 1, "ModSecurity: Missing target for msg \"%s\"", p1);
return -1;
}
re = apr_pcalloc(msr->mp, sizeof(rule_exception)); re = apr_pcalloc(msr->mp, sizeof(rule_exception));
re->type = RULE_EXCEPTION_REMOVE_MSG; re->type = RULE_EXCEPTION_REMOVE_MSG;