github_mirrors/ModSecurity
3
0
Fork 1
mirror of https://github.com/owasp-modsecurity/ModSecurity.git synced 2026-01-13 06:57:10 +03:00
Code Issues Packages Projects Releases Wiki Activity

Truncate long parameters in log message (MODSEC-39).

Browse Source
This commit is contained in:
b1v1r
2009-05-21 06:19:36 +00:00
parent c13980062e
commit 13a6b73f80
2 changed files with 11 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
CHANGES
View File

@@ -1,6 +1,9 @@
20 May 2009 - 2.5.10-dev 20 May 2009 - 2.5.10-dev
------------------------ ------------------------
* Truncate long parameters in log message for "Match of ... against ...
required" messages.
* Correctly resolve chained rule actions in logs. * Correctly resolve chained rule actions in logs.
* Cleanup some code for portability. * Cleanup some code for portability.

9
apache2/re.c
View File

@@ -1762,9 +1762,16 @@ static int execute_operator(msre_var *var, msre_rule *rule, modsec_rec *msr,
else { else {
/* Match. */ /* Match. */
if (rc == 0) { if (rc == 0) {
char *op_param = log_escape(msr->mp, rule->op_param);
/* Truncate op parameter. */
if (strlen(op_param) > 252) {
op_param = apr_psprintf(msr->mp, "%.252s ...", op_param);
}
/* Operator did not match so we need to provide a message. */ /* Operator did not match so we need to provide a message. */
my_error_msg = apr_psprintf(msr->mp, "Match of \"%s %s\" against \"%s\" required.", my_error_msg = apr_psprintf(msr->mp, "Match of \"%s %s\" against \"%s\" required.",
log_escape(msr->mp, rule->op_name), log_escape(msr->mp, rule->op_param), log_escape(msr->mp, rule->op_name), op_param,
log_escape(msr->mp, full_varname)); log_escape(msr->mp, full_varname));
} }