github_mirrors/ModSecurity
3
0
Fork 1
mirror of https://github.com/owasp-modsecurity/ModSecurity.git synced 2025-08-16 16:06:12 +03:00
Code Issues Packages Projects Releases Wiki Activity

Update string match text for @within to not include the target test.

Browse Source 
Make sure the empty string always matches (it does in @rx and @m so it should in other string operators).
This commit is contained in:
brectanus 2008-02-08 00:04:09 +00:00
parent 827a5831e2
commit 16b2821d51
1 changed files with 20 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

28
apache2/re_operators.c
View File

@ -412,8 +412,7 @@ static int msre_op_within_execute(modsec_rec *msr, msre_rule *rule, msre_var *va
/* The empty string always matches */ /* The empty string always matches */
if (target_length == 0) { if (target_length == 0) {
/* Match. */ /* Match. */
*error_msg = apr_psprintf(msr->mp, "String match \"\" within \"%s\" at %s.", *error_msg = apr_psprintf(msr->mp, "String match within \"\" at %s.",
log_escape_ex(msr->mp, match, match_length),
var->name); var->name);
return 1; return 1;
} }
@ -433,8 +432,7 @@ static int msre_op_within_execute(modsec_rec *msr, msre_rule *rule, msre_var *va
if (match[i] == target[0]) { if (match[i] == target[0]) {
if (memcmp((target + 1), (match + i + 1), (target_length - 1)) == 0) { if (memcmp((target + 1), (match + i + 1), (target_length - 1)) == 0) {
/* match. */ /* match. */
*error_msg = apr_psprintf(msr->mp, "String match \"%s\" within \"%s\" at %s.", *error_msg = apr_psprintf(msr->mp, "String match within \"%s\" at %s.",
log_escape_ex(msr->mp, target, target_length),
log_escape_ex(msr->mp, match, match_length), log_escape_ex(msr->mp, match, match_length),
var->name); var->name);
return 1; return 1;
@ -708,8 +706,15 @@ static int msre_op_beginsWith_execute(modsec_rec *msr, msre_rule *rule, msre_var
target_length = var->value_len; target_length = var->value_len;
} }
/* These are impossible to match */ /* The empty string always matches */
if ((match_length == 0) || (match_length > target_length)) { if (match_length == 0) {
/* Match. */
*error_msg = apr_psprintf(msr->mp, "String match \"\" at %s.", var->name);
return 1;
}
/* This is impossible to match */
if (match_length > target_length) {
/* No match. */ /* No match. */
return 0; return 0;
} }
@ -763,8 +768,15 @@ static int msre_op_endsWith_execute(modsec_rec *msr, msre_rule *rule, msre_var *
target_length = var->value_len; target_length = var->value_len;
} }
/* These are impossible to match */ /* The empty string always matches */
if ((match_length == 0) || (match_length > target_length)) { if (match_length == 0) {
/* Match. */
*error_msg = apr_psprintf(msr->mp, "String match \"\" at %s.", var->name);
return 1;
}
/* This is impossible to match */
if (match_length > target_length) {
/* No match. */ /* No match. */
return 0; return 0;
} }