From 1ad95254cd8caec4a0af83d01844fc3cc65f3ce7 Mon Sep 17 00:00:00 2001
From: Felipe Zimmerle <fcosta@trustwave.com>
Date: Wed, 11 Oct 2017 12:37:13 -0300
Subject: [PATCH] Avoids unicode initialization on every rules block

ModSecurity-nginx/#67
ModSecurity/#1563
---
 CHANGES                                       |  3 +++
 headers/modsecurity/rules.h                   | 16 ++++------------
 headers/modsecurity/rules_properties.h        | 14 ++++++++++++++
 src/actions/transformations/url_decode_uni.cc |  5 +++--
 src/rules.cc                                  |  6 ------
 5 files changed, 24 insertions(+), 20 deletions(-)

diff --git a/CHANGES b/CHANGES
index 67bcf946..055fc0e9 100644
--- a/CHANGES
+++ b/CHANGES
@@ -2,6 +2,9 @@
 v3.0.????? - ?
 ---------------------------
 
+ - Avoids unicode initialization on every rules object
+   [Issue #1563 - @zimmerle, @Tiki-God, @sethinsd, @Cloaked9000, @AnoopAlias,
+                  @intelbg]
  - Makes clear to the user whenever the audit log is empty due to missing
    JSON support.
    [Issue #1585 - @zimmerle]
diff --git a/headers/modsecurity/rules.h b/headers/modsecurity/rules.h
index d460a074..ea2596cd 100644
--- a/headers/modsecurity/rules.h
+++ b/headers/modsecurity/rules.h
@@ -40,6 +40,7 @@ namespace Parser {
 class Driver;
 }
 
+
 /** @ingroup ModSecurity_CPP_API */
 class Rules : public RulesProperties {
  public:
@@ -47,23 +48,15 @@ class Rules : public RulesProperties {
         : RulesProperties(new DebugLog()),
         unicode_codepage(0),
         m_referenceCount(0),
-        m_secmarker_skipped(0) {
-            unicode_map_table = reinterpret_cast<int *>(
-                malloc(sizeof(int)*65536));
-            memset(unicode_map_table, -1, (sizeof(int)*65536));
-        }
+        m_secmarker_skipped(0) { }
 
     explicit Rules(DebugLog *customLog)
         : RulesProperties(customLog),
         unicode_codepage(0),
         m_referenceCount(0),
-        m_secmarker_skipped(0) {
-            unicode_map_table = reinterpret_cast<int *>(
-                malloc(sizeof(int)*65536));
-            memset(unicode_map_table, -1, (sizeof(int)*65536));
-        }
+        m_secmarker_skipped(0) { }
 
-    ~Rules();
+    ~Rules() { }
 
     void incrementReferenceCount(void);
     void decrementReferenceCount(void);
@@ -83,7 +76,6 @@ class Rules : public RulesProperties {
 
     void debug(int level, std::string message);
 
-    int *unicode_map_table;
     int64_t unicode_codepage;
 
  private:
diff --git a/headers/modsecurity/rules_properties.h b/headers/modsecurity/rules_properties.h
index 5871f578..8d3ef8f9 100644
--- a/headers/modsecurity/rules_properties.h
+++ b/headers/modsecurity/rules_properties.h
@@ -79,6 +79,14 @@ class ConfigSet {
     std::set<std::string> m_value;
 };
 
+
+class ConfigUnicodeMap {
+ public:
+    ConfigUnicodeMap() : m_set(false), m_unicode_map_table(NULL) { }
+    bool m_set;
+    int *m_unicode_map_table;
+};
+
 class RulesProperties {
  public:
     RulesProperties() :
@@ -332,6 +340,11 @@ class RulesProperties {
                 from->m_secArgumentSeparator.m_value;
         }
 
+        if (from->m_unicodeMapTable.m_set == true) {
+            to->m_unicodeMapTable.m_unicode_map_table = \
+                from->m_unicodeMapTable.m_unicode_map_table;
+        }
+
         if (from->m_httpblKey.m_set == true) {
             to->m_httpblKey.m_value = from->m_httpblKey.m_value;
             to->m_httpblKey.m_set = from->m_httpblKey.m_set;
@@ -469,6 +482,7 @@ class RulesProperties {
     ConfigString m_secArgumentSeparator;
     std::vector<actions::Action *> m_defaultActions[8];
     std::vector<modsecurity::Rule *> m_rules[8];
+    ConfigUnicodeMap m_unicodeMapTable;
 };
 
 #endif
diff --git a/src/actions/transformations/url_decode_uni.cc b/src/actions/transformations/url_decode_uni.cc
index 83a1d6d3..894eaf6c 100644
--- a/src/actions/transformations/url_decode_uni.cc
+++ b/src/actions/transformations/url_decode_uni.cc
@@ -87,7 +87,8 @@ int UrlDecodeUni::inplace(unsigned char *input, uint64_t input_len,
                         fact = 1;
 
                         if (transaction
-                            && transaction->m_rules->unicode_map_table != NULL
+                            && transaction->m_rules->m_unicodeMapTable.m_set == true
+                            && transaction->m_rules->m_unicodeMapTable.m_unicode_map_table != NULL
                             && transaction->m_rules->unicode_codepage > 0)  {
                             for (j = 5; j >= 2; j--) {
                                 if (isxdigit((input[i+j]))) {
@@ -105,7 +106,7 @@ int UrlDecodeUni::inplace(unsigned char *input, uint64_t input_len,
 
                             if (Code >= 0 && Code <= 65535)  {
                                 Rules *r = transaction->m_rules;
-                                hmap = r->unicode_map_table[Code];
+                                hmap = r->m_unicodeMapTable.m_unicode_map_table[Code];
                             }
                         }
 
diff --git a/src/rules.cc b/src/rules.cc
index 293a8d33..f0201df3 100644
--- a/src/rules.cc
+++ b/src/rules.cc
@@ -77,12 +77,6 @@ void Rules::decrementReferenceCount(void) {
 }
 
 
-Rules::~Rules() {
-    free(unicode_map_table);
-    unicode_map_table = NULL;
-}
-
-
 /**
  * @name    loadFromUri
  * @brief   load rules from a give uri