Fix the SecUnicodeMapFile and SecUnicodeCodePage

CHANGES

@@ -1,6 +1,8 @@
 v3.0.3 - YYYY-MMM-DD (to be released)
 -------------------------------------
 
+ - Fix the SecUnicodeMapFile and SecUnicodeCodePage
+   [xxxx - @zimmerle]
  - Changes the timing to save the rule message
    [0xca270 - @zimmerle]
  - Fix crash in msc_rules_add_file() when using disruptive action in chain

headers/modsecurity/rules_properties.h

@@ -82,9 +82,10 @@ class ConfigSet {
 
 class ConfigUnicodeMap {
  public:
-    ConfigUnicodeMap() : m_set(false), m_unicode_map_table(NULL) { }
+    ConfigUnicodeMap() : m_set(false), m_unicode_map_table(NULL), m_unicode_codepage(0) { }
     bool m_set;
     int *m_unicode_map_table;
+    unsigned long int m_unicode_codepage;
 };
 
 class RulesProperties {
@@ -352,6 +353,8 @@ class RulesProperties {
         if (from->m_unicodeMapTable.m_set == true) {
             to->m_unicodeMapTable.m_unicode_map_table = \
                 from->m_unicodeMapTable.m_unicode_map_table;
+            to->m_unicodeMapTable.m_unicode_codepage = \
+                from->m_unicodeMapTable.m_unicode_codepage;
             to->m_unicodeMapTable.m_set = true;
         }
 

src/parser/location.hh

@@ -1,4 +1,4 @@
-// A Bison parser, made by GNU Bison 3.0.5.
+// A Bison parser, made by GNU Bison 3.1.
 
 // Locations for Bison parsers in C++
 
@@ -42,7 +42,7 @@
 
 
 namespace yy {
-#line 46 "location.hh" // location.cc:292
+#line 46 "location.hh" // location.cc:290
   /// Abstract a location.
   class location
   {
@@ -167,7 +167,7 @@ namespace yy {
    ** Avoid duplicate information.
    */
   template <typename YYChar>
-  inline std::basic_ostream<YYChar>&
+  std::basic_ostream<YYChar>&
   operator<< (std::basic_ostream<YYChar>& ostr, const location& loc)
   {
     unsigned end_col = 0 < loc.end.column ? loc.end.column - 1 : 0;
@@ -185,5 +185,5 @@ namespace yy {
 
 
 } // yy
-#line 189 "location.hh" // location.cc:292
+#line 189 "location.hh" // location.cc:290
 #endif // !YY_YY_LOCATION_HH_INCLUDED

src/parser/position.hh

@@ -1,4 +1,4 @@
-// A Bison parser, made by GNU Bison 3.0.5.
+// A Bison parser, made by GNU Bison 3.1.
 
 // Positions for Bison parsers in C++
 
@@ -52,7 +52,7 @@
 
 
 namespace yy {
-#line 56 "position.hh" // location.cc:292
+#line 56 "position.hh" // location.cc:290
   /// Abstract a position.
   class position
   {
@@ -104,12 +104,10 @@ namespace yy {
     unsigned column;
 
   private:
-    /// Compute max(min, lhs+rhs) (provided min <= lhs).
-    static unsigned add_ (unsigned lhs, int rhs, unsigned min)
+    /// Compute max(min, lhs+rhs).
+    static unsigned add_ (unsigned lhs, int rhs, int min)
     {
-      return (0 < rhs || -static_cast<unsigned>(rhs) < lhs
-              ? rhs + lhs
-              : min);
+      return static_cast<unsigned>(std::max(min, static_cast<int>(lhs) + rhs));
     }
   };
 
@@ -165,7 +163,7 @@ namespace yy {
    ** \param pos a reference to the position to redirect
    */
   template <typename YYChar>
-  inline std::basic_ostream<YYChar>&
+  std::basic_ostream<YYChar>&
   operator<< (std::basic_ostream<YYChar>& ostr, const position& pos)
   {
     if (pos.filename)
@@ -175,5 +173,5 @@ namespace yy {
 
 
 } // yy
-#line 179 "position.hh" // location.cc:292
+#line 177 "position.hh" // location.cc:290
 #endif // !YY_YY_POSITION_HH_INCLUDED

src/parser/seclang-parser.yy

@@ -345,6 +345,7 @@ using modsecurity::operators::Operator;
     std::unique_ptr<Variable> c(b); \
     a = std::move(c);
 
+#define CODEPAGE_SEPARATORS  " \t\n\r"
 
 }
 // The parsing context.
@@ -652,6 +653,7 @@ using modsecurity::operators::Operator;
   CONFIG_DIR_SEC_DEFAULT_ACTION                "CONFIG_DIR_SEC_DEFAULT_ACTION"
   CONFIG_DIR_SEC_MARKER                        "CONFIG_DIR_SEC_MARKER"
   CONFIG_DIR_UNICODE_MAP_FILE                  "CONFIG_DIR_UNICODE_MAP_FILE"
+  CONFIG_DIR_UNICODE_CODE_PAGE                 "CONFIG_DIR_UNICODE_CODE_PAGE"
   CONFIG_SEC_COLLECTION_TIMEOUT                "CONFIG_SEC_COLLECTION_TIMEOUT"
   CONFIG_SEC_HTTP_BLKEY                        "CONFIG_SEC_HTTP_BLKEY"
   CONFIG_SEC_INTERCEPT_ON_ERROR                "CONFIG_SEC_INTERCEPT_ON_ERROR"
@@ -1706,11 +1708,103 @@ expression:
         driver.error(@0, "SecStatusEngine is not yet supported.");
         YYERROR;
 */
+    | CONFIG_DIR_UNICODE_CODE_PAGE
+      {
+        long val;
+
+        val = atol($1.c_str());
+        if (val <= 0) {
+            std::stringstream ss;
+            ss << "Invalid setting for SecUnicodeCodePage: " << $1 << " ";
+            driver.error(@0, ss.str());
+            YYERROR;
+        }
+
+        driver.m_unicodeMapTable.m_unicode_codepage = val;
+
+      }
     | CONFIG_DIR_UNICODE_MAP_FILE
-/* Parser error disabled to avoid breaking default installations with modsecurity.conf-recommended
-        driver.error(@0, "SecUnicodeMapFile is not yet supported. utils::string::x2c");
-        YYERROR;
-*/
+      {
+        std::string err;
+        char *buf = NULL, *p = NULL, *savedptr = NULL;
+        int found = 0;
+        int code = 0;
+        unsigned int codepage = 0;
+        int Map = 0;
+        char *ucode = NULL, *hmap = NULL;
+        int processing = 0;
+
+        std::string file = modsecurity::utils::find_resource($1,
+            driver.ref.back(), &err);
+        if (file.empty()) {
+            std::stringstream ss;
+            ss << "Failed to load locate the unicode map file from: " << $1 << " ";
+            ss << err;
+            driver.error(@0, ss.str());
+            YYERROR;
+        }
+
+        driver.m_unicodeMapTable.m_set = true;
+        driver.m_unicodeMapTable.m_unicode_map_table = static_cast<int *>(malloc(sizeof(int) * 65536));
+
+        // FIXME: that deservers to have its own file. Too much code to be here.
+
+        if (driver.m_unicodeMapTable.m_unicode_map_table  == NULL) {
+            std::stringstream ss;
+            ss << "Failed to allocate memory for the unicode map file - " << $1 << " ";
+            ss << err;
+            driver.error(@0, ss.str());
+            YYERROR;
+        }
+
+        memset(driver.m_unicodeMapTable.m_unicode_map_table, -1, (sizeof(int)*65536));
+
+        /* Setting some unicode values - http://tools.ietf.org/html/rfc3490#section-3.1 */
+
+        /* Set 0x3002 -> 0x2e */
+        driver.m_unicodeMapTable.m_unicode_map_table[0x3002] = 0x2e;
+        /* Set 0xFF61 -> 0x2e */
+        driver.m_unicodeMapTable.m_unicode_map_table[0xff61] = 0x2e;
+        /* Set 0xFF0E -> 0x2e */
+        driver.m_unicodeMapTable.m_unicode_map_table[0xff0e] = 0x2e;
+        /* Set 0x002E -> 0x2e */
+        driver.m_unicodeMapTable.m_unicode_map_table[0x002e] = 0x2e;
+
+        p = strtok_r(buf, CODEPAGE_SEPARATORS, &savedptr);
+
+        while (p != NULL)   {
+            codepage = atol(p);
+
+            if (codepage == driver.m_unicodeMapTable.m_unicode_codepage)   {
+                found = 1;
+            }
+
+            if (found == 1 && (strchr(p,':') != NULL))   {
+                char *mapping = strdup(p);
+                processing = 1;
+
+                if (mapping != NULL) {
+                    ucode = strtok_r(mapping, ":", &hmap);
+                    sscanf(ucode, "%x", &code);
+                    sscanf(hmap, "%x", &Map);
+                    if (code >= 0 && code <= 65535)    {
+                        driver.m_unicodeMapTable.m_unicode_map_table[code] = Map;
+                    }
+
+                    free(mapping);
+                    mapping = NULL;
+                }
+            }
+
+            if (processing == 1 && (strchr(p,':') == NULL)) {
+                free(buf);
+                buf = NULL;
+                break;
+            }
+
+            p = strtok_r(NULL,CODEPAGE_SEPARATORS,&savedptr);
+        }
+      }
     | CONFIG_SEC_COLLECTION_TIMEOUT
       {
 /* Parser error disabled to avoid breaking default CRS installations with crs-setup.conf-recommended

src/parser/seclang-scanner.ll

@@ -372,6 +372,7 @@ CONFIG_DIR_SEC_DEFAULT_ACTION           (?i:SecDefaultAction)
 CONFIG_SEC_DISABLE_BACKEND_COMPRESS     (?i:SecDisableBackendCompression)
 CONFIG_DIR_SEC_MARKER                   (?i:SecMarker)
 CONFIG_DIR_UNICODE_MAP_FILE             (?i:SecUnicodeMapFile)
+CONFIG_DIR_UNICODE_CODE_PAGE            (?i:SecUnicodeCodePage)
 CONFIG_INCLUDE                          (?i:Include)
 CONFIG_SEC_COLLECTION_TIMEOUT           (?i:SecCollectionTimeout)
 CONFIG_SEC_HTTP_BLKEY                   (?i:SecHttpBlKey)
@@ -774,6 +775,7 @@ EQUALS_MINUS                            (?i:=\-)
 {CONFIG_DIR_SEC_MARKER}[ \t]+["]{NEW_LINE_FREE_TEXT}["]                 { return p::make_CONFIG_DIR_SEC_MARKER(strchr(yytext, ' ') + 1, *driver.loc.back()); }
 {CONFIG_DIR_SEC_MARKER}[ \t]+{NEW_LINE_FREE_TEXT}                       { return p::make_CONFIG_DIR_SEC_MARKER(strchr(yytext, ' ') + 1, *driver.loc.back()); }
 {CONFIG_DIR_UNICODE_MAP_FILE}[ ]{FREE_TEXT_NEW_LINE}                    { return p::make_CONFIG_DIR_UNICODE_MAP_FILE(strchr(yytext, ' ') + 1, *driver.loc.back()); }
+{CONFIG_DIR_UNICODE_CODE_PAGE}[ ]{FREE_TEXT_NEW_LINE}               { return p::make_CONFIG_DIR_UNICODE_CODE_PAGE(strchr(yytext, ' ') + 1, *driver.loc.back()); }
 {CONFIG_SEC_REMOVE_RULES_BY_ID}[ ]+{FREE_TEXT_NEW_LINE}                 { return p::make_CONFIG_SEC_RULE_REMOVE_BY_ID(parserSanitizer(strchr(yytext, ' ') + 1), *driver.loc.back()); }
 {CONFIG_SEC_REMOVE_RULES_BY_MSG}[ \t]+{FREE_TEXT_NEW_LINE}              { return p::make_CONFIG_SEC_RULE_REMOVE_BY_MSG(parserSanitizer(strchr(yytext, ' ') + 1), *driver.loc.back()); }
 {CONFIG_SEC_REMOVE_RULES_BY_MSG}[ \t]+["]{FREE_TEXT_NEW_LINE}["]        { return p::make_CONFIG_SEC_RULE_REMOVE_BY_MSG(parserSanitizer(strchr(yytext, ' ') + 1), *driver.loc.back()); }

src/parser/stack.hh

@@ -1,4 +1,4 @@
-// A Bison parser, made by GNU Bison 3.0.5.
+// A Bison parser, made by GNU Bison 3.1.
 
 // Stack handling for Bison parsers in C++
 
@@ -42,7 +42,7 @@
 
 
 namespace yy {
-#line 46 "stack.hh" // stack.hh:131
+#line 46 "stack.hh" // stack.hh:132
   /// A stack with random access from its top.
   template <class T, class S = std::vector<T> >
   class stack
@@ -51,14 +51,14 @@ namespace yy {
     // Hide our reversed order.
     typedef typename S::reverse_iterator iterator;
     typedef typename S::const_reverse_iterator const_iterator;
+    typedef typename S::size_type size_type;
 
     stack ()
-      : seq_ ()
     {
       seq_.reserve (200);
     }
 
-    stack (unsigned n)
+    stack (size_type n)
       : seq_ (n)
     {}
 
@@ -66,7 +66,7 @@ namespace yy {
     ///
     /// Index 0 returns the topmost element.
     T&
-    operator[] (unsigned i)
+    operator[] (size_type i)
     {
       return seq_[seq_.size () - 1 - i];
     }
@@ -75,7 +75,7 @@ namespace yy {
     ///
     /// Index 0 returns the topmost element.
     const T&
-    operator[] (unsigned i) const
+    operator[] (size_type i) const
     {
       return seq_[seq_.size () - 1 - i];
     }
@@ -91,7 +91,7 @@ namespace yy {
     }
 
     void
-    pop (unsigned n = 1)
+    pop (size_type n = 1)
     {
       for (; n; --n)
         seq_.pop_back ();
@@ -103,7 +103,7 @@ namespace yy {
       seq_.clear ();
     }
 
-    typename S::size_type
+    size_type
     size () const
     {
       return seq_.size ();
@@ -133,24 +133,25 @@ namespace yy {
   class slice
   {
   public:
-    slice (const S& stack, unsigned range)
+    typedef typename S::size_type size_type;
+    slice (const S& stack, size_type range)
       : stack_ (stack)
       , range_ (range)
     {}
 
     const T&
-    operator [] (unsigned i) const
+    operator[] (size_type i) const
     {
       return stack_[range_ - i];
     }
 
   private:
     const S& stack_;
-    unsigned range_;
+    size_type range_;
   };
 
 
 } // yy
-#line 155 "stack.hh" // stack.hh:131
+#line 156 "stack.hh" // stack.hh:132
 
 #endif // !YY_YY_STACK_HH_INCLUDED