github_mirrors/ModSecurity
3
0
Fork 1
mirror of https://github.com/owasp-modsecurity/ModSecurity.git synced 2025-08-14 05:45:59 +03:00
Code Issues Packages Projects Releases Wiki Activity

Make sure a zero-length CC# does not verify.

Browse Source
This commit is contained in:
brectanus 2007-12-20 19:19:34 +00:00
parent 59685455d9
commit 246ed9cbc5
1 changed files with 5 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
apache2/re_operators.c
View File

@ -933,6 +933,7 @@ static int msre_op_validateSchema_execute(modsec_rec *msr, msre_rule *rule, msre
static int luhn_verify(const char *ccnumber, int len) {
int sum[2] = { 0, 0 };
int odd = 0;
int digits = 0;
int i;
/* Weighted lookup table which is just a precalculated (i = index):
@ -948,9 +949,13 @@ static int luhn_verify(const char *ccnumber, int len) {
sum[0] += (!odd ? wtable[ccnumber[i] - '0'] : (ccnumber[i] - '0'));
sum[1] += (odd ? wtable[ccnumber[i] - '0'] : (ccnumber[i] - '0'));
odd = 1 - odd; /* alternate weights */
digits++;
}
}
/* No digits extracted */
if (digits == 0) return 0;
/* Do a mod 10 on the sum */
sum[odd] %= 10;