From 246ed9cbc554db706df8c4618f1ba1d97b0e6e90 Mon Sep 17 00:00:00 2001
From: brectanus <brectanus@9017d574-64ec-4062-9424-5e00b32a252b>
Date: Thu, 20 Dec 2007 19:19:34 +0000
Subject: [PATCH] Make sure a zero-length CC# does not verify.

---
 apache2/re_operators.c | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/apache2/re_operators.c b/apache2/re_operators.c
index fd500d38..92c4d790 100644
--- a/apache2/re_operators.c
+++ b/apache2/re_operators.c
@@ -933,6 +933,7 @@ static int msre_op_validateSchema_execute(modsec_rec *msr, msre_rule *rule, msre
 static int luhn_verify(const char *ccnumber, int len) {
     int sum[2] = { 0, 0 };
     int odd = 0;
+    int digits = 0;
     int i;
 
     /* Weighted lookup table which is just a precalculated (i = index):
@@ -948,9 +949,13 @@ static int luhn_verify(const char *ccnumber, int len) {
             sum[0] += (!odd ? wtable[ccnumber[i] - '0'] : (ccnumber[i] - '0'));
             sum[1] += (odd ? wtable[ccnumber[i] - '0'] : (ccnumber[i] - '0'));
             odd = 1 - odd; /* alternate weights */
+            digits++;
         }
     }
 
+    /* No digits extracted */
+    if (digits == 0) return 0;
+
     /* Do a mod 10 on the sum */
     sum[odd] %= 10;