github_mirrors/ModSecurity
3
0
Fork 1
mirror of https://github.com/owasp-modsecurity/ModSecurity.git synced 2025-08-14 05:45:59 +03:00
Code Issues Packages Projects Releases Wiki Activity

Fix: possible segfault on reload if duplicate ip+CIDR in ip match list

Browse Source
This commit is contained in:
Martin Vierula 2023-04-10 13:33:17 -07:00
parent 49281b6c0a
commit 264dd48317
2 changed files with 12 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
CHANGES
View File

@ -1,6 +1,8 @@
v3.x.y - YYYY-MMM-DD (to be released) v3.x.y - YYYY-MMM-DD (to be released)
------------------------------------- -------------------------------------
- Fix: possible segfault on reload if duplicate ip+CIDR in ip match list
[Issue #2877, #2890 - @tomsommer, @martinhsv]
- Add some member variable inits in Transaction class - Add some member variable inits in Transaction class
[Issue #2886 - @GNU-Plus-Windows-User, @airween, @mdounin, @martinhsv] [Issue #2886 - @GNU-Plus-Windows-User, @airween, @mdounin, @martinhsv]
- Resolve memory leak on reload (bison-generated variable) - Resolve memory leak on reload (bison-generated variable)

17
src/utils/msc_tree.cc
View File

@ -259,6 +259,7 @@ int InsertNetmask(TreeNode *node, TreeNode *parent, TreeNode *new_node,
node->count++; node->count++;
node->netmasks = reinterpret_cast<unsigned char *>(malloc(node->count * sizeof(unsigned char))); node->netmasks = reinterpret_cast<unsigned char *>(malloc(node->count * sizeof(unsigned char)));
memset(node->netmasks, 0, (node->count * sizeof(unsigned char)));
if(node->netmasks == NULL) if(node->netmasks == NULL)
return 0; return 0;
@ -410,6 +411,7 @@ TreeNode *CPTAddElement(unsigned char *ipdata, unsigned int ip_bitmask, CPTTree
node->count++; node->count++;
new_node = node; new_node = node;
node->netmasks = reinterpret_cast<unsigned char *>(malloc(node->count * sizeof(unsigned char))); node->netmasks = reinterpret_cast<unsigned char *>(malloc(node->count * sizeof(unsigned char)));
memset(node->netmasks, 0, (node->count * sizeof(unsigned char)));
if ((node->count -1) == 0) { if ((node->count -1) == 0) {
node->netmasks[0] = netmask; node->netmasks[0] = netmask;
@ -418,16 +420,16 @@ TreeNode *CPTAddElement(unsigned char *ipdata, unsigned int ip_bitmask, CPTTree
node->netmasks[node->count - 1] = netmask; node->netmasks[node->count - 1] = netmask;
i = node->count - 2; int index = node->count - 2;
while (i >= 0) { while (index >= 0) {
if (netmask < node->netmasks[i]) { if (netmask < node->netmasks[index]) {
node->netmasks[i + 1] = netmask; node->netmasks[index + 1] = netmask;
break; break;
} }
node->netmasks[i + 1] = node->netmasks[i]; node->netmasks[index + 1] = node->netmasks[index];
node->netmasks[i] = netmask; node->netmasks[index] = netmask;
i--; index--;
} }
} }
} else { } else {
@ -481,6 +483,7 @@ TreeNode *CPTAddElement(unsigned char *ipdata, unsigned int ip_bitmask, CPTTree
} }
i_node->netmasks = reinterpret_cast<unsigned char *>(malloc((node->count - i) * sizeof(unsigned char))); i_node->netmasks = reinterpret_cast<unsigned char *>(malloc((node->count - i) * sizeof(unsigned char)));
memset(i_node->netmasks, 0, ((node->count - i) * sizeof(unsigned char)));
if(i_node->netmasks == NULL) { if(i_node->netmasks == NULL) {
free(new_node->prefix); free(new_node->prefix);