From 3dc5ff5f6532a9222bc9607f5f2dd34b28ca6fe4 Mon Sep 17 00:00:00 2001 From: Marc Stern Date: Fri, 11 Aug 2023 16:44:18 +0200 Subject: [PATCH 1/3] remove useless memset --- apache2/re_operators.c | 12 +----------- 1 file changed, 1 insertion(+), 11 deletions(-) diff --git a/apache2/re_operators.c b/apache2/re_operators.c index cfd89525..07dca7df 100644 --- a/apache2/re_operators.c +++ b/apache2/re_operators.c @@ -630,18 +630,13 @@ nextround: } if(msr->stream_input_data != NULL && input_body == 1) { - memset(msr->stream_input_data, 0x0, msr->stream_input_length); free(msr->stream_input_data); msr->stream_input_data = NULL; msr->stream_input_length = 0; #ifdef MSC_LARGE_STREAM_INPUT msr->stream_input_allocated_length = 0; - - msr->stream_input_data = (char *)malloc(size); -#else - msr->stream_input_data = (char *)malloc(size+1); #endif - + msr->stream_input_data = (char *)malloc(size+1); if(msr->stream_input_data == NULL) { return -1; } @@ -649,16 +644,11 @@ nextround: msr->stream_input_length = size; #ifdef MSC_LARGE_STREAM_INPUT msr->stream_input_allocated_length = size; - memset(msr->stream_input_data, 0x0, size); -#else - memset(msr->stream_input_data, 0x0, size+1); #endif msr->if_stream_changed = 1; memcpy(msr->stream_input_data, data, size); -#ifndef MSC_LARGE_STREAM_INPUT msr->stream_input_data[size] = '\0'; -#endif var->value_len = size; var->value = msr->stream_input_data; From 9c0d05f73470b3e6acb1078d8b59a837b363731a Mon Sep 17 00:00:00 2001 From: Marc Stern Date: Mon, 21 Aug 2023 09:33:27 +0200 Subject: [PATCH 2/3] Update re_operators.c --- apache2/re_operators.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/apache2/re_operators.c b/apache2/re_operators.c index 07dca7df..77b1b413 100644 --- a/apache2/re_operators.c +++ b/apache2/re_operators.c @@ -1535,10 +1535,10 @@ static const char *gsb_replace_tpath(apr_pool_t *pool, const char *domain, int l url = apr_palloc(pool, len + 1); data = apr_palloc(pool, len + 1); - memset(data, 0, len+1); - memset(url, 0, len+1); - + data[0] = '\0'; + memcpy(url, domain, len); + url[len] = 0; while(( pos = strstr(url , "/./" )) != NULL) { match = 1; From 931f8b6ed455fa91d5eead31a34c6320e3cfc1ca Mon Sep 17 00:00:00 2001 From: Marc Stern Date: Mon, 21 Aug 2023 09:39:42 +0200 Subject: [PATCH 3/3] Update re_operators.c --- apache2/re_operators.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/apache2/re_operators.c b/apache2/re_operators.c index 77b1b413..7cdf5896 100644 --- a/apache2/re_operators.c +++ b/apache2/re_operators.c @@ -751,7 +751,6 @@ static int msre_op_validateHash_execute(modsec_rec *msr, msre_rule *rule, msre_v char *my_error_msg = NULL; int ovector[33]; int rc; - const char *pattern = NULL; #ifdef WITH_PCRE_STUDY #ifdef WITH_PCRE_JIT int jit; @@ -781,8 +780,8 @@ static int msre_op_validateHash_execute(modsec_rec *msr, msre_rule *rule, msre_v expand_macros(msr, re_pattern, rule, msr->mp); - pattern = log_escape_re(msr->mp, re_pattern->value); if (msr->txcfg->debuglog_level >= 6) { + const char *pattern = log_escape_re(msr->mp, re_pattern->value); msr_log(msr, 6, "Escaping pattern [%s]",pattern); }