github_mirrors/ModSecurity
3
0
Fork 1
mirror of https://github.com/owasp-modsecurity/ModSecurity.git synced 2025-11-15 17:12:14 +03:00
Code Issues Packages Projects Releases Wiki Activity

Creating a std::string with a null pointer is undefined behaviour.

Browse Source 
- cppreference mentions this about the constructor that receives a
  const char *:
  - Constructs the string with the contents initialized with a copy of
    the null-terminated character string pointed to by s. The length of
    the string is determined by the first null character. The behavior
    is undefined if [s, s + Traits::length(s)) is not a valid range
    (for example, if s is a null pointer).
- C++23 introduces a deleted constructor to prevent this in static
  scenarios, which is how this issue was detected.
This commit is contained in:
Eduardo Arias
2024-05-21 21:02:25 +00:00
parent e8db92ebb0
commit 30a68de92d
2 changed files with 2 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
headers/modsecurity/rules_set_properties.h
View File

@@ -333,9 +333,9 @@ class RulesSetProperties {
case FalseConfigBoolean:
return "False";
case PropertyNotSetConfigBoolean:
default:
return "Not set";
}
return NULL;
}

2
src/actions/transformations/url_encode.cc
View File

@@ -48,7 +48,7 @@ std::string UrlEncode::url_enc(const char *input,
len = input_len * 3 + 1;
d = rval = reinterpret_cast<char *>(malloc(len));
if (rval == NULL) {
return NULL;
return {};
}
/* ENH Only encode the characters that really need to be encoded. */