github_mirrors/ModSecurity
3
0
Fork 1
mirror of https://github.com/owasp-modsecurity/ModSecurity.git synced 2025-09-29 19:24:29 +03:00
Code Issues Packages Projects Releases Wiki Activity

fix multiple variables when appending new targets

Browse Source
This commit is contained in:
brenosilva
2011-09-13 13:28:44 +00:00
parent 31183499e8
commit 3ec3d652ac
1 changed files with 62 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

63
apache2/re.c
View File

@@ -50,7 +50,7 @@ char *update_rule_target(cmd_parms *cmd, directory_config *dcfg,
msre_rule *rule = NULL; msre_rule *rule = NULL;
msre_ruleset *ruleset = NULL; msre_ruleset *ruleset = NULL;
const char *curr_targets = NULL; const char *curr_targets = NULL;
char *my_error_msg = NULL; char *my_error_msg = NULL, *target = NULL;
char *p = NULL, *savedptr = NULL; char *p = NULL, *savedptr = NULL;
char *target_list = NULL, *replace = NULL; char *target_list = NULL, *replace = NULL;
unsigned int is_negated = 0, is_counting = 0; unsigned int is_negated = 0, is_counting = 0;
@@ -162,6 +162,65 @@ char *update_rule_target(cmd_parms *cmd, directory_config *dcfg,
} }
} else { } else {
target = strdup(p);
if(target == NULL)
return NULL;
is_negated = is_counting = 0;
param = name = value = NULL;
opt = strchr(target,'!');
if(opt != NULL) {
*opt = '\0';
opt++;
param = opt;
is_negated = 1;
} else if ((opt = strchr(target,'&')) != NULL) {
*opt = '\0';
opt++;
param = opt;
is_counting = 1;
} else {
param = target;
}
opt = strchr(param,':');
if(opt != NULL) {
name = apr_strtok(param,":",&value);
if(strchr(value,':') != NULL) {
goto end;
}
} else {
name = param;
}
name_len = strlen(name);
if(value != NULL)
value_len = strlen(value);
targets = (msre_var **)rule->targets->elts;
for (i = 0; i < rule->targets->nelts; i++) {
if((strncasecmp(targets[i]->name,name,name_len) == 0) &&
(targets[i]->is_negated == is_negated) &&
(targets[i]->is_counting == is_counting)) {
if(value != NULL && targets[i]->param != NULL) {
if(strncasecmp(targets[i]->param,value,value_len) == 0) {
goto end;
}
} else if (value == NULL && targets[i]->param == NULL){
goto end;
} else
continue;
}
}
if(target != NULL)
free(replace);
rc = msre_parse_targets(ruleset, p, rule->targets, &my_error_msg); rc = msre_parse_targets(ruleset, p, rule->targets, &my_error_msg);
if (rc < 0) { if (rc < 0) {
goto end; goto end;
@@ -180,6 +239,8 @@ end:
free(target_list); free(target_list);
if(replace != NULL) if(replace != NULL)
free(replace); free(replace);
if(target != NULL)
free(replace);
return NULL; return NULL;
} }