From 3faf1dd44f749de53d564e617e20ca7d8fc45334 Mon Sep 17 00:00:00 2001 From: brenosilva Date: Wed, 22 Feb 2012 16:14:47 +0000 Subject: [PATCH] MODSEC-289 --- CHANGES | 11 +++++ apache2/msc_release.h | 6 +-- apache2/re_operators.c | 91 ++++++++++++++++++++++++++++++++++++++++++ 3 files changed, 105 insertions(+), 3 deletions(-) diff --git a/CHANGES b/CHANGES index b3618966..e7fb04c1 100644 --- a/CHANGES +++ b/CHANGES @@ -1,3 +1,14 @@ +23 Feb 2012 - 2.6.4-rc1 +------------------- + + * Fixed @rsub adding garbage data into stream variables. + + * Fixed regex for section A into mlogc-batch-load.pl (Thanks Ebrahim Khalilzadeh). + + * Fixed logdata cuts message without closing it with final chars. + + * Added sanitizeMatchedBytes support to verifyCPF, verifyCC and verifySSN. + 23 Dec 2011 - 2.6.3 ------------------- diff --git a/apache2/msc_release.h b/apache2/msc_release.h index 223b5fd9..0b3c13a4 100644 --- a/apache2/msc_release.h +++ b/apache2/msc_release.h @@ -38,9 +38,9 @@ #define MODSEC_VERSION_MAJOR "2" #define MODSEC_VERSION_MINOR "6" -#define MODSEC_VERSION_MAINT "3" -#define MODSEC_VERSION_TYPE "" -#define MODSEC_VERSION_RELEASE "" +#define MODSEC_VERSION_MAINT "4" +#define MODSEC_VERSION_TYPE "-rc" +#define MODSEC_VERSION_RELEASE "1" #define MODSEC_VERSION_SUFFIX MODSEC_VERSION_TYPE MODSEC_VERSION_RELEASE diff --git a/apache2/re_operators.c b/apache2/re_operators.c index 337c530e..2f04b0cf 100644 --- a/apache2/re_operators.c +++ b/apache2/re_operators.c @@ -2265,6 +2265,10 @@ static int msre_op_verifyCC_execute(modsec_rec *msr, msre_rule *rule, msre_var * int rc; int is_cc = 0; int offset; + int matched_bytes = 0; + char *qspos = NULL; + const char *parm = NULL; + msc_parm *mparm = NULL; if (error_msg == NULL) return -1; *error_msg = NULL; @@ -2331,6 +2335,8 @@ static int msre_op_verifyCC_execute(modsec_rec *msr, msre_rule *rule, msre_var * * and we are done. */ + matched_bytes = apr_table_get(rule->actionset->actions, "sanitizeMatchedBytes") ? 1 : 0; + if (apr_table_get(rule->actionset->actions, "capture")) { for(; i < rc; i++) { msc_string *s = (msc_string *)apr_pcalloc(msr->mp, sizeof(msc_string)); @@ -2347,6 +2353,30 @@ static int msre_op_verifyCC_execute(modsec_rec *msr, msre_rule *rule, msre_var * msr_log(msr, 9, "Added regex subexpression to TX.%d: %s", i, log_escape_nq_ex(msr->mp, s->value, s->value_len)); } + + if((matched_bytes == 1) && (var != NULL) && (var->name != NULL)) { + qspos = apr_psprintf(msr->mp, "%s", var->name); + parm = strstr(qspos, ":"); + if (parm != NULL) { + parm++; + mparm = apr_palloc(msr->mp, sizeof(msc_parm)); + if (mparm == NULL) + continue; + + mparm->value = apr_pstrmemdup(msr->mp,s->value,s->value_len); + mparm->pad_1 = rule->actionset->arg_min; + mparm->pad_2 = rule->actionset->arg_max; + apr_table_addn(msr->pattern_to_sanitize, parm, (void *)mparm); + } else { + mparm = apr_palloc(msr->mp, sizeof(msc_parm)); + if (mparm == NULL) + continue; + + mparm->value = apr_pstrmemdup(msr->mp,s->value,s->value_len); + apr_table_addn(msr->pattern_to_sanitize, qspos, (void *)mparm); + } + } + } } @@ -2514,6 +2544,11 @@ static int msre_op_verifyCPF_execute(modsec_rec *msr, msre_rule *rule, msre_var int rc; int is_cpf = 0; int offset; + int matched_bytes = 0; + char *qspos = NULL; + const char *parm = NULL; + msc_parm *mparm = NULL; + if (error_msg == NULL) return -1; *error_msg = NULL; @@ -2580,6 +2615,8 @@ static int msre_op_verifyCPF_execute(modsec_rec *msr, msre_rule *rule, msre_var * and we are done. */ + matched_bytes = apr_table_get(rule->actionset->actions, "sanitizeMatchedBytes") ? 1 : 0; + if (apr_table_get(rule->actionset->actions, "capture")) { for(; i < rc; i++) { msc_string *s = (msc_string *)apr_pcalloc(msr->mp, sizeof(msc_string)); @@ -2596,6 +2633,30 @@ static int msre_op_verifyCPF_execute(modsec_rec *msr, msre_rule *rule, msre_var msr_log(msr, 9, "Added regex subexpression to TX.%d: %s", i, log_escape_nq_ex(msr->mp, s->value, s->value_len)); } + + if((matched_bytes == 1) && (var != NULL) && (var->name != NULL)) { + qspos = apr_psprintf(msr->mp, "%s", var->name); + parm = strstr(qspos, ":"); + if (parm != NULL) { + parm++; + mparm = apr_palloc(msr->mp, sizeof(msc_parm)); + if (mparm == NULL) + continue; + + mparm->value = apr_pstrmemdup(msr->mp,s->value,s->value_len); + mparm->pad_1 = rule->actionset->arg_min; + mparm->pad_2 = rule->actionset->arg_max; + apr_table_addn(msr->pattern_to_sanitize, parm, (void *)mparm); + } else { + mparm = apr_palloc(msr->mp, sizeof(msc_parm)); + if (mparm == NULL) + continue; + + mparm->value = apr_pstrmemdup(msr->mp,s->value,s->value_len); + apr_table_addn(msr->pattern_to_sanitize, qspos, (void *)mparm); + } + } + } } @@ -2753,6 +2814,10 @@ static int msre_op_verifySSN_execute(modsec_rec *msr, msre_rule *rule, msre_var int rc; int is_ssn = 0; int offset; + int matched_bytes = 0; + char *qspos = NULL; + const char *parm = NULL; + msc_parm *mparm = NULL; if (error_msg == NULL) return -1; *error_msg = NULL; @@ -2819,6 +2884,8 @@ static int msre_op_verifySSN_execute(modsec_rec *msr, msre_rule *rule, msre_var * and we are done. */ + matched_bytes = apr_table_get(rule->actionset->actions, "sanitizeMatchedBytes") ? 1 : 0; + if (apr_table_get(rule->actionset->actions, "capture")) { for(; i < rc; i++) { msc_string *s = (msc_string *)apr_pcalloc(msr->mp, sizeof(msc_string)); @@ -2835,6 +2902,30 @@ static int msre_op_verifySSN_execute(modsec_rec *msr, msre_rule *rule, msre_var msr_log(msr, 9, "Added regex subexpression to TX.%d: %s", i, log_escape_nq_ex(msr->mp, s->value, s->value_len)); } + + if((matched_bytes == 1) && (var != NULL) && (var->name != NULL)) { + qspos = apr_psprintf(msr->mp, "%s", var->name); + parm = strstr(qspos, ":"); + if (parm != NULL) { + parm++; + mparm = apr_palloc(msr->mp, sizeof(msc_parm)); + if (mparm == NULL) + continue; + + mparm->value = apr_pstrmemdup(msr->mp,s->value,s->value_len); + mparm->pad_1 = rule->actionset->arg_min; + mparm->pad_2 = rule->actionset->arg_max; + apr_table_addn(msr->pattern_to_sanitize, parm, (void *)mparm); + } else { + mparm = apr_palloc(msr->mp, sizeof(msc_parm)); + if (mparm == NULL) + continue; + + mparm->value = apr_pstrmemdup(msr->mp,s->value,s->value_len); + apr_table_addn(msr->pattern_to_sanitize, qspos, (void *)mparm); + } + } + } }