github_mirrors/ModSecurity
3
0
Fork 1
mirror of https://github.com/owasp-modsecurity/ModSecurity.git synced 2025-09-29 19:24:29 +03:00
Code Issues Packages Projects Releases Wiki Activity

Fixed: Libjection 3.0.0 compilation errors

Browse Source
This commit is contained in:
Breno Silva
2013-06-19 11:05:59 -07:00
parent 9bf132334b
commit 4064e74cca
2 changed files with 13 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files

20
apache2/libinjection/libinjection_sqli.c
View File

@@ -120,11 +120,14 @@ memchr2(const char *haystack, size_t haystack_len, char c0, char c1)
static const char * static const char *
my_memmem(const char* haystack, size_t hlen, const char* needle, size_t nlen) my_memmem(const char* haystack, size_t hlen, const char* needle, size_t nlen)
{ {
assert(haystack); const char* cur = NULL;
assert(needle); const char* last = NULL;
assert(nlen > 1);
const char* cur; if(nlen < 1 || needle == NULL || haystack == NULL)
const char* last = haystack + hlen - nlen; return NULL;
last = haystack + hlen - nlen;
for (cur = haystack; cur <= last; ++cur) { for (cur = haystack; cur <= last; ++cur) {
if (cur[0] == needle[0] && memcmp(cur, needle, nlen) == 0) { if (cur[0] == needle[0] && memcmp(cur, needle, nlen) == 0) {
return cur; return cur;
@@ -132,7 +135,6 @@ my_memmem(const char* haystack, size_t hlen, const char* needle, size_t nlen)
} }
return NULL; return NULL;
} }
/** Find largest string containing certain characters. /** Find largest string containing certain characters.
* *
* C Standard library 'strspn' only works for 'c-strings' (null terminated) * C Standard library 'strspn' only works for 'c-strings' (null terminated)
@@ -475,6 +477,7 @@ static size_t parse_slash(sfilter * sf)
const char* cur = cs + pos; const char* cur = cs + pos;
char ctype = TYPE_COMMENT; char ctype = TYPE_COMMENT;
size_t pos1 = pos + 1; size_t pos1 = pos + 1;
const char *ptr;
if (pos1 == slen || cs[pos1] != '*') { if (pos1 == slen || cs[pos1] != '*') {
return parse_operator1(sf); return parse_operator1(sf);
} }
@@ -482,7 +485,7 @@ static size_t parse_slash(sfilter * sf)
/* /*
* skip over initial '/x' * skip over initial '/x'
*/ */
const char *ptr = memchr2(cur + 2, slen - (pos + 2), '*', '/'); ptr = memchr2(cur + 2, slen - (pos + 2), '*', '/');
if (ptr == NULL) { if (ptr == NULL) {
/* till end of line */ /* till end of line */
clen = slen - pos; clen = slen - pos;
@@ -1678,6 +1681,7 @@ int libinjection_sqli_blacklist(sfilter* sql_state)
char fp2[LIBINJECTION_SQLI_MAX_TOKENS + 2]; char fp2[LIBINJECTION_SQLI_MAX_TOKENS + 2];
char ch; char ch;
size_t i; size_t i;
int patmatch = 0;
size_t len = strlen(sql_state->fingerprint); size_t len = strlen(sql_state->fingerprint);
if (len < 1) { if (len < 1) {
@@ -1702,7 +1706,7 @@ int libinjection_sqli_blacklist(sfilter* sql_state)
} }
fp2[i+1] = '\0'; fp2[i+1] = '\0';
int patmatch = is_keyword(fp2, len + 1) == TYPE_FINGERPRINT; patmatch = is_keyword(fp2, len + 1) == TYPE_FINGERPRINT;
/* /*
* No match. * No match.

2
apache2/re_operators.c
View File

@@ -2142,7 +2142,7 @@ static int msre_op_detectSQLi_execute(modsec_rec *msr, msre_rule *rule, msre_var
int issqli; int issqli;
int capture; int capture;
libinjecton_sqli_init(&sqli_state, var->value, var->value_len, 0); libinjection_sqli_init(&sqli_state, var->value, var->value_len, 0);
issqli = libinjection_is_sqli(&sqli_state); issqli = libinjection_is_sqli(&sqli_state);
capture = apr_table_get(rule->actionset->actions, "capture") ? 1 : 0; capture = apr_table_get(rule->actionset->actions, "capture") ? 1 : 0;