github_mirrors/ModSecurity
3
0
Fork 1
mirror of https://github.com/owasp-modsecurity/ModSecurity.git synced 2025-09-30 11:44:32 +03:00
Code Issues Packages Projects Releases Wiki Activity

Fix: FILES_TMP_CONTENT may sometimes lack complete content

Browse Source
This commit is contained in:
Martin Vierula
2023-01-04 11:34:11 -08:00
parent afb48b2c97
commit 4324f0ac59
2 changed files with 18 additions and 10 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
CHANGES
View File

@@ -1,6 +1,8 @@
DD mmm YYYY - 2.9.x (to be released) DD mmm YYYY - 2.9.x (to be released)
------------------- -------------------
* Fix: FILES_TMP_CONTENT may sometimes lack complete content
[Issue #2857 - gieltje, @airween, @dune73, @martinhsv]
* Support configurable limit on number of arguments processed * Support configurable limit on number of arguments processed
[Issue #2844 - @jleproust, @martinhsv] [Issue #2844 - @jleproust, @martinhsv]
* Silence compiler warning about discarded const * Silence compiler warning about discarded const

26
apache2/re_variables.c
View File

@@ -1173,6 +1173,7 @@ static int var_files_tmp_contents_generate(modsec_rec *msr, msre_var *var,
FILE *file; FILE *file;
size_t nread; size_t nread;
char *full_content = NULL; char *full_content = NULL;
char *full_content_tmp_ptr = NULL;
size_t total_lenght = 0; size_t total_lenght = 0;
msre_var *rvar = NULL; msre_var *rvar = NULL;
@@ -1182,19 +1183,23 @@ static int var_files_tmp_contents_generate(modsec_rec *msr, msre_var *var,
continue; continue;
} }
full_content = (char *)apr_pcalloc(mptmp, (sizeof(char)*parts[i]->length) + 1);
if (full_content == NULL) {
if (msr->txcfg->debuglog_level >= 3) {
msr_log(msr, 3, "Variable FILES_TMP_CONTENT will not be created, not " \
"enough memory available.");
}
goto files_tmp_content_not_enough_mem;
}
full_content_tmp_ptr = full_content;
while ((nread = fread(buf, 1, 1023, file)) > 0) while ((nread = fread(buf, 1, 1023, file)) > 0)
{ {
total_lenght += nread; full_content_tmp_ptr = memcpy(full_content_tmp_ptr, buf, nread);
buf[nread] = '\0'; full_content_tmp_ptr += nread;
if (full_content == NULL) total_lenght += nread;
{
full_content = apr_psprintf(mptmp, "%s", buf);
}
else
{
full_content = apr_psprintf(mptmp, "%s%s", full_content, buf);
}
} }
full_content_tmp_ptr[total_lenght] = '\0';
fclose(file); fclose(file);
rvar = apr_pmemdup(mptmp, var, sizeof(msre_var)); rvar = apr_pmemdup(mptmp, var, sizeof(msre_var));
@@ -1209,6 +1214,7 @@ static int var_files_tmp_contents_generate(modsec_rec *msr, msre_var *var,
} }
} }
files_tmp_content_not_enough_mem:
return count; return count;
} }