github_mirrors/ModSecurity
3
0
Fork 1
mirror of https://github.com/owasp-modsecurity/ModSecurity.git synced 2025-08-13 21:36:00 +03:00
Code Issues Packages Projects Releases Wiki Activity

Fixed parsing of ASCIIZ for application/x-www-form-urlencoded forms

Browse Source
This commit is contained in:
brectanus 2007-03-06 16:14:54 +00:00
parent cf024ded05
commit 4e02be6219
5 changed files with 16 additions and 12 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
CHANGES
View File

@ -2,13 +2,15 @@
01 Mar 2007 - 2.1.1-dev1
------------------------
* Fixed ASCIIZ (NUL) parsing for application/x-www-form-urlencoded forms
* Fixed the faulty REQUEST_FILENAME variable, which used to change
the internal Apache structures by mistake.
* Fixed some casting issues for compiling on NetWare (patch from Guenter Knauf).
* Updates to quiet some compiler warnings.
* Fixed some casting issues for compiling on NetWare (patch from Guenter Knauf).
23 Feb 2007 - 2.1.0
-------------------

6
apache2/modsecurity.c
View File

@ -252,8 +252,10 @@ apr_status_t modsecurity_tx_init(modsec_rec *msr) {
if (msr->query_string != NULL) {
int invalid_count = 0;
if (parse_arguments(msr, msr->query_string, msr->txcfg->argument_separator,
"QUERY_STRING", msr->arguments, &invalid_count) < 0) {
if (parse_arguments(msr, msr->query_string, strlen(msr->query_string),
msr->txcfg->argument_separator, "QUERY_STRING", msr->arguments,
&invalid_count) < 0)
{
msr_log(msr, 1, "Initialisation: Error occurred while parsing QUERY_STRING arguments.");
return -1;
}

8
apache2/msc_parsers.c
View File

@ -199,19 +199,19 @@ int parse_cookies_v1(modsec_rec *msr, char *_cookie_header, apr_table_t *cookies
/**
*
*/
int parse_arguments(modsec_rec *msr, const char *s, int argument_separator, const char *origin,
int parse_arguments(modsec_rec *msr, const char *s, apr_size_t inputlength,
int argument_separator, const char *origin,
apr_table_t *arguments, int *invalid_count)
{
msc_arg *arg;
long inputlength, i, j;
apr_size_t i, j;
char *value = NULL;
char *buf;
int status;
if (s == NULL) return -1;
inputlength = strlen(s);
if (inputlength == 0) return 1;
if (inputlength + 1 <= 0) return -1;
if (inputlength < 0) return -1;
buf = (char *)malloc(inputlength + 1);
if (buf == NULL) return -1;

4
apache2/msc_parsers.h
View File

@ -19,7 +19,7 @@ int DSOLOCAL parse_cookies_v0(modsec_rec *msr, char *_cookie_header, apr_table_t
int DSOLOCAL parse_cookies_v1(modsec_rec *msr, char *_cookie_header, apr_table_t *cookies);
int DSOLOCAL parse_arguments(modsec_rec *msr, const char *s, int argument_separator,
const char *origin, apr_table_t *arguments, int *invalid_count);
int DSOLOCAL parse_arguments(modsec_rec *msr, const char *s, apr_size_t inputlength,
int argument_separator, const char *origin, apr_table_t *arguments, int *invalid_count);
#endif

4
apache2/msc_reqbody.c
View File

@ -336,8 +336,8 @@ static apr_status_t modsecurity_request_body_end_urlencoded(modsec_rec *msr) {
/* Parse URL-encoded arguments in the request body. */
if (parse_arguments(msr, msr->msc_reqbody_buffer, msr->txcfg->argument_separator,
"BODY", msr->arguments, &invalid_count) < 0)
if (parse_arguments(msr, msr->msc_reqbody_buffer, msr->msc_reqbody_length,
msr->txcfg->argument_separator, "BODY", msr->arguments, &invalid_count) < 0)
{
msr_log(msr, 1, "Initialisation: Error occurred while parsing BODY arguments.");
return -1;