From 4e02be6219c5b3ea64d03d06da80dcede8d19ec1 Mon Sep 17 00:00:00 2001 From: brectanus Date: Tue, 6 Mar 2007 16:14:54 +0000 Subject: [PATCH] Fixed parsing of ASCIIZ for application/x-www-form-urlencoded forms --- CHANGES | 6 ++++-- apache2/modsecurity.c | 6 ++++-- apache2/msc_parsers.c | 8 ++++---- apache2/msc_parsers.h | 4 ++-- apache2/msc_reqbody.c | 4 ++-- 5 files changed, 16 insertions(+), 12 deletions(-) diff --git a/CHANGES b/CHANGES index 552742de..e6023a33 100644 --- a/CHANGES +++ b/CHANGES @@ -2,13 +2,15 @@ 01 Mar 2007 - 2.1.1-dev1 ------------------------ +* Fixed ASCIIZ (NUL) parsing for application/x-www-form-urlencoded forms + * Fixed the faulty REQUEST_FILENAME variable, which used to change the internal Apache structures by mistake. -* Fixed some casting issues for compiling on NetWare (patch from Guenter Knauf). - * Updates to quiet some compiler warnings. +* Fixed some casting issues for compiling on NetWare (patch from Guenter Knauf). + 23 Feb 2007 - 2.1.0 ------------------- diff --git a/apache2/modsecurity.c b/apache2/modsecurity.c index a097210e..8ae49b6d 100644 --- a/apache2/modsecurity.c +++ b/apache2/modsecurity.c @@ -252,8 +252,10 @@ apr_status_t modsecurity_tx_init(modsec_rec *msr) { if (msr->query_string != NULL) { int invalid_count = 0; - if (parse_arguments(msr, msr->query_string, msr->txcfg->argument_separator, - "QUERY_STRING", msr->arguments, &invalid_count) < 0) { + if (parse_arguments(msr, msr->query_string, strlen(msr->query_string), + msr->txcfg->argument_separator, "QUERY_STRING", msr->arguments, + &invalid_count) < 0) + { msr_log(msr, 1, "Initialisation: Error occurred while parsing QUERY_STRING arguments."); return -1; } diff --git a/apache2/msc_parsers.c b/apache2/msc_parsers.c index 5ae53493..2922bf0b 100644 --- a/apache2/msc_parsers.c +++ b/apache2/msc_parsers.c @@ -199,19 +199,19 @@ int parse_cookies_v1(modsec_rec *msr, char *_cookie_header, apr_table_t *cookies /** * */ -int parse_arguments(modsec_rec *msr, const char *s, int argument_separator, const char *origin, +int parse_arguments(modsec_rec *msr, const char *s, apr_size_t inputlength, + int argument_separator, const char *origin, apr_table_t *arguments, int *invalid_count) { msc_arg *arg; - long inputlength, i, j; + apr_size_t i, j; char *value = NULL; char *buf; int status; if (s == NULL) return -1; - inputlength = strlen(s); if (inputlength == 0) return 1; - if (inputlength + 1 <= 0) return -1; + if (inputlength < 0) return -1; buf = (char *)malloc(inputlength + 1); if (buf == NULL) return -1; diff --git a/apache2/msc_parsers.h b/apache2/msc_parsers.h index 89a49875..ff7c0b8d 100644 --- a/apache2/msc_parsers.h +++ b/apache2/msc_parsers.h @@ -19,7 +19,7 @@ int DSOLOCAL parse_cookies_v0(modsec_rec *msr, char *_cookie_header, apr_table_t int DSOLOCAL parse_cookies_v1(modsec_rec *msr, char *_cookie_header, apr_table_t *cookies); -int DSOLOCAL parse_arguments(modsec_rec *msr, const char *s, int argument_separator, - const char *origin, apr_table_t *arguments, int *invalid_count); +int DSOLOCAL parse_arguments(modsec_rec *msr, const char *s, apr_size_t inputlength, + int argument_separator, const char *origin, apr_table_t *arguments, int *invalid_count); #endif diff --git a/apache2/msc_reqbody.c b/apache2/msc_reqbody.c index f60893e5..f0f40530 100644 --- a/apache2/msc_reqbody.c +++ b/apache2/msc_reqbody.c @@ -336,8 +336,8 @@ static apr_status_t modsecurity_request_body_end_urlencoded(modsec_rec *msr) { /* Parse URL-encoded arguments in the request body. */ - if (parse_arguments(msr, msr->msc_reqbody_buffer, msr->txcfg->argument_separator, - "BODY", msr->arguments, &invalid_count) < 0) + if (parse_arguments(msr, msr->msc_reqbody_buffer, msr->msc_reqbody_length, + msr->txcfg->argument_separator, "BODY", msr->arguments, &invalid_count) < 0) { msr_log(msr, 1, "Initialisation: Error occurred while parsing BODY arguments."); return -1;