github_mirrors/ModSecurity
3
0
Fork 1
mirror of https://github.com/owasp-modsecurity/ModSecurity.git synced 2025-08-14 13:56:01 +03:00
Code Issues Packages Projects Releases Wiki Activity

Fixed parsing of ASCIIZ for application/x-www-form-urlencoded forms

Browse Source
This commit is contained in:
brectanus 2007-03-06 16:14:54 +00:00
parent cf024ded05
commit 4e02be6219
5 changed files with 16 additions and 12 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
CHANGES
View File

@ -2,13 +2,15 @@
01 Mar 2007 - 2.1.1-dev1 01 Mar 2007 - 2.1.1-dev1
------------------------ ------------------------
* Fixed ASCIIZ (NUL) parsing for application/x-www-form-urlencoded forms
* Fixed the faulty REQUEST_FILENAME variable, which used to change * Fixed the faulty REQUEST_FILENAME variable, which used to change
the internal Apache structures by mistake. the internal Apache structures by mistake.
* Fixed some casting issues for compiling on NetWare (patch from Guenter Knauf).
* Updates to quiet some compiler warnings. * Updates to quiet some compiler warnings.
* Fixed some casting issues for compiling on NetWare (patch from Guenter Knauf).
23 Feb 2007 - 2.1.0 23 Feb 2007 - 2.1.0
------------------- -------------------

6
apache2/modsecurity.c
View File

@ -252,8 +252,10 @@ apr_status_t modsecurity_tx_init(modsec_rec *msr) {
if (msr->query_string != NULL) { if (msr->query_string != NULL) {
int invalid_count = 0; int invalid_count = 0;
if (parse_arguments(msr, msr->query_string, msr->txcfg->argument_separator, if (parse_arguments(msr, msr->query_string, strlen(msr->query_string),
"QUERY_STRING", msr->arguments, &invalid_count) < 0) { msr->txcfg->argument_separator, "QUERY_STRING", msr->arguments,
&invalid_count) < 0)
{
msr_log(msr, 1, "Initialisation: Error occurred while parsing QUERY_STRING arguments."); msr_log(msr, 1, "Initialisation: Error occurred while parsing QUERY_STRING arguments.");
return -1; return -1;
} }

8
apache2/msc_parsers.c
View File

@ -199,19 +199,19 @@ int parse_cookies_v1(modsec_rec *msr, char *_cookie_header, apr_table_t *cookies
/** /**
* *
*/ */
int parse_arguments(modsec_rec *msr, const char *s, int argument_separator, const char *origin, int parse_arguments(modsec_rec *msr, const char *s, apr_size_t inputlength,
int argument_separator, const char *origin,
apr_table_t *arguments, int *invalid_count) apr_table_t *arguments, int *invalid_count)
{ {
msc_arg *arg; msc_arg *arg;
long inputlength, i, j; apr_size_t i, j;
char *value = NULL; char *value = NULL;
char *buf; char *buf;
int status; int status;
if (s == NULL) return -1; if (s == NULL) return -1;
inputlength = strlen(s);
if (inputlength == 0) return 1; if (inputlength == 0) return 1;
if (inputlength + 1 <= 0) return -1; if (inputlength < 0) return -1;
buf = (char *)malloc(inputlength + 1); buf = (char *)malloc(inputlength + 1);
if (buf == NULL) return -1; if (buf == NULL) return -1;

4
apache2/msc_parsers.h
View File

@ -19,7 +19,7 @@ int DSOLOCAL parse_cookies_v0(modsec_rec *msr, char *_cookie_header, apr_table_t
int DSOLOCAL parse_cookies_v1(modsec_rec *msr, char *_cookie_header, apr_table_t *cookies); int DSOLOCAL parse_cookies_v1(modsec_rec *msr, char *_cookie_header, apr_table_t *cookies);
int DSOLOCAL parse_arguments(modsec_rec *msr, const char *s, int argument_separator, int DSOLOCAL parse_arguments(modsec_rec *msr, const char *s, apr_size_t inputlength,
const char *origin, apr_table_t *arguments, int *invalid_count); int argument_separator, const char *origin, apr_table_t *arguments, int *invalid_count);
#endif #endif

4
apache2/msc_reqbody.c
View File

@ -336,8 +336,8 @@ static apr_status_t modsecurity_request_body_end_urlencoded(modsec_rec *msr) {
/* Parse URL-encoded arguments in the request body. */ /* Parse URL-encoded arguments in the request body. */
if (parse_arguments(msr, msr->msc_reqbody_buffer, msr->txcfg->argument_separator, if (parse_arguments(msr, msr->msc_reqbody_buffer, msr->msc_reqbody_length,
"BODY", msr->arguments, &invalid_count) < 0) msr->txcfg->argument_separator, "BODY", msr->arguments, &invalid_count) < 0)
{ {
msr_log(msr, 1, "Initialisation: Error occurred while parsing BODY arguments."); msr_log(msr, 1, "Initialisation: Error occurred while parsing BODY arguments.");
return -1; return -1;