move 2.5.13 into trunk

MODSECURITY_LICENSING_EXCEPTION

@@ -5,7 +5,7 @@ MODSECURITY LICENSING EXCEPTION
 Version 1.0, 29 July 2008
 
 As a special exception ("Exception") to the terms and conditions of version 2
-of the GPL, Breach Security, Inc. hereby grants you the rights described
+of the GPL, Trustwave Holdings, Inc. hereby grants you the rights described
 below, provided you agree to the terms and conditions in this Exception,
 including its obligations and restrictions on use.
 
@@ -54,7 +54,7 @@ following conditions are met:
      
 If the above conditions are not met, then the Program may only be copied,
 modified, distributed or used under the terms and conditions of the GPLv2
-or another valid licensing option from Breach Security, Inc.
+or another valid licensing option from Trustwave Holdings, Inc.
 
 
 FLOSS License List

README.TXT

@@ -1,5 +1,5 @@
 ModSecurity for Apache 2.x, http://www.modsecurity.org/
-Copyright (c) 2004-2010 Breach Security, Inc. (http://www.breach.com/)
+Copyright (c) 2004-2010 Trustwave Holdings, Inc. (http://www.trustwave.com/)
 
 ModSecurity for Apache is an open source product, released under terms of
 the General Public Licence, Version 2 (GPLv2). Please refer to the

alp2/alp2.c

@@ -1,6 +1,6 @@
 /*
  * ModSecurity for Apache 2.x, http://www.modsecurity.org/
- * Copyright (c) 2004-2010 Breach Security, Inc. (http://www.breach.com/)
+ * Copyright (c) 2004-2010 Trustwave Holdings, Inc. (http://www.trustwave.com/)
  *
  * This product is released under the terms of the General Public Licence,
  * version 2 (GPLv2). Please refer to the file LICENSE (included with this
@@ -12,8 +12,8 @@
  * distribution.
  *
  * If any of the files related to licensing are missing or if you have any
- * other questions related to licensing please contact Breach Security, Inc.
+ * other questions related to licensing please contact Trustwave Holdings, Inc.
- * directly using the email address support@breach.com.
+ * directly using the email address support@trustwave.com.
  *
  */
 

alp2/alp2.h

@@ -1,6 +1,6 @@
 /*
  * ModSecurity for Apache 2.x, http://www.modsecurity.org/
- * Copyright (c) 2004-2010 Breach Security, Inc. (http://www.breach.com/)
+ * Copyright (c) 2004-2010 Trustwave Holdings, Inc. (http://www.trustwave.com/)
  *
  * This product is released under the terms of the General Public Licence,
  * version 2 (GPLv2). Please refer to the file LICENSE (included with this
@@ -12,8 +12,8 @@
  * distribution.
  *
  * If any of the files related to licensing are missing or if you have any
- * other questions related to licensing please contact Breach Security, Inc.
+ * other questions related to licensing please contact Trustwave Holdings, Inc.
- * directly using the email address support@breach.com.
+ * directly using the email address support@trustwave.com.
  *
  */
 

alp2/alp2_pp.c

@@ -1,6 +1,6 @@
 /*
  * ModSecurity for Apache 2.x, http://www.modsecurity.org/
- * Copyright (c) 2004-2010 Breach Security, Inc. (http://www.breach.com/)
+ * Copyright (c) 2004-2010 Trustwave Holdings, Inc. (http://www.trustwave.com/)
  *
  * This product is released under the terms of the General Public Licence,
  * version 2 (GPLv2). Please refer to the file LICENSE (included with this
@@ -12,8 +12,8 @@
  * distribution.
  *
  * If any of the files related to licensing are missing or if you have any
- * other questions related to licensing please contact Breach Security, Inc.
+ * other questions related to licensing please contact Trustwave Holdings, Inc.
- * directly using the email address support@breach.com.
+ * directly using the email address support@trustwave.com.
  *
  */
 

alp2/alp2_pp.h

@@ -1,6 +1,6 @@
 /*
  * ModSecurity for Apache 2.x, http://www.modsecurity.org/
- * Copyright (c) 2004-2010 Breach Security, Inc. (http://www.breach.com/)
+ * Copyright (c) 2004-2010 Trustwave Holdings, Inc. (http://www.trustwave.com/)
  *
  * This product is released under the terms of the General Public Licence,
  * version 2 (GPLv2). Please refer to the file LICENSE (included with this
@@ -12,8 +12,8 @@
  * distribution.
  *
  * If any of the files related to licensing are missing or if you have any
- * other questions related to licensing please contact Breach Security, Inc.
+ * other questions related to licensing please contact Trustwave Holdings, Inc.
- * directly using the email address support@breach.com.
+ * directly using the email address support@trustwave.com.
  *
  */
 

apache2/acmp.c

@@ -1,6 +1,6 @@
 /*
  * ModSecurity for Apache 2.x, http://www.modsecurity.org/
- * Copyright (c) 2004-2010 Breach Security, Inc. (http://www.breach.com/)
+ * Copyright (c) 2004-2010 Trustwave Holdings, Inc. (http://www.trustwave.com/)
  *
  * This product is released under the terms of the General Public Licence,
  * version 2 (GPLv2). Please refer to the file LICENSE (included with this
@@ -12,8 +12,8 @@
  * distribution.
  *
  * If any of the files related to licensing are missing or if you have any
- * other questions related to licensing please contact Breach Security, Inc.
+ * other questions related to licensing please contact Trustwave Holdings, Inc.
- * directly using the email address support@breach.com.
+ * directly using the email address support@trustwave.com.
  *
  */
 

apache2/acmp.h

@@ -1,6 +1,6 @@
 /*
  * ModSecurity for Apache 2.x, http://www.modsecurity.org/
- * Copyright (c) 2004-2010 Breach Security, Inc. (http://www.breach.com/)
+ * Copyright (c) 2004-2010 Trustwave Holdings, Inc. (http://www.trustwave.com/)
  *
  * This product is released under the terms of the General Public Licence,
  * version 2 (GPLv2). Please refer to the file LICENSE (included with this
@@ -12,8 +12,8 @@
  * distribution.
  *
  * If any of the files related to licensing are missing or if you have any
- * other questions related to licensing please contact Breach Security, Inc.
+ * other questions related to licensing please contact Trustwave Holdings, Inc.
- * directly using the email address support@breach.com.
+ * directly using the email address support@trustwave.com.
  *
  */
 #ifndef ACMP_H_

apache2/apache2.h

@@ -1,6 +1,6 @@
 /*
  * ModSecurity for Apache 2.x, http://www.modsecurity.org/
- * Copyright (c) 2004-2010 Breach Security, Inc. (http://www.breach.com/)
+ * Copyright (c) 2004-2010 Trustwave Holdings, Inc. (http://www.trustwave.com/)
  *
  * This product is released under the terms of the General Public Licence,
  * version 2 (GPLv2). Please refer to the file LICENSE (included with this
@@ -12,8 +12,8 @@
  * distribution.
  *
  * If any of the files related to licensing are missing or if you have any
- * other questions related to licensing please contact Breach Security, Inc.
+ * other questions related to licensing please contact Trustwave Holdings, Inc.
- * directly using the email address support@breach.com.
+ * directly using the email address support@trustwave.com.
  *
  */
 #ifndef _APACHE2_H_

apache2/apache2_config.c

@@ -1,6 +1,6 @@
 /*
  * ModSecurity for Apache 2.x, http://www.modsecurity.org/
- * Copyright (c) 2004-2010 Breach Security, Inc. (http://www.breach.com/)
+ * Copyright (c) 2004-2010 Trustwave Holdings, Inc. (http://www.trustwave.com/)
  *
  * This product is released under the terms of the General Public Licence,
  * version 2 (GPLv2). Please refer to the file LICENSE (included with this
@@ -605,6 +605,12 @@ static const char *add_rule(cmd_parms *cmd, directory_config *dcfg, int type,
                 "be specified by chain starter rules.");
         }
 
+        /* Must NOT specify a skipafter action. */
+        if (rule->actionset->skip_after != NOT_SET_P) {
+            return apr_psprintf(cmd->pool, "ModSecurity: SkipAfter actions can only "
+                "be specified by chain starter rules.");
+        }
+
         /* Must NOT specify a phase. */
         if (rule->actionset->phase != NOT_SET) {
             return apr_psprintf(cmd->pool, "ModSecurity: Execution phases can only be "

apache2/apache2_io.c

@@ -1,6 +1,6 @@
 /*
  * ModSecurity for Apache 2.x, http://www.modsecurity.org/
- * Copyright (c) 2004-2010 Breach Security, Inc. (http://www.breach.com/)
+ * Copyright (c) 2004-2010 Trustwave Holdings, Inc. (http://www.trustwave.com/)
  *
  * This product is released under the terms of the General Public Licence,
  * version 2 (GPLv2). Please refer to the file LICENSE (included with this
@@ -12,8 +12,8 @@
  * distribution.
  *
  * If any of the files related to licensing are missing or if you have any
- * other questions related to licensing please contact Breach Security, Inc.
+ * other questions related to licensing please contact Trustwave Holdings, Inc.
- * directly using the email address support@breach.com.
+ * directly using the email address support@trustwave.com.
  *
  */
 #include <util_filter.h>

apache2/apache2_util.c

@@ -1,6 +1,6 @@
 /*
  * ModSecurity for Apache 2.x, http://www.modsecurity.org/
- * Copyright (c) 2004-2010 Breach Security, Inc. (http://www.breach.com/)
+ * Copyright (c) 2004-2010 Trustwave Holdings, Inc. (http://www.trustwave.com/)
  *
  * This product is released under the terms of the General Public Licence,
  * version 2 (GPLv2). Please refer to the file LICENSE (included with this
@@ -12,8 +12,8 @@
  * distribution.
  *
  * If any of the files related to licensing are missing or if you have any
- * other questions related to licensing please contact Breach Security, Inc.
+ * other questions related to licensing please contact Trustwave Holdings, Inc.
- * directly using the email address support@breach.com.
+ * directly using the email address support@trustwave.com.
  *
  */
 #include "modsecurity.h"

apache2/mod_security2.c

@@ -1,6 +1,6 @@
 /*
  * ModSecurity for Apache 2.x, http://www.modsecurity.org/
- * Copyright (c) 2004-2010 Breach Security, Inc. (http://www.breach.com/)
+ * Copyright (c) 2004-2010 Trustwave Holdings, Inc. (http://www.trustwave.com/)
  *
  * This product is released under the terms of the General Public Licence,
  * version 2 (GPLv2). Please refer to the file LICENSE (included with this
@@ -12,8 +12,8 @@
  * distribution.
  *
  * If any of the files related to licensing are missing or if you have any
- * other questions related to licensing please contact Breach Security, Inc.
+ * other questions related to licensing please contact Trustwave Holdings, Inc.
- * directly using the email address support@breach.com.
+ * directly using the email address support@trustwave.com.
  *
  */
 #include <limits.h>
@@ -31,6 +31,8 @@
 #include "msc_logging.h"
 #include "msc_util.h"
 
+#include "ap_mpm.h"
+#include "scoreboard.h"
 
 /* ModSecurity structure */
 
@@ -56,6 +58,15 @@ unsigned long int DSOLOCAL msc_pcre_match_limit = 0;
 
 unsigned long int DSOLOCAL msc_pcre_match_limit_recursion = 0;
 
+unsigned long int DSOLOCAL conn_read_state_limit = 0;
+
+static int server_limit, thread_limit;
+
+typedef struct {
+    int child_num;
+    int thread_num;
+} sb_handle;
+
 /* -- Miscellaneous functions -- */
 
 /**
@@ -1101,6 +1112,60 @@ static void modsec_register_operator(const char *name, void *fn_init, void *fn_e
     }
 }
 
+/*
+* \brief Connetion hook to limit the number of
+* connections in BUSY state
+*
+* \param conn Pointer to connection struct
+*
+* \retval DECLINED On failure
+* \retval OK On Success
+*/
+static int hook_connection_early(conn_rec *conn)
+{
+    sb_handle *sb = conn->sbh;
+    int i, j;
+    unsigned long int ip_count = 0;
+    worker_score *ws_record = NULL;
+
+    if(sb != NULL && conn_read_state_limit > 0)   {
+
+        ws_record = &ap_scoreboard_image->servers[sb->child_num][sb->thread_num];
+        if(ws_record == NULL)
+            return DECLINED;
+
+        apr_cpystrn(ws_record->client, conn->remote_ip, sizeof(ws_record->client));
+        for (i = 0; i < server_limit; ++i) {
+            for (j = 0; j < thread_limit; ++j) {
+
+                ws_record = ap_get_scoreboard_worker(i, j);
+
+                if(ws_record == NULL)
+                    return DECLINED;
+
+                switch (ws_record->status) {
+                    case SERVER_BUSY_READ:
+                        if (strcmp(conn->remote_ip, ws_record->client) == 0)
+                            ip_count++;
+                        break;
+                    default:
+                        break;
+                }
+            }
+        }
+
+        if (ip_count > conn_read_state_limit) {
+            ap_log_error(APLOG_MARK, APLOG_WARNING, 0, NULL, "ModSecurity: Access denied with code 400. Too many threads [%ld] of %ld allowed in READ state from %s - Possible DoS Consumption Attack [Rejected]", ip_count,conn_read_state_limit,conn->remote_ip);
+            return OK;
+        } else {
+            return DECLINED;
+        }
+    }
+
+    return DECLINED;
+}
+
+
 /**
  * This function is exported for other Apache modules to
  * register new variables.
@@ -1191,6 +1256,10 @@ static void register_hooks(apr_pool_t *mp) {
     APR_REGISTER_OPTIONAL_FN(modsec_register_reqbody_processor);
 #endif
 
+    /* For connection level hook */
+    ap_mpm_query(AP_MPMQ_HARD_LIMIT_THREADS, &thread_limit);
+    ap_mpm_query(AP_MPMQ_HARD_LIMIT_DAEMONS, &server_limit);
+
     /* Main hooks */
     ap_hook_pre_config(hook_pre_config, NULL, NULL, APR_HOOK_FIRST);
     ap_hook_post_config(hook_post_config, postconfig_beforeme_list,
@@ -1201,6 +1270,9 @@ static void register_hooks(apr_pool_t *mp) {
      * // ap_hook_handler(hook_handler, NULL, NULL, APR_HOOK_MIDDLE);
      */
 
+    /* Connection processing hooks */
+    ap_hook_process_connection(hook_connection_early, NULL, NULL, APR_HOOK_FIRST);
+
     /* Transaction processing hooks */
     ap_hook_post_read_request(hook_request_early,
         postread_beforeme_list, postread_afterme_list, APR_HOOK_REALLY_FIRST);

apache2/modsecurity.c

@@ -1,6 +1,6 @@
 /*
  * ModSecurity for Apache 2.x, http://www.modsecurity.org/
- * Copyright (c) 2004-2010 Breach Security, Inc. (http://www.breach.com/)
+ * Copyright (c) 2004-2010 Trustwave Holdings, Inc. (http://www.trustwave.com/)
  *
  * This product is released under the terms of the General Public Licence,
  * version 2 (GPLv2). Please refer to the file LICENSE (included with this
@@ -12,8 +12,8 @@
  * distribution.
  *
  * If any of the files related to licensing are missing or if you have any
- * other questions related to licensing please contact Breach Security, Inc.
+ * other questions related to licensing please contact Trustwave Holdings, Inc.
- * directly using the email address support@breach.com.
+ * directly using the email address support@trustwave.com.
  *
  */
 #include <stdlib.h>
@@ -133,6 +133,19 @@ int modsecurity_init(msc_engine *msce, apr_pool_t *mp) {
     }
     #endif
 
+    rc = apr_global_mutex_create(&msce->geo_lock, NULL, APR_LOCK_DEFAULT, mp);
+    if (rc != APR_SUCCESS) {
+        return -1;
+    }
+
+    #ifdef __SET_MUTEX_PERMS
+    rc = unixd_set_global_mutex_perms(msce->geo_lock);
+    if (rc != APR_SUCCESS) {
+        return -1;
+    }
+    #endif
+
+
     return 1;
 }
 
@@ -149,6 +162,14 @@ void modsecurity_child_init(msc_engine *msce) {
             // ap_log_error(APLOG_MARK, APLOG_ERR, rs, s, "Failed to child-init auditlog mutex");
         }
     }
+
+    if (msce->geo_lock != NULL) {
+        apr_status_t rc = apr_global_mutex_child_init(&msce->geo_lock, NULL, msce->mp);
+        if (rc != APR_SUCCESS) {
+            // ap_log_error(APLOG_MARK, APLOG_ERR, rs, s, "Failed to child-init geo mutex");
+        }
+    }
+
 }
 
 /**

apache2/modsecurity.h

@@ -1,6 +1,6 @@
 /*
  * ModSecurity for Apache 2.x, http://www.modsecurity.org/
- * Copyright (c) 2004-2010 Breach Security, Inc. (http://www.breach.com/)
+ * Copyright (c) 2004-2010 Trustwave Holdings, Inc. (http://www.trustwave.com/)
  *
  * This product is released under the terms of the General Public Licence,
  * version 2 (GPLv2). Please refer to the file LICENSE (included with this
@@ -12,8 +12,8 @@
  * distribution.
  *
  * If any of the files related to licensing are missing or if you have any
- * other questions related to licensing please contact Breach Security, Inc.
+ * other questions related to licensing please contact Trustwave Holdings, Inc.
- * directly using the email address support@breach.com.
+ * directly using the email address support@trustwave.com.
  *
  */
 #ifndef _MODSECURITY_H_
@@ -132,6 +132,8 @@ extern DSOLOCAL unsigned long int msc_pcre_match_limit;
 
 extern DSOLOCAL unsigned long int msc_pcre_match_limit_recursion;
 
+extern DSOLOCAL unsigned long int conn_read_state_limit;
+
 #define RESBODY_STATUS_NOT_READ         0   /* we were not configured to read the body */
 #define RESBODY_STATUS_ERROR            1   /* error occured while we were reading the body */
 #define RESBODY_STATUS_PARTIAL          2   /* partial body content available in the brigade */
@@ -496,6 +498,7 @@ struct error_message {
 struct msc_engine {
     apr_pool_t              *mp;
     apr_global_mutex_t      *auditlog_lock;
+    apr_global_mutex_t      *geo_lock;
     msre_engine             *msre;
     unsigned int             processing_mode;
 };

apache2/msc_geo.c

@@ -1,6 +1,6 @@
 /*
  * ModSecurity for Apache 2.x, http://www.modsecurity.org/
- * Copyright (c) 2004-2010 Breach Security, Inc. (http://www.breach.com/)
+ * Copyright (c) 2004-2010 Trustwave Holdings, Inc. (http://www.trustwave.com/)
  *
  * This product is released under the terms of the General Public Licence,
  * version 2 (GPLv2). Please refer to the file LICENSE (included with this
@@ -12,8 +12,8 @@
  * distribution.
  *
  * If any of the files related to licensing are missing or if you have any
- * other questions related to licensing please contact Breach Security, Inc.
+ * other questions related to licensing please contact Trustwave Holdings, Inc.
- * directly using the email address support@breach.com.
+ * directly using the email address support@trustwave.com.
  *
  */
 #include "msc_geo.h"
@@ -287,6 +287,7 @@ int geo_lookup(modsec_rec *msr, geo_rec *georec, const char *target, char **erro
     apr_size_t nbytes;
     unsigned int rec_val = 0;
     apr_off_t seekto = 0;
+    apr_status_t ret;
     int rc;
     int country = 0;
     int level;
@@ -332,6 +333,12 @@ int geo_lookup(modsec_rec *msr, geo_rec *georec, const char *target, char **erro
         msr_log(msr, 9, "GEO: Using address \"%s\" (0x%08lx).", targetip, ipnum);
     }
 
+    ret = apr_global_mutex_lock(msr->modsecurity->geo_lock);
+    if (ret != APR_SUCCESS) {
+        msr_log(msr, 1, "Geo Lookup: Failed to lock proc mutex: %s",
+                get_apr_error(msr->mp, ret));
+    }
+
     for (level = 31; level >= 0; level--) {
         /* Read the record */
         seekto = 2 * reclen * rec_val;
@@ -365,6 +372,13 @@ int geo_lookup(modsec_rec *msr, geo_rec *georec, const char *target, char **erro
         if ((country <= 0) || (country > GEO_COUNTRY_LAST)) {
             *error_msg = apr_psprintf(msr->mp, "No geo data for \"%s\" (country %d).", log_escape(msr->mp, target), country);
             msr_log(msr, 4, "%s", *error_msg);
+
+            ret = apr_global_mutex_unlock(msr->modsecurity->geo_lock);
+            if (ret != APR_SUCCESS) {
+                msr_log(msr, 1, "Geo Lookup: Failed to lock proc mutex: %s",
+                        get_apr_error(msr->mp, ret));
+            }
+
             return 0;
         }
 
@@ -389,6 +403,13 @@ int geo_lookup(modsec_rec *msr, geo_rec *georec, const char *target, char **erro
         if ((country <= 0) || (country > GEO_COUNTRY_LAST)) {
             *error_msg = apr_psprintf(msr->mp, "No geo data for \"%s\" (country %d).", log_escape(msr->mp, target), country);
             msr_log(msr, 4, "%s", *error_msg);
+
+            ret = apr_global_mutex_unlock(msr->modsecurity->geo_lock);
+            if (ret != APR_SUCCESS) {
+                msr_log(msr, 1, "Geo Lookup: Failed to lock proc mutex: %s",
+                        get_apr_error(msr->mp, ret));
+            }
+
             return 0;
         }
         if (msr->txcfg->debuglog_level >= 9) {
@@ -477,6 +498,13 @@ int geo_lookup(modsec_rec *msr, geo_rec *georec, const char *target, char **erro
     }
 
     *error_msg = apr_psprintf(msr->mp, "Geo lookup for \"%s\" succeeded.", log_escape(msr->mp, target));
+
+    ret = apr_global_mutex_unlock(msr->modsecurity->geo_lock);
+    if (ret != APR_SUCCESS) {
+        msr_log(msr, 1, "Geo Lookup: Failed to lock proc mutex: %s",
+                get_apr_error(msr->mp, ret));
+    }
+
     return 1;
 }
 

apache2/msc_geo.h

@@ -1,6 +1,6 @@
 /*
  * ModSecurity for Apache 2.x, http://www.modsecurity.org/
- * Copyright (c) 2004-2010 Breach Security, Inc. (http://www.breach.com/)
+ * Copyright (c) 2004-2010 Trustwave Holdings, Inc. (http://www.trustwave.com/)
  *
  * This product is released under the terms of the General Public Licence,
  * version 2 (GPLv2). Please refer to the file LICENSE (included with this
@@ -12,8 +12,8 @@
  * distribution.
  *
  * If any of the files related to licensing are missing or if you have any
- * other questions related to licensing please contact Breach Security, Inc.
+ * other questions related to licensing please contact Trustwave Holdings, Inc.
- * directly using the email address support@breach.com.
+ * directly using the email address support@trustwave.com.
  *
  */
 #ifndef _MSC_GEO_H_

apache2/msc_logging.c

@@ -1,6 +1,6 @@
 /*
  * ModSecurity for Apache 2.x, http://www.modsecurity.org/
- * Copyright (c) 2004-2010 Breach Security, Inc. (http://www.breach.com/)
+ * Copyright (c) 2004-2010 Trustwave Holdings, Inc. (http://www.trustwave.com/)
  *
  * This product is released under the terms of the General Public Licence,
  * version 2 (GPLv2). Please refer to the file LICENSE (included with this
@@ -12,8 +12,8 @@
  * distribution.
  *
  * If any of the files related to licensing are missing or if you have any
- * other questions related to licensing please contact Breach Security, Inc.
+ * other questions related to licensing please contact Trustwave Holdings, Inc.
- * directly using the email address support@breach.com.
+ * directly using the email address support@trustwave.com.
  *
  */
 

apache2/msc_logging.h

@@ -1,6 +1,6 @@
 /*
  * ModSecurity for Apache 2.x, http://www.modsecurity.org/
- * Copyright (c) 2004-2010 Breach Security, Inc. (http://www.breach.com/)
+ * Copyright (c) 2004-2010 Trustwave Holdings, Inc. (http://www.trustwave.com/)
  *
  * This product is released under the terms of the General Public Licence,
  * version 2 (GPLv2). Please refer to the file LICENSE (included with this
@@ -12,8 +12,8 @@
  * distribution.
  *
  * If any of the files related to licensing are missing or if you have any
- * other questions related to licensing please contact Breach Security, Inc.
+ * other questions related to licensing please contact Trustwave Holdings, Inc.
- * directly using the email address support@breach.com.
+ * directly using the email address support@trustwave.com.
  *
  */
 #ifndef _MSC_LOGGING_H_

apache2/msc_lua.c

@@ -1,6 +1,6 @@
 /*
  * ModSecurity for Apache 2.x, http://www.modsecurity.org/
- * Copyright (c) 2004-2010 Breach Security, Inc. (http://www.breach.com/)
+ * Copyright (c) 2004-2010 Trustwave Holdings, Inc. (http://www.trustwave.com/)
  *
  * This product is released under the terms of the General Public Licence,
  * version 2 (GPLv2). Please refer to the file LICENSE (included with this
@@ -12,8 +12,8 @@
  * distribution.
  *
  * If any of the files related to licensing are missing or if you have any
- * other questions related to licensing please contact Breach Security, Inc.
+ * other questions related to licensing please contact Trustwave Holdings, Inc.
- * directly using the email address support@breach.com.
+ * directly using the email address support@trustwave.com.
  *
  */
 #if defined(WITH_LUA)
@@ -337,10 +337,57 @@ static int l_getvars(lua_State *L) {
     return 1;
 }
 
+/*
+* \brief New setvar function for Lua API. Users can put back
+* data in modsecurity core via new variables
+*
+* \param L Pointer to Lua state
+*
+* \retval -1 On failure
+* \retval 0 On Collection failure
+* \retval 1 On Success
+*/
+static int l_setvar(lua_State *L) {
+    modsec_rec *msr = NULL;
+    msre_rule *rule = NULL;
+    const char *var_value = NULL;
+    const char *var_name = NULL;
+    int nargs = lua_gettop(L);
+    char *chr = NULL;
+
+    lua_getglobal(L, "__msr");
+    msr = (modsec_rec *)lua_topointer(L, -1);
+
+    lua_getglobal(L, "__rule");
+    rule = (msre_rule *)lua_topointer(L, -1);
+
+    if(nargs != 2)  {
+        msr_log(msr, 8, "m.setvar: Failed m.setvar funtion must has 2 arguments");
+        return -1;
+    }
+    var_value = luaL_checkstring (L, 2);
+    var_name = luaL_checkstring (L, 1);
+
+    lua_pop(L,2);
+
+    if(var_value == NULL || var_name == NULL)
+        return -1;
+
+    chr = strchr((char *)var_name,0x2e);
+
+    if(chr == NULL) {
+        msr_log(msr, 8, "m.setvar: Must specify a collection using dot character - ie m.setvar(tx.myvar,mydata)");
+        return -1;
+    }
+
+    return msre_action_setvar_execute(msr,msr->msc_rule_mptmp,rule,(char *)var_name,(char *)var_value);
+}
+
 static const struct luaL_Reg mylib[] = {
     { "log", l_log },
     { "getvar", l_getvar },
     { "getvars", l_getvars },
+    { "setvar", l_setvar },
     { NULL, NULL }
 };
 

apache2/msc_lua.h

@@ -1,6 +1,6 @@
 /*
  * ModSecurity for Apache 2.x, http://www.modsecurity.org/
- * Copyright (c) 2004-2010 Breach Security, Inc. (http://www.breach.com/)
+ * Copyright (c) 2004-2010 Trustwave Holdings, Inc. (http://www.trustwave.com/)
  *
  * This product is released under the terms of the General Public Licence,
  * version 2 (GPLv2). Please refer to the file LICENSE (included with this
@@ -12,8 +12,8 @@
  * distribution.
  *
  * If any of the files related to licensing are missing or if you have any
- * other questions related to licensing please contact Breach Security, Inc.
+ * other questions related to licensing please contact Trustwave Holdings, Inc.
- * directly using the email address support@breach.com.
+ * directly using the email address support@trustwave.com.
  *
  */
 #if defined(WITH_LUA)

apache2/msc_multipart.c

@@ -1,6 +1,6 @@
 /*
  * ModSecurity for Apache 2.x, http://www.modsecurity.org/
- * Copyright (c) 2004-2010 Breach Security, Inc. (http://www.breach.com/)
+ * Copyright (c) 2004-2010 Trustwave Holdings, Inc. (http://www.trustwave.com/)
  *
  * This product is released under the terms of the General Public Licence,
  * version 2 (GPLv2). Please refer to the file LICENSE (included with this
@@ -12,8 +12,8 @@
  * distribution.
  *
  * If any of the files related to licensing are missing or if you have any
- * other questions related to licensing please contact Breach Security, Inc.
+ * other questions related to licensing please contact Trustwave Holdings, Inc.
- * directly using the email address support@breach.com.
+ * directly using the email address support@trustwave.com.
  *
  */
 #include "modsecurity_config.h"

apache2/msc_multipart.h

@@ -1,6 +1,6 @@
 /*
  * ModSecurity for Apache 2.x, http://www.modsecurity.org/
- * Copyright (c) 2004-2010 Breach Security, Inc. (http://www.breach.com/)
+ * Copyright (c) 2004-2010 Trustwave Holdings, Inc. (http://www.trustwave.com/)
  *
  * This product is released under the terms of the General Public Licence,
  * version 2 (GPLv2). Please refer to the file LICENSE (included with this
@@ -12,8 +12,8 @@
  * distribution.
  *
  * If any of the files related to licensing are missing or if you have any
- * other questions related to licensing please contact Breach Security, Inc.
+ * other questions related to licensing please contact Trustwave Holdings, Inc.
- * directly using the email address support@breach.com.
+ * directly using the email address support@trustwave.com.
  *
  */
 #ifndef _MSC_MULTIPART_H_

apache2/msc_parsers.c

@@ -1,6 +1,6 @@
 /*
  * ModSecurity for Apache 2.x, http://www.modsecurity.org/
- * Copyright (c) 2004-2010 Breach Security, Inc. (http://www.breach.com/)
+ * Copyright (c) 2004-2010 Trustwave Holdings, Inc. (http://www.trustwave.com/)
  *
  * This product is released under the terms of the General Public Licence,
  * version 2 (GPLv2). Please refer to the file LICENSE (included with this
@@ -12,8 +12,8 @@
  * distribution.
  *
  * If any of the files related to licensing are missing or if you have any
- * other questions related to licensing please contact Breach Security, Inc.
+ * other questions related to licensing please contact Trustwave Holdings, Inc.
- * directly using the email address support@breach.com.
+ * directly using the email address support@trustwave.com.
  *
  */
 #include "msc_parsers.h"

apache2/msc_parsers.h

@@ -1,6 +1,6 @@
 /*
  * ModSecurity for Apache 2.x, http://www.modsecurity.org/
- * Copyright (c) 2004-2010 Breach Security, Inc. (http://www.breach.com/)
+ * Copyright (c) 2004-2010 Trustwave Holdings, Inc. (http://www.trustwave.com/)
  *
  * This product is released under the terms of the General Public Licence,
  * version 2 (GPLv2). Please refer to the file LICENSE (included with this
@@ -12,8 +12,8 @@
  * distribution.
  *
  * If any of the files related to licensing are missing or if you have any
- * other questions related to licensing please contact Breach Security, Inc.
+ * other questions related to licensing please contact Trustwave Holdings, Inc.
- * directly using the email address support@breach.com.
+ * directly using the email address support@trustwave.com.
  *
  */
 #ifndef _MSC_PARSERS_H_

apache2/msc_pcre.c

@@ -1,6 +1,6 @@
 /*
  * ModSecurity for Apache 2.x, http://www.modsecurity.org/
- * Copyright (c) 2004-2010 Breach Security, Inc. (http://www.breach.com/)
+ * Copyright (c) 2004-2010 Trustwave Holdings, Inc. (http://www.trustwave.com/)
  *
  * This product is released under the terms of the General Public Licence,
  * version 2 (GPLv2). Please refer to the file LICENSE (included with this
@@ -12,8 +12,8 @@
  * distribution.
  *
  * If any of the files related to licensing are missing or if you have any
- * other questions related to licensing please contact Breach Security, Inc.
+ * other questions related to licensing please contact Trustwave Holdings, Inc.
- * directly using the email address support@breach.com.
+ * directly using the email address support@trustwave.com.
  *
  */
 #include "msc_pcre.h"

apache2/msc_pcre.h

@@ -1,6 +1,6 @@
 /*
  * ModSecurity for Apache 2.x, http://www.modsecurity.org/
- * Copyright (c) 2004-2010 Breach Security, Inc. (http://www.breach.com/)
+ * Copyright (c) 2004-2010 Trustwave Holdings, Inc. (http://www.trustwave.com/)
  *
  * This product is released under the terms of the General Public Licence,
  * version 2 (GPLv2). Please refer to the file LICENSE (included with this
@@ -12,8 +12,8 @@
  * distribution.
  *
  * If any of the files related to licensing are missing or if you have any
- * other questions related to licensing please contact Breach Security, Inc.
+ * other questions related to licensing please contact Trustwave Holdings, Inc.
- * directly using the email address support@breach.com.
+ * directly using the email address support@trustwave.com.
  *
  */
 #ifndef _MSC_PCRE_H_

apache2/msc_release.c

@@ -1,6 +1,6 @@
 /*
  * ModSecurity for Apache 2.x, http://www.modsecurity.org/
- * Copyright (c) 2004-2010 Breach Security, Inc. (http://www.breach.com/)
+ * Copyright (c) 2004-2010 Trustwave Holdings, Inc. (http://www.trustwave.com/)
  *
  * This product is released under the terms of the General Public Licence,
  * version 2 (GPLv2). Please refer to the file LICENSE (included with this
@@ -12,8 +12,8 @@
  * distribution.
  *
  * If any of the files related to licensing are missing or if you have any
- * other questions related to licensing please contact Breach Security, Inc.
+ * other questions related to licensing please contact Trustwave Holdings, Inc.
- * directly using the email address support@breach.com.
+ * directly using the email address support@trustwave.com.
  *
  */
 
@@ -23,7 +23,7 @@ modsec_build_type_rec modsec_build_type[] = {
     { "-dev", 1 },     /* Development build */
     { "-rc", 3 },      /* Release Candidate build */
     { "", 9 },         /* Production build */
-    { "-breach", 9 },  /* Breach build */
+    { "-tw", 9 },      /* Truswave Holdings build */
     { "-trunk", 9 },   /* Trunk build */
     { NULL, -1 }       /* terminator */
 };

apache2/msc_release.h

@@ -1,6 +1,6 @@
 /*
  * ModSecurity for Apache 2.x, http://www.modsecurity.org/
- * Copyright (c) 2004-2010 Breach Security, Inc. (http://www.breach.com/)
+ * Copyright (c) 2004-2010 Trustwave Holdings, Inc. (http://www.trustwave.com/)
  *
  * This product is released under the terms of the General Public Licence,
  * version 2 (GPLv2). Please refer to the file LICENSE (included with this
@@ -12,8 +12,8 @@
  * distribution.
  *
  * If any of the files related to licensing are missing or if you have any
- * other questions related to licensing please contact Breach Security, Inc.
+ * other questions related to licensing please contact Trustwave Holdings, Inc.
- * directly using the email address support@breach.com.
+ * directly using the email address support@trustwave.com.
  *
  */
 #ifndef _MSC_RELEASE_H_

apache2/msc_reqbody.c

@@ -1,6 +1,6 @@
 /*
  * ModSecurity for Apache 2.x, http://www.modsecurity.org/
- * Copyright (c) 2004-2010 Breach Security, Inc. (http://www.breach.com/)
+ * Copyright (c) 2004-2010 Trustwave Holdings, Inc. (http://www.trustwave.com/)
  *
  * This product is released under the terms of the General Public Licence,
  * version 2 (GPLv2). Please refer to the file LICENSE (included with this
@@ -12,8 +12,8 @@
  * distribution.
  *
  * If any of the files related to licensing are missing or if you have any
- * other questions related to licensing please contact Breach Security, Inc.
+ * other questions related to licensing please contact Trustwave Holdings, Inc.
- * directly using the email address support@breach.com.
+ * directly using the email address support@trustwave.com.
  *
  */
 #include "modsecurity.h"

apache2/msc_util.c

@@ -1,6 +1,6 @@
 /*
  * ModSecurity for Apache 2.x, http://www.modsecurity.org/
- * Copyright (c) 2004-2010 Breach Security, Inc. (http://www.breach.com/)
+ * Copyright (c) 2004-2010 Trustwave Holdings, Inc. (http://www.trustwave.com/)
  *
  * This product is released under the terms of the General Public Licence,
  * version 2 (GPLv2). Please refer to the file LICENSE (included with this
@@ -12,8 +12,8 @@
  * distribution.
  *
  * If any of the files related to licensing are missing or if you have any
- * other questions related to licensing please contact Breach Security, Inc.
+ * other questions related to licensing please contact Trustwave Holdings, Inc.
- * directly using the email address support@breach.com.
+ * directly using the email address support@trustwave.com.
  *
  */
 #include "modsecurity_config.h"
@@ -52,6 +52,28 @@
 #define S_ISUID 04000
 #endif /* defined(WIN32 || NETWARE) */
 
+/* Base64 tables used in decodeBase64Ext */
+static const char b64_pad = '=';
+
+static const short b64_reverse_t[256] = {
+  -2, -2, -2, -2, -2, -2, -2, -2, -2, -1, -1, -2, -2, -1, -2, -2,
+  -2, -2, -2, -2, -2, -2, -2, -2, -2, -2, -2, -2, -2, -2, -2, -2,
+  -1, -2, -2, -2, -2, -2, -2, -2, -2, -2, -2, 62, -2, -2, -2, 63,
+  52, 53, 54, 55, 56, 57, 58, 59, 60, 61, -2, -2, -2, -2, -2, -2,
+  -2, 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14,
+  15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, -2, -2, -2, -2, -2,
+  -2, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40,
+  41, 42, 43, 44, 45, 46, 47, 48, 49, 50, 51, -2, -2, -2, -2, -2,
+  -2, -2, -2, -2, -2, -2, -2, -2, -2, -2, -2, -2, -2, -2, -2, -2,
+  -2, -2, -2, -2, -2, -2, -2, -2, -2, -2, -2, -2, -2, -2, -2, -2,
+  -2, -2, -2, -2, -2, -2, -2, -2, -2, -2, -2, -2, -2, -2, -2, -2,
+  -2, -2, -2, -2, -2, -2, -2, -2, -2, -2, -2, -2, -2, -2, -2, -2,
+  -2, -2, -2, -2, -2, -2, -2, -2, -2, -2, -2, -2, -2, -2, -2, -2,
+  -2, -2, -2, -2, -2, -2, -2, -2, -2, -2, -2, -2, -2, -2, -2, -2,
+  -2, -2, -2, -2, -2, -2, -2, -2, -2, -2, -2, -2, -2, -2, -2, -2,
+  -2, -2, -2, -2, -2, -2, -2, -2, -2, -2, -2, -2, -2, -2, -2, -2
+};
+
 /**
  *
  */
@@ -67,6 +89,72 @@ int parse_boolean(const char *input) {
     return -1;
 }
 
+/* \brief Decode Base64 data with special chars
+*
+* \param plain_text Pointer to plain text data
+* \param input Pointer to input data
+* \param input_len Input data length
+*
+* \retval 0 On failure
+* \retval string length On Success
+*/
+int decode_base64_ext(char *plain_text, const char *input, int input_len)
+{
+    const char *encoded = input;
+    int i = 0, j = 0, k = 0;
+    int ch = 0;
+
+    while ((ch = *encoded++) != '\0' && input_len-- > 0) {
+        if (ch == b64_pad) {
+            if (*encoded != '=' && (i % 4) == 1) {
+                return 0;
+            }
+            continue;
+        }
+
+        ch = b64_reverse_t[ch];
+        if (ch < 0 || ch == -1) {
+            continue;
+        } else if (ch == -2) {
+            return 0;
+        }
+        switch(i % 4) {
+            case 0:
+                plain_text[j] = ch << 2;
+                break;
+            case 1:
+                plain_text[j++] |= ch >> 4;
+                plain_text[j] = (ch & 0x0f) << 4;
+                break;
+            case 2:
+                plain_text[j++] |= ch >>2;
+                plain_text[j] = (ch & 0x03) << 6;
+                break;
+            case 3:
+                plain_text[j++] |= ch;
+                break;
+        }
+        i++;
+    }
+
+    k = j;
+    if (ch == b64_pad) {
+        switch(i % 4) {
+            case 1:
+                return 0;
+            case 2:
+                k++;
+            case 3:
+                plain_text[k] = 0;
+        }
+    }
+
+    plain_text[j] = '\0';
+
+    return j;
+}
+
+
 /**
  * Parses a string that contains a name-value pair in the form "name=value".
  * IMP1 It does not check for whitespace between tokens.

apache2/msc_util.h

@@ -1,6 +1,6 @@
 /*
  * ModSecurity for Apache 2.x, http://www.modsecurity.org/
- * Copyright (c) 2004-2010 Breach Security, Inc. (http://www.breach.com/)
+ * Copyright (c) 2004-2010 Trustwave Holdings, Inc. (http://www.trustwave.com/)
  *
  * This product is released under the terms of the General Public Licence,
  * version 2 (GPLv2). Please refer to the file LICENSE (included with this
@@ -12,8 +12,8 @@
  * distribution.
  *
  * If any of the files related to licensing are missing or if you have any
- * other questions related to licensing please contact Breach Security, Inc.
+ * other questions related to licensing please contact Trustwave Holdings, Inc.
- * directly using the email address support@breach.com.
+ * directly using the email address support@trustwave.com.
  *
  */
 #ifndef _UTIL_H_
@@ -90,6 +90,8 @@ char DSOLOCAL *log_escape_nul(apr_pool_t *mp, const unsigned char *text, unsigne
 char DSOLOCAL *_log_escape(apr_pool_t *p, const unsigned char *input,
     unsigned long int input_length, int escape_quotes, int escape_colon);
 
+int DSOLOCAL decode_base64_ext(char *plain_text, const char *input, int input_len);
+
 int DSOLOCAL js_decode_nonstrict_inplace(unsigned char *input, long int input_len);
 
 int DSOLOCAL urldecode_uni_nonstrict_inplace_ex(unsigned char *input, long int input_length, int * changed);

apache2/msc_xml.c

@@ -1,6 +1,6 @@
 /*
  * ModSecurity for Apache 2.x, http://www.modsecurity.org/
- * Copyright (c) 2004-2010 Breach Security, Inc. (http://www.breach.com/)
+ * Copyright (c) 2004-2010 Trustwave Holdings, Inc. (http://www.trustwave.com/)
  *
  * This product is released under the terms of the General Public Licence,
  * version 2 (GPLv2). Please refer to the file LICENSE (included with this
@@ -12,8 +12,8 @@
  * distribution.
  *
  * If any of the files related to licensing are missing or if you have any
- * other questions related to licensing please contact Breach Security, Inc.
+ * other questions related to licensing please contact Trustwave Holdings, Inc.
- * directly using the email address support@breach.com.
+ * directly using the email address support@trustwave.com.
  *
  */
 #include "msc_xml.h"

apache2/msc_xml.h

@@ -1,6 +1,6 @@
 /*
  * ModSecurity for Apache 2.x, http://www.modsecurity.org/
- * Copyright (c) 2004-2010 Breach Security, Inc. (http://www.breach.com/)
+ * Copyright (c) 2004-2010 Trustwave Holdings, Inc. (http://www.trustwave.com/)
  *
  * This product is released under the terms of the General Public Licence,
  * version 2 (GPLv2). Please refer to the file LICENSE (included with this
@@ -12,8 +12,8 @@
  * distribution.
  *
  * If any of the files related to licensing are missing or if you have any
- * other questions related to licensing please contact Breach Security, Inc.
+ * other questions related to licensing please contact Trustwave Holdings, Inc.
- * directly using the email address support@breach.com.
+ * directly using the email address support@trustwave.com.
  *
  */
 #ifndef _MSC_XML_H_

apache2/persist_dbm.c

@@ -1,6 +1,6 @@
 /*
  * ModSecurity for Apache 2.x, http://www.modsecurity.org/
- * Copyright (c) 2004-2010 Breach Security, Inc. (http://www.breach.com/)
+ * Copyright (c) 2004-2010 Trustwave Holdings, Inc. (http://www.trustwave.com/)
  *
  * This product is released under the terms of the General Public Licence,
  * version 2 (GPLv2). Please refer to the file LICENSE (included with this
@@ -12,8 +12,8 @@
  * distribution.
  *
  * If any of the files related to licensing are missing or if you have any
- * other questions related to licensing please contact Breach Security, Inc.
+ * other questions related to licensing please contact Trustwave Holdings, Inc.
- * directly using the email address support@breach.com.
+ * directly using the email address support@trustwave.com.
  *
  */
 #include "persist_dbm.h"

apache2/persist_dbm.h

@@ -1,6 +1,6 @@
 /*
  * ModSecurity for Apache 2.x, http://www.modsecurity.org/
- * Copyright (c) 2004-2010 Breach Security, Inc. (http://www.breach.com/)
+ * Copyright (c) 2004-2010 Trustwave Holdings, Inc. (http://www.trustwave.com/)
  *
  * This product is released under the terms of the General Public Licence,
  * version 2 (GPLv2). Please refer to the file LICENSE (included with this
@@ -12,8 +12,8 @@
  * distribution.
  *
  * If any of the files related to licensing are missing or if you have any
- * other questions related to licensing please contact Breach Security, Inc.
+ * other questions related to licensing please contact Trustwave Holdings, Inc.
- * directly using the email address support@breach.com.
+ * directly using the email address support@trustwave.com.
  *
  */
 #ifndef _PERSIST_DBM_H_

apache2/re.c

@@ -1,6 +1,6 @@
 /*
  * ModSecurity for Apache 2.x, http://www.modsecurity.org/
- * Copyright (c) 2004-2010 Breach Security, Inc. (http://www.breach.com/)
+ * Copyright (c) 2004-2010 Trustwave Holdings, Inc. (http://www.trustwave.com/)
  *
  * This product is released under the terms of the General Public Licence,
  * version 2 (GPLv2). Please refer to the file LICENSE (included with this
@@ -857,7 +857,9 @@ apr_status_t msre_ruleset_process_phase(msre_ruleset *ruleset, modsec_rec *msr)
     msre_rule **rules;
     apr_status_t rc;
     const char *skip_after = NULL;
-    int i, mode, skip;
+    msre_rule *last_rule = NULL;
+    msre_rule *rule_starter = NULL;
+    int i, mode, skip, skipped, saw_starter;
 
     /* First determine which set of rules we need to use. */
     switch (msr->phase) {
@@ -887,6 +889,8 @@ apr_status_t msre_ruleset_process_phase(msre_ruleset *ruleset, modsec_rec *msr)
 
     /* Loop through the rules in the selected set. */
     skip = 0;
+    skipped = 0;
+    saw_starter = 0;
     mode = NEXT_RULE;
     rules = (msre_rule **)arr->elts;
     for (i = 0; i < arr->nelts; i++) {
@@ -903,19 +907,32 @@ apr_status_t msre_ruleset_process_phase(msre_ruleset *ruleset, modsec_rec *msr)
          */
         if (mode == SKIP_RULES) {
             /* Go to the next rule if we have not yet hit the skip_after ID */
+
             if ((rule->placeholder == RULE_PH_NONE) || (rule->actionset->id == NULL) || (strcmp(skip_after, rule->actionset->id) != 0)) {
-                if (msr->txcfg->debuglog_level >= 9) {
-                    if (rule->chain_starter != NULL) {
-                        msr_log(msr, 9, "Skipping chain rule %pp id=\"%s\" until after id=\"%s\"", rule, (rule->chain_starter->actionset->id ? rule->chain_starter->actionset->id : "(none)"), skip_after);
 
-                    }
+                if(i-1 >=0)
-                    else {
+                    last_rule = rules[i-1];
-                        msr_log(msr, 9, "Skipping rule %pp id=\"%s\" until after id=\"%s\"", rule, (rule->actionset->id ? rule->actionset->id : "(none)"), skip_after);
+                else
+                    last_rule = rules[0];
 
+                if((last_rule != NULL) && (last_rule->actionset != NULL) && last_rule->actionset->is_chained && (saw_starter == 1)) {
+                    mode = NEXT_RULE;
+                    skipped = 1;
+                    --i;
+                } else {
+                    mode = SKIP_RULES;
+                    skipped = 0;
+                    saw_starter = 0;
+
+                    if (msr->txcfg->debuglog_level >= 9) {
+                        msr_log(msr, 9, "Current rule is id=\"%s\" [chained %d] is trying to find the SecMarker=\"%s\" [stater %d]",rule->actionset->id,last_rule->actionset->is_chained,skip_after,saw_starter);
                     }
+
                 }
+
                 continue;
             }
+
             if (msr->txcfg->debuglog_level >= 9) {
                 msr_log(msr, 9, "Found rule %pp id=\"%s\".", rule, skip_after);
             }
@@ -925,6 +942,8 @@ apr_status_t msre_ruleset_process_phase(msre_ruleset *ruleset, modsec_rec *msr)
                 msr_log(msr, 4, "Continuing execution after rule id=\"%s\".", skip_after);
             }
 
+            saw_starter = 0;
+            skipped = 0;
             skip_after = NULL;
             mode = NEXT_RULE;
             continue;
@@ -1004,6 +1023,8 @@ apr_status_t msre_ruleset_process_phase(msre_ruleset *ruleset, modsec_rec *msr)
                         mode = NEXT_CHAIN;
                     }
 
+                    skipped = 0;
+                    saw_starter = 0;
                     continue;
                 }
         }
@@ -1063,6 +1084,9 @@ apr_status_t msre_ruleset_process_phase(msre_ruleset *ruleset, modsec_rec *msr)
                     msr_log(msr, 9, "No match, not chained -> mode NEXT_RULE.");
                 }
             }
+
+            skipped = 0;
+            saw_starter = 0;
         }
         else if (rc == RULE_MATCH) {
             if (msr->rule_was_intercepted) {
@@ -1074,12 +1098,36 @@ apr_status_t msre_ruleset_process_phase(msre_ruleset *ruleset, modsec_rec *msr)
                 if (msr->txcfg->debuglog_level >= 9) {
                     msr_log(msr, 9, "Match, intercepted -> returning.");
                 }
+
+                if(i-1 >= 0)
+                    last_rule = rules[i-1];
+                else
+                    last_rule = rules[0];
+
+                if((last_rule != NULL) && (last_rule->actionset != NULL) && last_rule->actionset->is_chained) {
+
+                    int st = 0;
+
+                    for(st=i;st>=0;st--)  {
+
+                        rule_starter = rules[st];
+
+                        if(rule_starter != NULL && rule_starter->chain_starter != NULL)    {
+                            if((msr != NULL) && (msr->intercept_actionset != NULL) && (rule_starter->actionset != NULL))
+                                msr->intercept_actionset->intercept_uri = rule_starter->actionset->intercept_uri;
+                            break;
+                        }
+                    }
+
+                }
+
                 return 1;
             }
 
             if (rule->actionset->skip_after != NULL) {
                 skip_after = rule->actionset->skip_after;
                 mode = SKIP_RULES;
+                saw_starter = 1;
 
                 if (msr->txcfg->debuglog_level >= 9) {
                     msr_log(msr, 9, "Skipping after rule %pp id=\"%s\" -> mode SKIP_RULES.", rule, skip_after);
@@ -1088,6 +1136,11 @@ apr_status_t msre_ruleset_process_phase(msre_ruleset *ruleset, modsec_rec *msr)
                 continue;
             }
 
+            if(skipped == 1)    {
+                mode = SKIP_RULES;
+                continue;
+            }
+
             /* We had a match but the transaction was not
              * intercepted. In that case we proceed with the
              * next rule...

apache2/re.h

@@ -1,6 +1,6 @@
 /*
  * ModSecurity for Apache 2.x, http://www.modsecurity.org/
- * Copyright (c) 2004-2010 Breach Security, Inc. (http://www.breach.com/)
+ * Copyright (c) 2004-2010 Trustwave Holdings, Inc. (http://www.trustwave.com/)
  *
  * This product is released under the terms of the General Public Licence,
  * version 2 (GPLv2). Please refer to the file LICENSE (included with this
@@ -12,8 +12,8 @@
  * distribution.
  *
  * If any of the files related to licensing are missing or if you have any
- * other questions related to licensing please contact Breach Security, Inc.
+ * other questions related to licensing please contact Trustwave Holdings, Inc.
- * directly using the email address support@breach.com.
+ * directly using the email address support@trustwave.com.
  *
  */
 #ifndef _MSC_RE_H_

apache2/re_actions.c

@@ -1,6 +1,6 @@
 /*
  * ModSecurity for Apache 2.x, http://www.modsecurity.org/
- * Copyright (c) 2004-2008 Breach Security, Inc. (http://www.breach.com/)
+ * Copyright (c) 2004-2008 Trustwave Holdings, Inc. (http://www.trustwave.com/)
  *
  * This product is released under the terms of the General Public Licence,
  * version 2 (GPLv2). Please refer to the file LICENSE (included with this
@@ -12,8 +12,8 @@
  * distribution.
  *
  * If any of the files related to licensing are missing or if you have any
- * other questions related to licensing please contact Breach Security, Inc.
+ * other questions related to licensing please contact Trustwave Holdings, Inc.
- * directly using the email address support@breach.com.
+ * directly using the email address support@trustwave.com.
  *
  */
 #include "re.h"
@@ -1212,35 +1212,19 @@ static apr_status_t msre_action_setenv_execute(modsec_rec *msr, apr_pool_t *mptm
 }
 
 /* setvar */
-static apr_status_t msre_action_setvar_execute(modsec_rec *msr, apr_pool_t *mptmp,
+apr_status_t msre_action_setvar_execute(modsec_rec *msr, apr_pool_t *mptmp,
-    msre_rule *rule, msre_action *action)
+    msre_rule *rule, char *var_name, char *var_value)
 {
-    char *data = apr_pstrdup(mptmp, action->param);
+    char *col_name = NULL;
-    char *col_name = NULL, *var_name = NULL, *var_value = NULL;
     char *s = NULL;
     apr_table_t *target_col = NULL;
     int is_negated = 0;
     msc_string *var = NULL;
 
-    /* Extract the name and the value. */
-    /* IMP1 We have a function for this now, parse_name_eq_value? */
-    s = strstr(data, "=");
-    if (s == NULL) {
-        var_name = data;
-        var_value = "1";
-    } else {
-        var_name = data;
-        var_value = s + 1;
-        *s = '\0';
-
-        while ((*var_value != '\0')&&(isspace(*var_value))) var_value++;
-    }
-
     if (msr->txcfg->debuglog_level >= 9) {
         msr_log(msr, 9, "Setting variable: %s=%s", var_name, var_value);
     }
 
-
     /* Expand and escape any macros in the name */
     var = apr_palloc(msr->mp, sizeof(msc_string));
     if (var == NULL) {
@@ -1386,6 +1370,42 @@ static apr_status_t msre_action_setvar_execute(modsec_rec *msr, apr_pool_t *mptm
     return 1;
 }
 
+/*
+* \brief Parse fuction for setvar input
+*
+* \param msr Pointer to the engine
+* \param mptmp Pointer to the pool
+* \param rule Pointer to rule struct
+* \param action input data
+*
+* \retval -1 On failure
+* \retval 0 On Collection failure
+* \retval 1 On Success
+*/
+static apr_status_t msre_action_setvar_parse(modsec_rec *msr, apr_pool_t *mptmp,
+    msre_rule *rule, msre_action *action)
+{
+    char *data = apr_pstrdup(mptmp, action->param);
+    char *var_name = NULL, *var_value = NULL;
+    char *s = NULL;
+
+    /* Extract the name and the value. */
+    /* IMP1 We have a function for this now, parse_name_eq_value? */
+    s = strstr(data, "=");
+    if (s == NULL) {
+        var_name = data;
+        var_value = "1";
+    } else {
+        var_name = data;
+        var_value = s + 1;
+        *s = '\0';
+
+        while ((*var_value != '\0')&&(isspace(*var_value))) var_value++;
+    }
+
+    return msre_action_setvar_execute(msr,mptmp,rule,var_name,var_value);
+}
+
 /* expirevar */
 static apr_status_t msre_action_expirevar_execute(modsec_rec *msr, apr_pool_t *mptmp,
     msre_rule *rule, msre_action *action)
@@ -2388,7 +2408,7 @@ void msre_engine_register_default_actions(msre_engine *engine) {
         ACTION_CGROUP_NONE,
         NULL,
         NULL,
-        msre_action_setvar_execute
+        msre_action_setvar_parse
     );
 
     /* expirevar */

apache2/re_operators.c

@@ -1,6 +1,6 @@
 /*
  * ModSecurity for Apache 2.x, http://www.modsecurity.org/
- * Copyright (c) 2004-2010 Breach Security, Inc. (http://www.breach.com/)
+ * Copyright (c) 2004-2010 Trustwave Holdings, Inc. (http://www.trustwave.com/)
  *
  * This product is released under the terms of the General Public Licence,
  * version 2 (GPLv2). Please refer to the file LICENSE (included with this
@@ -12,8 +12,8 @@
  * distribution.
  *
  * If any of the files related to licensing are missing or if you have any
- * other questions related to licensing please contact Breach Security, Inc.
+ * other questions related to licensing please contact Trustwave Holdings, Inc.
- * directly using the email address support@breach.com.
+ * directly using the email address support@trustwave.com.
  *
  */
 #include "re.h"
@@ -155,9 +155,12 @@ static int msre_op_rx_execute(modsec_rec *msr, msre_rule *rule, msre_var *var, c
         apr_table_setn(msr->tx_vars, s->name, (void *)s);
 
         *error_msg = apr_psprintf(msr->mp,
-                                  "Rule execution error - "
+                                  "Rule %pp [id \"%s\"][file \"%s\"][line \"%d\"] - "
+                                  "Execution error - "
                                   "PCRE limits exceeded (%d): %s",
-                                  rc, my_error_msg);
+                                  rule,((rule->actionset != NULL)&&(rule->actionset->id != NULL)) ? rule->actionset->id : "-",
+                                  rule->filename != NULL ? rule->filename : "-",
+                                  rule->line_num,rc, my_error_msg);
 
         msr_log(msr, 3, "%s.", *error_msg);
 

apache2/re_tfns.c

@@ -1,6 +1,6 @@
 /*
  * ModSecurity for Apache 2.x, http://www.modsecurity.org/
- * Copyright (c) 2004-2010 Breach Security, Inc. (http://www.breach.com/)
+ * Copyright (c) 2004-2010 Trustwave Holdings, Inc. (http://www.trustwave.com/)
  *
  * This product is released under the terms of the General Public Licence,
  * version 2 (GPLv2). Please refer to the file LICENSE (included with this
@@ -12,8 +12,8 @@
  * distribution.
  *
  * If any of the files related to licensing are missing or if you have any
- * other questions related to licensing please contact Breach Security, Inc.
+ * other questions related to licensing please contact Trustwave Holdings, Inc.
- * directly using the email address support@breach.com.
+ * directly using the email address support@trustwave.com.
  *
  */
 #include <ctype.h>
@@ -572,6 +572,28 @@ static int msre_fn_parityOdd7bit_execute(apr_pool_t *mptmp, unsigned char *input
     return changed;
 }
 
+/*
+* \brief Base64 transformation function based on RFC2045
+*
+* \param mptmp Pointer to resource poil
+* \param input Pointer to input data
+* \param input_len Input data length
+* \param rval Pointer to decoded buffer
+* \param rval_len Decoded buffer length
+*
+* \retval 0 On failure
+* \retval 1 On Success
+*/
+static int msre_fn_decodeBase64Ext_execute(apr_pool_t *mptmp, unsigned char *input, long int input_len, char **rval, long int *rval_len)
+{
+    *rval_len = input_len;
+    *rval = apr_palloc(mptmp, *rval_len);
+    *rval_len = decode_base64_ext(*rval, (const char *)input, input_len);
+
+    return *rval_len ? 1 : 0;
+}
+
+
 /* ------------------------------------------------------------------------------ */
 
 /**
@@ -787,4 +809,11 @@ void msre_engine_register_default_tfns(msre_engine *engine) {
         "urlEncode",
         msre_fn_urlEncode_execute
     );
+
+    /* decodeBase64Ext */
+    msre_engine_tfn_register(engine,
+        "decodeBase64Ext",
+        msre_fn_decodeBase64Ext_execute
+    );
+
 }

apache2/re_variables.c

@@ -1,6 +1,6 @@
 /*
  * ModSecurity for Apache 2.x, http://www.modsecurity.org/
- * Copyright (c) 2004-2010 Breach Security, Inc. (http://www.breach.com/)
+ * Copyright (c) 2004-2010 Trustwave Holdings, Inc. (http://www.trustwave.com/)
  *
  * This product is released under the terms of the General Public Licence,
  * version 2 (GPLv2). Please refer to the file LICENSE (included with this
@@ -12,8 +12,8 @@
  * distribution.
  *
  * If any of the files related to licensing are missing or if you have any
- * other questions related to licensing please contact Breach Security, Inc.
+ * other questions related to licensing please contact Trustwave Holdings, Inc.
- * directly using the email address support@breach.com.
+ * directly using the email address support@trustwave.com.
  *
  */
 #include "http_core.h"

apache2/utf8tables.h

@@ -1,6 +1,6 @@
 /*
  * ModSecurity for Apache 2.x, http://www.modsecurity.org/
- * Copyright (c) 2004-2010 Breach Security, Inc. (http://www.breach.com/)
+ * Copyright (c) 2004-2010 Trustwave Holdings, Inc. (http://www.trustwave.com/)
  *
  * This product is released under the terms of the General Public Licence,
  * version 2 (GPLv2). Please refer to the file LICENSE (included with this
@@ -12,8 +12,8 @@
  * distribution.
  *
  * If any of the files related to licensing are missing or if you have any
- * other questions related to licensing please contact Breach Security, Inc.
+ * other questions related to licensing please contact Trustwave Holdings, Inc.
- * directly using the email address support@breach.com.
+ * directly using the email address support@trustwave.com.
  *
  */
 #ifndef UTF8TABLES_H_

ext/mod_op_strstr.c

@@ -1,6 +1,6 @@
 /*
  * ModSecurity for Apache 2.x, http://www.modsecurity.org/
- * Copyright (c) 2004-2010 Breach Security, Inc. (http://www.breach.com/)
+ * Copyright (c) 2004-2010 Trustwave Holdings, Inc. (http://www.trustwave.com/)
  *
  * This product is released under the terms of the General Public Licence,
  * version 2 (GPLv2). Please refer to the file LICENSE (included with this
@@ -12,8 +12,8 @@
  * distribution.
  *
  * If any of the files related to licensing are missing or if you have any
- * other questions related to licensing please contact Breach Security, Inc.
+ * other questions related to licensing please contact Trustwave Holdings, Inc.
- * directly using the email address support@breach.com.
+ * directly using the email address support@trustwave.com.
  *
  */
 

ext/mod_reqbody_example.c

@@ -1,6 +1,6 @@
 /*
  * ModSecurity for Apache 2.x, http://www.modsecurity.org/
- * Copyright (c) 2004-2010 Breach Security, Inc. (http://www.breach.com/)
+ * Copyright (c) 2004-2010 Trustwave Holdings, Inc. (http://www.trustwave.com/)
  *
  * This product is released under the terms of the General Public Licence,
  * version 2 (GPLv2). Please refer to the file LICENSE (included with this
@@ -12,8 +12,8 @@
  * distribution.
  *
  * If any of the files related to licensing are missing or if you have any
- * other questions related to licensing please contact Breach Security, Inc.
+ * other questions related to licensing please contact Trustwave Holdings, Inc.
- * directly using the email address support@breach.com.
+ * directly using the email address support@trustwave.com.
  *
  */
 

ext/mod_tfn_reverse.c

@@ -1,6 +1,6 @@
 /*
  * ModSecurity for Apache 2.x, http://www.modsecurity.org/
- * Copyright (c) 2004-2010 Breach Security, Inc. (http://www.breach.com/)
+ * Copyright (c) 2004-2010 Trustwave Holdings, Inc. (http://www.trustwave.com/)
  *
  * This product is released under the terms of the General Public Licence,
  * version 2 (GPLv2). Please refer to the file LICENSE (included with this
@@ -12,8 +12,8 @@
  * distribution.
  *
  * If any of the files related to licensing are missing or if you have any
- * other questions related to licensing please contact Breach Security, Inc.
+ * other questions related to licensing please contact Trustwave Holdings, Inc.
- * directly using the email address support@breach.com.
+ * directly using the email address support@trustwave.com.
  *
  */
 

ext/mod_var_remote_addr_port.c

@@ -1,6 +1,6 @@
 /*
  * ModSecurity for Apache 2.x, http://www.modsecurity.org/
- * Copyright (c) 2004-2010 Breach Security, Inc. (http://www.breach.com/)
+ * Copyright (c) 2004-2010 Trustwave Holdings, Inc. (http://www.trustwave.com/)
  *
  * This product is released under the terms of the General Public Licence,
  * version 2 (GPLv2). Please refer to the file LICENSE (included with this
@@ -12,8 +12,8 @@
  * distribution.
  *
  * If any of the files related to licensing are missing or if you have any
- * other questions related to licensing please contact Breach Security, Inc.
+ * other questions related to licensing please contact Trustwave Holdings, Inc.
- * directly using the email address support@breach.com.
+ * directly using the email address support@trustwave.com.
  *
  */
 

mlogc/mlogc-batch-load.pl.in

@@ -1,7 +1,7 @@
 #!@PERL@
 #
 # ModSecurity for Apache 2.x, http://www.modsecurity.org/
-# Copyright (c) 2004-2009 Breach Security, Inc. (http://www.breach.com/)
+# Copyright (c) 2004-2009 Trustwave Holdings, Inc. (http://www.trustwave.com/)
 #
 # This product is released under the terms of the General Public Licence,
 # version 2 (GPLv2). Please refer to the file LICENSE (included with this
@@ -13,8 +13,8 @@
 # distribution.
 #
 # If any of the files related to licensing are missing or if you have any
-# other questions related to licensing please contact Breach Security, Inc.
+# other questions related to licensing please contact Trustwave Holdings, Inc.
-# directly using the email address support@breach.com.
+# directly using the email address support@trustwave.com.
 #
 
 use strict;

mlogc/mlogc.c

@@ -1,6 +1,6 @@
 /*
  * ModSecurity for Apache 2.x, http://www.modsecurity.org/
- * Copyright (c) 2004-2009 Breach Security, Inc. (http://www.breach.com/)
+ * Copyright (c) 2004-2009 Trustwave Holdings, Inc. (http://www.trustwave.com/)
  *
  * This product is released under the terms of the General Public Licence,
  * version 2 (GPLv2). Please refer to the file LICENSE (included with this
@@ -12,8 +12,8 @@
  * distribution.
  *
  * If any of the files related to licensing are missing or if you have any
- * other questions related to licensing please contact Breach Security, Inc.
+ * other questions related to licensing please contact Trustwave Holdings, Inc.
- * directly using the email address support@breach.com.
+ * directly using the email address support@trustwave.com.
  *
  */
 
@@ -1522,7 +1522,7 @@ static void * APR_THREAD_FUNC thread_worker(apr_thread_t *thread, void *data)
 
                 if (finfo.size == 0) {
                     error_log(LOG_WARNING, thread,
-                              "File found (%" APR_SIZE_T_FMT
+                              "File found (%" APR_OFF_T_FMT
                               " bytes), skipping.", finfo.size);
                     take_new = 1;
                     nodelay = 1;
@@ -1530,7 +1530,7 @@ static void * APR_THREAD_FUNC thread_worker(apr_thread_t *thread, void *data)
                 }
                 else {
                     error_log(LOG_DEBUG, thread,
-                              "File found (%" APR_SIZE_T_FMT
+                              "File found (%" APR_OFF_T_FMT
                               " bytes), activating cURL.", finfo.size);
                 }
 

tests/msc_test.c

@@ -1,6 +1,6 @@
 /*
  * ModSecurity for Apache 2.x, http://www.modsecurity.org/
- * Copyright (c) 2004-2010 Breach Security, Inc. (http://www.breach.com/)
+ * Copyright (c) 2004-2010 Trustwave Holdings, Inc. (http://www.trustwave.com/)
  *
  * This product is released under the terms of the General Public Licence,
  * version 2 (GPLv2). Please refer to the file LICENSE (included with this
@@ -12,8 +12,8 @@
  * distribution.
  *
  * If any of the files related to licensing are missing or if you have any
- * other questions related to licensing please contact Breach Security, Inc.
+ * other questions related to licensing please contact Trustwave Holdings, Inc.
- * directly using the email address support@breach.com.
+ * directly using the email address support@trustwave.com.
  *
  */
 #include <apr.h>