MODSEC-148 fix issues

apache2/msc_util.c

@@ -154,6 +154,25 @@ int decode_base64_ext(char *plain_text, const char *input, int input_len)
     return j;
 }
 
+/* \brief Convert const char to int
+*
+* \param c number string
+*
+* \retval n The converted number
+*/
+int convert_to_int(const char c)
+{
+   int n;
+   if ((c>='0') && (c<='9'))
+      n = c - '0';
+   else if ((c>='A') && (c<='F'))
+      n = c - 'A' + 10;
+   else if ((c>='a') && (c<='f'))
+      n = c - 'a' + 10;
+   else
+      n = 0;
+   return n;
+}
 
 /**
  * Parses a string that contains a name-value pair in the form "name=value".

apache2/msc_util.h

@@ -92,6 +92,8 @@ char DSOLOCAL *_log_escape(apr_pool_t *p, const unsigned char *input,
 
 int DSOLOCAL decode_base64_ext(char *plain_text, const char *input, int input_len);
 
+int DSOLOCAL convert_to_int(const char c);
+
 int DSOLOCAL js_decode_nonstrict_inplace(unsigned char *input, long int input_len);
 
 int DSOLOCAL urldecode_uni_nonstrict_inplace_ex(unsigned char *input, long int input_length, int * changed);

apache2/re_operators.c

@@ -1252,7 +1252,7 @@ static int ssn_verify(const char *ssnumber, int len, msre_rule *rule) {
 
     for (i = 0; i < len; i++) {
         if (apr_isdigit(ssnumber[i])) {
-                num[i] = intval(ssnumber[i]);
+                num[i] = convert_to_int(ssnumber[i]);
                 digits++;
         }
     }