github_mirrors/ModSecurity
3
0
Fork 1
mirror of https://github.com/owasp-modsecurity/ModSecurity.git synced 2026-01-14 23:47:11 +03:00
Code Issues Packages Projects Releases Wiki Activity

Added PCRE limits and studying by default to help alleviate REDoS reported by Sogeti/ESEC R&D (MODSEC-119).

Browse Source
This commit is contained in:
b1v1r
2010-02-05 18:09:19 +00:00
parent d66760d09c
commit 589274903d
13 changed files with 544 additions and 114 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
apache2/msc_test.c
View File

@@ -80,7 +80,8 @@ static apr_pool_t *g_mp = NULL;
static modsec_rec *g_msr = NULL;
static unsigned char buf[BUFLEN];
msc_engine *modsecurity = NULL;
unsigned long int DSOLOCAL msc_pcre_match_limit = 0;
unsigned long int DSOLOCAL msc_pcre_match_limit_recursion = 0;
/* Stubs */
char *format_error_log_message(apr_pool_t *mp, error_message *em) {
@@ -772,7 +773,7 @@ int main(int argc, const char * const argv[])
result = RESULT_WRONGRET;
}
else if (param_len != out_len) {
fprintf(stderr, "Lenth %" APR_SIZE_T_FMT " (expected %" APR_SIZE_T_FMT ")\n", out_len, param_len);
fprintf(stderr, "Length %" APR_SIZE_T_FMT " (expected %" APR_SIZE_T_FMT ")\n", out_len, param_len);
result = RESULT_WRONGSIZE;
}
else {