github_mirrors/ModSecurity
3
0
Fork 1
mirror of https://github.com/owasp-modsecurity/ModSecurity.git synced 2025-08-15 23:55:03 +03:00
Code Issues Packages Projects Releases Wiki Activity

MODSEC-142

Browse Source
This commit is contained in:
brenosilva 2011-07-22 13:22:30 +00:00
parent 77c4c70f57
commit 5cacf63b3e
1 changed files with 45 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

37
apache2/re_operators.c
View File

@ -488,6 +488,7 @@ static int msre_op_rx_param_init(msre_rule *rule, char **error_msg) {
*error_msg = NULL; *error_msg = NULL;
/* Compile pattern */ /* Compile pattern */
if(strstr(pattern,"%{") == NULL) {
regex = msc_pregcomp_ex(rule->ruleset->mp, pattern, PCRE_DOTALL | PCRE_DOLLAR_ENDONLY, &errptr, &erroffset, msc_pcre_match_limit, msc_pcre_match_limit_recursion); regex = msc_pregcomp_ex(rule->ruleset->mp, pattern, PCRE_DOTALL | PCRE_DOLLAR_ENDONLY, &errptr, &erroffset, msc_pcre_match_limit, msc_pcre_match_limit_recursion);
if (regex == NULL) { if (regex == NULL) {
*error_msg = apr_psprintf(rule->ruleset->mp, "Error compiling pattern (offset %d): %s", *error_msg = apr_psprintf(rule->ruleset->mp, "Error compiling pattern (offset %d): %s",
@ -496,13 +497,21 @@ static int msre_op_rx_param_init(msre_rule *rule, char **error_msg) {
} }
rule->op_param_data = regex; rule->op_param_data = regex;
} else {
rule->re_precomp = 1;
rule->re_str = apr_pstrndup(rule->ruleset->mp, pattern, strlen(pattern));
rule->op_param_data = NULL;
}
return 1; /* OK */ return 1; /* OK */
} }
static int msre_op_rx_execute(modsec_rec *msr, msre_rule *rule, msre_var *var, char **error_msg) { static int msre_op_rx_execute(modsec_rec *msr, msre_rule *rule, msre_var *var, char **error_msg) {
msc_regex_t *regex = (msc_regex_t *)rule->op_param_data; msc_regex_t *regex = (msc_regex_t *)rule->op_param_data;
msc_string *re_pattern = (msc_string *)apr_pcalloc(msr->mp, sizeof(msc_string));
const char *target; const char *target;
const char *errptr = NULL;
int erroffset;
unsigned int target_length; unsigned int target_length;
char *my_error_msg = NULL; char *my_error_msg = NULL;
int ovector[33]; int ovector[33];
@ -511,15 +520,41 @@ static int msre_op_rx_execute(modsec_rec *msr, msre_rule *rule, msre_var *var, c
int matched = 0; int matched = 0;
int rc; int rc;
char *qspos = NULL; char *qspos = NULL;
const char *parm = NULL; const char *parm = NULL, *pattern = NULL;
msc_parm *mparm = NULL; msc_parm *mparm = NULL;
if (error_msg == NULL) return -1; if (error_msg == NULL) return -1;
*error_msg = NULL; *error_msg = NULL;
if (regex == NULL) { if (regex == NULL) {
if(rule->re_precomp == 0) {
*error_msg = "Internal Error: regex data is null."; *error_msg = "Internal Error: regex data is null.";
return -1; return -1;
} else {
if(re_pattern == NULL) {
*error_msg = "Internal Error: regex variable data is null.";
return -1;
}
re_pattern->value = apr_pstrndup(msr->mp, rule->re_str, strlen(rule->re_str));
re_pattern->value_len = strlen(re_pattern->value);
expand_macros(msr, re_pattern, rule, msr->mp);
pattern = log_escape_re(msr->mp, re_pattern->value);
if (msr->txcfg->debuglog_level >= 6) {
msr_log(msr, 6, "Escaping pattern [%s]",pattern);
}
regex = msc_pregcomp_ex(rule->ruleset->mp, pattern, PCRE_DOTALL | PCRE_DOLLAR_ENDONLY, &errptr, &erroffset, msc_pcre_match_limit, msc_pcre_match_limit_recursion);
if (regex == NULL) {
*error_msg = apr_psprintf(rule->ruleset->mp, "Error compiling pattern (offset %d): %s",
erroffset, errptr);
return 0;
}
}
} }
/* If the given target is null run against an empty /* If the given target is null run against an empty