From 72f632e9b6b2e63677cfba7e62a47efb87c90b48 Mon Sep 17 00:00:00 2001 From: Daniel Stelter-Gliese Date: Wed, 2 Mar 2016 11:00:40 +0100 Subject: [PATCH] Avoid additional operator invokation if last transform of a multimatch doesn't modify the input Fixes #1086 --- CHANGES | 3 +++ apache2/re.c | 7 +++++-- 2 files changed, 8 insertions(+), 2 deletions(-) diff --git a/CHANGES b/CHANGES index 06834b6d..db69765a 100644 --- a/CHANGES +++ b/CHANGES @@ -1,6 +1,9 @@ DD MMM YYYY - 2.9.2 - To be released ------------------------------------ + * Avoid additional operator invokation if last transform of a multimatch + doesn't modify the input + [Issue #1086, #1087 - Daniel Stelter-Gliese] * Adds a sanity check before use ctl:ruleRemoveTargetByTag. [Issue #1353 - @LukeP21 and @zimmerle] * Uses an optional global lock while manipulating collections. diff --git a/apache2/re.c b/apache2/re.c index 83f4d59a..abc6e4d5 100644 --- a/apache2/re.c +++ b/apache2/re.c @@ -2872,7 +2872,10 @@ static apr_status_t msre_rule_process_normal(msre_rule *rule, modsec_rec *msr) { arr = apr_table_elts(tartab); te = (apr_table_entry_t *)arr->elts; for (i = 0; i < arr->nelts; i++) { + /* Variable was modified by *any* transformation */ int changed; + /* Variable was modified by *last applied* transformation (needed by multimatch) */ + int tfnchanged; int usecache = 0; apr_table_t *cachetab = NULL; apr_time_t time_before_trans = 0; @@ -2995,8 +2998,8 @@ static apr_status_t msre_rule_process_normal(msre_rule *rule, modsec_rec *msr) { apr_table_t *normtab; const char *lastvarval = NULL; apr_size_t lastvarlen = 0; - int tfnchanged = 0; + tfnchanged = 0; changed = 0; normtab = apr_table_make(mptmp, 10); if (normtab == NULL) return -1; @@ -3278,7 +3281,7 @@ static apr_status_t msre_rule_process_normal(msre_rule *rule, modsec_rec *msr) { * or if it is and we need to process the result of the * last transformation. */ - if (!multi_match || changed) { + if (!multi_match || tfnchanged) { invocations++; #if defined(PERFORMANCE_MEASUREMENT)