github_mirrors/ModSecurity
3
0
Fork 1
mirror of https://github.com/owasp-modsecurity/ModSecurity.git synced 2025-09-29 11:16:33 +03:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #3099 from twouters/bugfix/3082

Browse Source 
Fix possible segfault in collection_unpack
This commit is contained in:
Ervin Hegedus 2024-03-03 19:10:19 +01:00 committed by GitHub
commit 788c36d343
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
2 changed files with 4 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
CHANGES
View File

@ -1,6 +1,8 @@
DD mmm YYYY - 2.9.x (to be released) DD mmm YYYY - 2.9.x (to be released)
------------------- -------------------
* Fix possible segfault in collection_unpack
[Issue #3072 - @twouters]
* Set the minimum security protocol version for SecRemoteRules * Set the minimum security protocol version for SecRemoteRules
[Issue security/code-scanning/2 - @airween] [Issue security/code-scanning/2 - @airween]
* Allow lua version 5.4 * Allow lua version 5.4

4
apache2/persist_dbm.c
View File

@ -59,7 +59,7 @@ static apr_table_t *collection_unpack(modsec_rec *msr, const unsigned char *blob
} }
blob_offset += 2; blob_offset += 2;
if (blob_offset + var->name_len > blob_size) return NULL; if (var->name_len < 1 || blob_offset + var->name_len > blob_size) return NULL;
var->name = apr_pstrmemdup(msr->mp, (const char *)blob + blob_offset, var->name_len - 1); var->name = apr_pstrmemdup(msr->mp, (const char *)blob + blob_offset, var->name_len - 1);
blob_offset += var->name_len; blob_offset += var->name_len;
var->name_len--; var->name_len--;
@ -67,7 +67,7 @@ static apr_table_t *collection_unpack(modsec_rec *msr, const unsigned char *blob
var->value_len = (blob[blob_offset] << 8) + blob[blob_offset + 1]; var->value_len = (blob[blob_offset] << 8) + blob[blob_offset + 1];
blob_offset += 2; blob_offset += 2;
if (blob_offset + var->value_len > blob_size) return NULL; if (var->value_len < 1 || blob_offset + var->value_len > blob_size) return NULL;
var->value = apr_pstrmemdup(msr->mp, (const char *)blob + blob_offset, var->value_len - 1); var->value = apr_pstrmemdup(msr->mp, (const char *)blob + blob_offset, var->value_len - 1);
blob_offset += var->value_len; blob_offset += var->value_len;
var->value_len--; var->value_len--;