fix for issues in ssn_verify such as infinite loop.

2025-08-14 13:56:01 +03:00 · 2012-11-12 16:56:09 -08:00 · 2012-11-12 16:56:09 -08:00 · 7beb244df3
commit 7beb244df3
parent d7280c61f0
1 changed files with 11 additions and 16 deletions
--- a/apache2/re_operators.c
+++ b/apache2/re_operators.c
@ -3170,15 +3170,15 @@ static int ssn_verify(modsec_rec *msr, const char *ssnumber, int len) {
    int area, serial, grp;
    int sequencial = 0;
    int repetitions = 0;
-    int progression = 0;
    char *str_area;
    char *str_grp;
    char *str_serial;

    for (i = 0; i < len; i++) {
        if (apr_isdigit(ssnumber[i])) {
-                num[i] = convert_to_int(ssnumber[i]);
-                digits++;
+            if (digits < 9)
+                num[digits] = convert_to_int(ssnumber[i]);
+            digits++;
        }
    }

@ -3186,24 +3186,19 @@ static int ssn_verify(modsec_rec *msr, const char *ssnumber, int len) {
    if (digits != 9)
        goto invalid;

-    digits = 0;
+    for (i=0; i < 8; i++)   {
+        if (num[i] == (num[i+1]-1))
+            sequencial++;

-    for (i=0; i < len-1; i++)   {
-        progression = (num[i] - (num[i+1]-1));
-        repetitions = (num[i] - num[i+1]);
-
-        if (repetitions != 0 )
-            sequencial = 1;
-
-        if (progression == 0)
-            digits++;
+        if (num[i] == num[i+1])
+            repetitions++;
    }

-    /* We are blocking when all numbers were repeated */
-    if (sequencial == 0)
+    /* We are blocking when all numbers were sequencial or repeated */
+    if (sequencial == 8)
        goto invalid;

-    if (digits == 8)
+    if (repetitions == 8)
        goto invalid;

    str_area = apr_psprintf(msr->mp,"%d%d%d",num[0],num[1],num[2]);