From 0d5a8dec2af8ac230cb12975500ec55a0992b0e5 Mon Sep 17 00:00:00 2001
From: Marc Stern <marc.stern@approach.be>
Date: Fri, 11 Aug 2023 17:41:04 +0200
Subject: [PATCH 1/3] Compatibility with libyajl decoding the buffer inline

---
 apache2/msc_json.c | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/apache2/msc_json.c b/apache2/msc_json.c
index 17f938b6..f80fc18d 100644
--- a/apache2/msc_json.c
+++ b/apache2/msc_json.c
@@ -354,7 +354,9 @@ int json_init(modsec_rec *msr, char **error_msg) {
 int json_process_chunk(modsec_rec *msr, const char *buf, unsigned int size, char **error_msg) {
     if (error_msg == NULL) return -1;
     *error_msg = NULL;
-    base_offset=buf;
+    // Take a copy in case libyajl decodes the buffer inline
+    base_offset = apr_pstrmemdup(msr->mp, buf, size);
+    if (!base_offset) return -1;
 
     /* Feed our parser and catch any errors */
     msr->json->status = yajl_parse(msr->json->handle, buf, size);

From 1a552bcc5d33a2c75a66d5b05928dd10947fb1fd Mon Sep 17 00:00:00 2001
From: Marc Stern <marc.stern@approach-cyber.com>
Date: Fri, 18 Aug 2023 16:47:00 +0200
Subject: [PATCH 2/3] Update msc_json.c

---
 apache2/msc_json.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/apache2/msc_json.c b/apache2/msc_json.c
index f80fc18d..16a2fa10 100644
--- a/apache2/msc_json.c
+++ b/apache2/msc_json.c
@@ -359,7 +359,7 @@ int json_process_chunk(modsec_rec *msr, const char *buf, unsigned int size, char
     if (!base_offset) return -1;
 
     /* Feed our parser and catch any errors */
-    msr->json->status = yajl_parse(msr->json->handle, buf, size);
+    msr->json->status = yajl_parse(msr->json->handle, (unsigned char*)base_offset, size);
     if (msr->json->status != yajl_status_ok) {
 	if (msr->json->depth_limit_exceeded) {
            *error_msg = "JSON depth limit exceeded";

From ea1d78c80e327e8c9ddb6d99468e3dc60e40c8b0 Mon Sep 17 00:00:00 2001
From: Marc Stern <marc.stern@approach-cyber.com>
Date: Fri, 18 Aug 2023 16:48:25 +0200
Subject: [PATCH 3/3] Update msc_json.c

---
 apache2/msc_json.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/apache2/msc_json.c b/apache2/msc_json.c
index 16a2fa10..e9d0c99d 100644
--- a/apache2/msc_json.c
+++ b/apache2/msc_json.c
@@ -364,7 +364,7 @@ int json_process_chunk(modsec_rec *msr, const char *buf, unsigned int size, char
 	if (msr->json->depth_limit_exceeded) {
            *error_msg = "JSON depth limit exceeded";
 	} else {
-           char *yajl_err = yajl_get_error(msr->json->handle, 0, buf, size);
+           char *yajl_err = yajl_get_error(msr->json->handle, 0, base_offset, size);
            *error_msg = apr_pstrdup(msr->mp, yajl_err);
            yajl_free_error(msr->json->handle, yajl_err);
 	}