github_mirrors/ModSecurity
3
0
Fork 1
mirror of https://github.com/owasp-modsecurity/ModSecurity.git synced 2025-08-17 22:56:18 +03:00
Code Issues Packages Projects Releases Wiki Activity

validateByteRange: correctly handle bytes > 127

Browse Source 
ValidateByteRange::evaluate compared bytes with values in
range [0-255], but acquired bytes by indexing std::string,
which gave type char, which is signed. So bytes with values
more than 127 were treated as negative, resulting in being
incorrectly classified as out-of-range. This commit adds
casting byte values to unsigned char before validating range.
This commit is contained in:
asterite 2017-08-02 20:50:27 +03:00 committed by Felipe Zimmerle
parent 7665d96a13
commit 86e74fac58
No known key found for this signature in database
GPG Key ID: E6DFB08CE8B11277
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
src/operators/validate_byte_range.cc
View File

@ -116,7 +116,7 @@ bool ValidateByteRange::evaluate(Transaction *transaction, Rule *rule,
size_t count = 0; size_t count = 0;
for (int i = 0; i < input.length(); i++) { for (int i = 0; i < input.length(); i++) {
int x = input.at(i); int x = (unsigned char) input.at(i);
if (!(table[x >> 3] & (1 << (x & 0x7)))) { if (!(table[x >> 3] & (1 << (x & 0x7)))) {
// debug(9, "Value " + std::to_string(x) + " in " + // debug(9, "Value " + std::to_string(x) + " in " +
// input + " ouside range: " + param); // input + " ouside range: " + param);