From 89d3ad38c5a964f760af240e3ace3467bb729a64 Mon Sep 17 00:00:00 2001 From: Ervin Hegedus Date: Tue, 24 Jun 2025 21:34:12 +0200 Subject: [PATCH] Introduced a new variable to hold currval length --- apache2/msc_xml.c | 11 +++++++++-- apache2/msc_xml.h | 1 + 2 files changed, 10 insertions(+), 2 deletions(-) diff --git a/apache2/msc_xml.c b/apache2/msc_xml.c index 74945a08..dfb622cd 100644 --- a/apache2/msc_xml.c +++ b/apache2/msc_xml.c @@ -44,6 +44,7 @@ static void msc_xml_on_start_elementns( // this is necessary because if there is any text between the tags (new line, etc) // it will be added to the current value xml_parser_state->currval = NULL; + xml_parser_state->currpathbufflen = 0; // if there is an item before the current one we set that has a child if (xml_parser_state->depth > 1) { @@ -73,7 +74,11 @@ static void msc_xml_on_end_elementns( if (msr->txcfg->debuglog_level >= 4) { msr_log(msr, 4, "Skipping request argument, over limit (XML): name \"%s\", value \"%s\"", log_escape_ex(msr->mp, xml_parser_state->currpath, strlen(xml_parser_state->currpath)), - log_escape_ex(msr->mp, xml_parser_state->currval, strlen(xml_parser_state->currval))); + log_escape_ex(msr->mp, + (xml_parser_state->currval == NULL ? apr_pstrndup(msr->mp, "", 1) : xml_parser_state->currval), + (xml_parser_state->currvalbufflen == 0 ? 1 : xml_parser_state->currvalbufflen) + ) + ); } msr->msc_reqbody_error = 1; msr->xml->xml_error = apr_psprintf(msr->mp, "More than %ld ARGS (GET + XML)", msr->txcfg->arguments_limit); @@ -86,7 +91,7 @@ static void msc_xml_on_end_elementns( arg->name = xml_parser_state->currpath; arg->name_len = strlen(arg->name); arg->value = (xml_parser_state->currval == NULL) ? apr_pstrndup(msr->mp, "", 1) : xml_parser_state->currval; - arg->value_len = (xml_parser_state->currval == NULL) ? 0 : strlen(xml_parser_state->currval); + arg->value_len = (xml_parser_state->currvalbufflen == 0) ? 1 : xml_parser_state->currvalbufflen; arg->value_origin_len = arg->value_len; arg->origin = "XML"; @@ -123,6 +128,7 @@ static void msc_xml_on_characters(void *ctx, const xmlChar *ch, int len) { ((xml_parser_state->currval != NULL) ? xml_parser_state->currval : ""), apr_pstrndup(msr->mp, (const char *)ch, len), NULL); + xml_parser_state->currvalbufflen += len; // check if the memory allocation was successful if (xml_parser_state->currval == NULL) { msr->xml->xml_error = apr_psprintf(msr->mp, "Failed to allocate memory for XML value."); @@ -175,6 +181,7 @@ int xml_init(modsec_rec *msr, char **error_msg) { msr->xml->xml_parser_state->pathlen = 4; // "xml\0" msr->xml->xml_parser_state->currpath = apr_pstrdup(msr->mp, "xml"); msr->xml->xml_parser_state->currval = NULL; + msr->xml->xml_parser_state->currvalbufflen = 0; msr->xml->xml_parser_state->currpathbufflen = 4; // initialize the stack with item of 10 // this will store the information about nodes diff --git a/apache2/msc_xml.h b/apache2/msc_xml.h index 3d23c60d..dd232fba 100644 --- a/apache2/msc_xml.h +++ b/apache2/msc_xml.h @@ -31,6 +31,7 @@ struct msc_xml_parser_state { char * currpath; char * currval; size_t currpathbufflen; + size_t currvalbufflen; apr_pool_t * mp; };