github_mirrors/ModSecurity
3
0
Fork 1
mirror of https://github.com/owasp-modsecurity/ModSecurity.git synced 2025-08-14 13:56:01 +03:00
Code Issues Packages Projects Releases Wiki Activity

Introduced a new variable to hold currval length

Browse Source
This commit is contained in:
Ervin Hegedus 2025-06-24 21:34:12 +02:00
parent ca99ccd23f
commit 89d3ad38c5
No known key found for this signature in database
GPG Key ID: 5FA5BC3F5EC41F61
2 changed files with 10 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
apache2/msc_xml.c
View File

@ -44,6 +44,7 @@ static void msc_xml_on_start_elementns(
// this is necessary because if there is any text between the tags (new line, etc) // this is necessary because if there is any text between the tags (new line, etc)
// it will be added to the current value // it will be added to the current value
xml_parser_state->currval = NULL; xml_parser_state->currval = NULL;
xml_parser_state->currpathbufflen = 0;
// if there is an item before the current one we set that has a child // if there is an item before the current one we set that has a child
if (xml_parser_state->depth > 1) { if (xml_parser_state->depth > 1) {
@ -73,7 +74,11 @@ static void msc_xml_on_end_elementns(
if (msr->txcfg->debuglog_level >= 4) { if (msr->txcfg->debuglog_level >= 4) {
msr_log(msr, 4, "Skipping request argument, over limit (XML): name \"%s\", value \"%s\"", msr_log(msr, 4, "Skipping request argument, over limit (XML): name \"%s\", value \"%s\"",
log_escape_ex(msr->mp, xml_parser_state->currpath, strlen(xml_parser_state->currpath)), log_escape_ex(msr->mp, xml_parser_state->currpath, strlen(xml_parser_state->currpath)),
log_escape_ex(msr->mp, xml_parser_state->currval, strlen(xml_parser_state->currval))); log_escape_ex(msr->mp,
(xml_parser_state->currval == NULL ? apr_pstrndup(msr->mp, "", 1) : xml_parser_state->currval),
(xml_parser_state->currvalbufflen == 0 ? 1 : xml_parser_state->currvalbufflen)
)
);
} }
msr->msc_reqbody_error = 1; msr->msc_reqbody_error = 1;
msr->xml->xml_error = apr_psprintf(msr->mp, "More than %ld ARGS (GET + XML)", msr->txcfg->arguments_limit); msr->xml->xml_error = apr_psprintf(msr->mp, "More than %ld ARGS (GET + XML)", msr->txcfg->arguments_limit);
@ -86,7 +91,7 @@ static void msc_xml_on_end_elementns(
arg->name = xml_parser_state->currpath; arg->name = xml_parser_state->currpath;
arg->name_len = strlen(arg->name); arg->name_len = strlen(arg->name);
arg->value = (xml_parser_state->currval == NULL) ? apr_pstrndup(msr->mp, "", 1) : xml_parser_state->currval; arg->value = (xml_parser_state->currval == NULL) ? apr_pstrndup(msr->mp, "", 1) : xml_parser_state->currval;
arg->value_len = (xml_parser_state->currval == NULL) ? 0 : strlen(xml_parser_state->currval); arg->value_len = (xml_parser_state->currvalbufflen == 0) ? 1 : xml_parser_state->currvalbufflen;
arg->value_origin_len = arg->value_len; arg->value_origin_len = arg->value_len;
arg->origin = "XML"; arg->origin = "XML";
@ -123,6 +128,7 @@ static void msc_xml_on_characters(void *ctx, const xmlChar *ch, int len) {
((xml_parser_state->currval != NULL) ? xml_parser_state->currval : ""), ((xml_parser_state->currval != NULL) ? xml_parser_state->currval : ""),
apr_pstrndup(msr->mp, (const char *)ch, len), apr_pstrndup(msr->mp, (const char *)ch, len),
NULL); NULL);
xml_parser_state->currvalbufflen += len;
// check if the memory allocation was successful // check if the memory allocation was successful
if (xml_parser_state->currval == NULL) { if (xml_parser_state->currval == NULL) {
msr->xml->xml_error = apr_psprintf(msr->mp, "Failed to allocate memory for XML value."); msr->xml->xml_error = apr_psprintf(msr->mp, "Failed to allocate memory for XML value.");
@ -175,6 +181,7 @@ int xml_init(modsec_rec *msr, char **error_msg) {
msr->xml->xml_parser_state->pathlen = 4; // "xml\0" msr->xml->xml_parser_state->pathlen = 4; // "xml\0"
msr->xml->xml_parser_state->currpath = apr_pstrdup(msr->mp, "xml"); msr->xml->xml_parser_state->currpath = apr_pstrdup(msr->mp, "xml");
msr->xml->xml_parser_state->currval = NULL; msr->xml->xml_parser_state->currval = NULL;
msr->xml->xml_parser_state->currvalbufflen = 0;
msr->xml->xml_parser_state->currpathbufflen = 4; msr->xml->xml_parser_state->currpathbufflen = 4;
// initialize the stack with item of 10 // initialize the stack with item of 10
// this will store the information about nodes // this will store the information about nodes

1
apache2/msc_xml.h
View File

@ -31,6 +31,7 @@ struct msc_xml_parser_state {
char * currpath; char * currpath;
char * currval; char * currval;
size_t currpathbufflen; size_t currpathbufflen;
size_t currvalbufflen;
apr_pool_t * mp; apr_pool_t * mp;
}; };