github_mirrors/ModSecurity
3
0
Fork 1
mirror of https://github.com/owasp-modsecurity/ModSecurity.git synced 2025-09-29 19:24:29 +03:00
Code Issues Packages Projects Releases Wiki Activity

Add sanity check for a couple malloc() and make code more resilient

Browse Source
This commit is contained in:
Victor Hora
2018-11-04 22:04:34 -05:00
parent b3fa87dc7c
commit 9be0a407eb
4 changed files with 21 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
CHANGES
View File

@@ -1,6 +1,8 @@
DD MMM YYYY - 2.9.3 - To be released DD MMM YYYY - 2.9.3 - To be released
------------------------------------ ------------------------------------
* Add sanity check for a couple malloc() and make code more resilient
[Issue #979 - @dogbert2, @victorhora, @zimmerl]
* Fix NetBSD build by renaming the hmac function to avoid conflicts * Fix NetBSD build by renaming the hmac function to avoid conflicts
[Issue #1241 - @victorhora, @joerg, @sevan] [Issue #1241 - @victorhora, @joerg, @sevan]
* IIS: Windows build, fix duplicate YAJL dir in script * IIS: Windows build, fix duplicate YAJL dir in script

5
apache2/msc_remote_rules.c
View File

@@ -312,6 +312,11 @@ int msc_remote_download_content(apr_pool_t *mp, const char *uri, const char *key
struct curl_slist *headers_chunk = NULL; struct curl_slist *headers_chunk = NULL;
#ifdef WIN32 #ifdef WIN32
char *buf = malloc(sizeof(TCHAR) * (2048 + 1)); char *buf = malloc(sizeof(TCHAR) * (2048 + 1));
if (buf == NULL) { /* malloc failed... */
*error_msg = apr_psprintf(mp, "Unable to allocate memory");
ret = -2;
goto failed;
}
char *ptr = NULL; char *ptr = NULL;
DWORD res_len; DWORD res_len;
#endif #endif

15
apache2/msc_util.c
View File

@@ -2779,8 +2779,8 @@ int ip_tree_from_param(apr_pool_t *mp,
} }
#ifdef WITH_CURL #ifdef WITH_CURL
size_t msc_curl_write_memory_cb(void *contents, size_t size, size_t msc_curl_write_memory_cb(apr_pool_t *mp, void *contents, size_t size,
size_t nmemb, void *userp) size_t nmemb, void *userp, char **error_msg)
{ {
size_t realsize = size * nmemb; size_t realsize = size * nmemb;
struct msc_curl_memory_buffer_t *mem = (struct msc_curl_memory_buffer_t *)userp; struct msc_curl_memory_buffer_t *mem = (struct msc_curl_memory_buffer_t *)userp;
@@ -2788,11 +2788,20 @@ size_t msc_curl_write_memory_cb(void *contents, size_t size,
if (mem->size == 0) if (mem->size == 0)
{ {
mem->memory = malloc(realsize + 1); mem->memory = malloc(realsize + 1);
if (mem->memory == NULL) {
*error_msg = apr_psprintf(mp, "Unable to allocate buffer for mem->memory");
return 0;
}
memset(mem->memory, '\0', sizeof(realsize + 1)); memset(mem->memory, '\0', sizeof(realsize + 1));
} }
else else
{ {
mem->memory = realloc(mem->memory, mem->size + realsize + 1); void *tmp;
tmp = mem->memory;
tmp = realloc(mem->memory, mem->size + realsize + 1);
if (tmp != NULL) {
mem->memory = tmp;
}
memset(mem->memory + mem->size, '\0', sizeof(realsize + 1)); memset(mem->memory + mem->size, '\0', sizeof(realsize + 1));
} }

4
apache2/msc_util.h
View File

@@ -166,8 +166,8 @@ int ip_tree_from_uri(TreeRoot **rtree, char *uri,
int read_line(char *buff, int size, FILE *fp); int read_line(char *buff, int size, FILE *fp);
size_t msc_curl_write_memory_cb(void *contents, size_t size, size_t msc_curl_write_memory_cb(apr_pool_t *mp, void *contents, size_t size,
size_t nmemb, void *userp); size_t nmemb, void *userp, char **error_msg);
struct msc_curl_memory_buffer_t struct msc_curl_memory_buffer_t
{ {