github_mirrors/ModSecurity
3
0
Fork 1
mirror of https://github.com/owasp-modsecurity/ModSecurity.git synced 2025-08-14 13:56:01 +03:00
Code Issues Packages Projects Releases Wiki Activity

Avoids to flush xml buffer while assembling the injected html

Browse Source 
Fix #742
This commit is contained in:
Felipe Zimmerle 2017-05-22 18:42:37 -03:00
parent 72f632e9b6
commit a249574692
No known key found for this signature in database
GPG Key ID: E6DFB08CE8B11277
2 changed files with 12 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
CHANGES
View File

@ -1,6 +1,8 @@
DD MMM YYYY - 2.9.2 - To be released
------------------------------------
* Avoid to flush xml buffer while assembling the injected html.
[Issue #742 - @zimmerle]
* Avoid additional operator invokation if last transform of a multimatch
doesn't modify the input
[Issue #1086, #1087 - Daniel Stelter-Gliese]

11
apache2/msc_crypt.c
View File

@ -1072,7 +1072,8 @@ int inject_hashed_response_body(modsec_rec *msr, int elts) {
}
htmlDocContentDumpFormatOutput(output_buf, msr->crypto_html_tree, NULL, 0);
xmlOutputBufferFlush(output_buf);
// Not necessary in 2.9.4+
//xmlOutputBufferFlush(output_buf);
#ifdef LIBXML2_NEW_BUFFER
@ -1082,6 +1083,7 @@ int inject_hashed_response_body(modsec_rec *msr, int elts) {
xmlOutputBufferClose(output_buf);
xmlFreeDoc(msr->crypto_html_tree);
msr->of_stream_changed = 0;
msr_log(msr, 4, "inject_hashed_response_body: NEW_BUFFER Output buffer is null.");
return -1;
}
@ -1096,6 +1098,7 @@ int inject_hashed_response_body(modsec_rec *msr, int elts) {
if (msr->stream_output_data == NULL) {
xmlOutputBufferClose(output_buf);
xmlFreeDoc(msr->crypto_html_tree);
msr_log(msr, 4, "inject_hashed_response_body: NEW BUFFER Stream Output is null.");
return -1;
}
@ -1111,6 +1114,7 @@ int inject_hashed_response_body(modsec_rec *msr, int elts) {
xmlOutputBufferClose(output_buf);
xmlFreeDoc(msr->crypto_html_tree);
msr->of_stream_changed = 0;
msr_log(msr, 4, "inject_hashed_response_body: Conv is null.");
return -1;
}
@ -1123,6 +1127,7 @@ int inject_hashed_response_body(modsec_rec *msr, int elts) {
msr->stream_output_data = (char *)malloc(msr->stream_output_length+1);
if (msr->stream_output_data == NULL) {
msr_log(msr, 4, "inject_hashed_response_body: Stream Output data is NULL.");
xmlOutputBufferClose(output_buf);
xmlFreeDoc(msr->crypto_html_tree);
return -1;
@ -1143,6 +1148,7 @@ int inject_hashed_response_body(modsec_rec *msr, int elts) {
if(output_buf->buffer == NULL || output_buf->buffer->use == 0) {
xmlOutputBufferClose(output_buf);
xmlFreeDoc(msr->crypto_html_tree);
msr_log(msr, 4, "inject_hashed_response_body: Output buffer is null.");
msr->of_stream_changed = 0;
return -1;
}
@ -1158,6 +1164,7 @@ int inject_hashed_response_body(modsec_rec *msr, int elts) {
if (msr->stream_output_data == NULL) {
xmlOutputBufferClose(output_buf);
xmlFreeDoc(msr->crypto_html_tree);
msr_log(msr, 4, "inject_hashed_response_body: Stream Output is null.");
return -1;
}
@ -1174,6 +1181,7 @@ int inject_hashed_response_body(modsec_rec *msr, int elts) {
xmlOutputBufferClose(output_buf);
xmlFreeDoc(msr->crypto_html_tree);
msr->of_stream_changed = 0;
msr_log(msr, 4, "inject_hashed_response_body: Stream Output is null.");
return -1;
}
@ -1188,6 +1196,7 @@ int inject_hashed_response_body(modsec_rec *msr, int elts) {
if (msr->stream_output_data == NULL) {
xmlOutputBufferClose(output_buf);
xmlFreeDoc(msr->crypto_html_tree);
msr_log(msr, 4, "inject_hashed_response_body: Stream Output Data is null.");
return -1;
}