Systematically log problems in update_rule_target_ex().

Fix some memory leaks in update_rule_target_ex().
2025-08-14 13:56:01 +03:00 · 2024-07-22 15:59:28 +02:00 · 2024-07-22 15:59:28 +02:00 · a32b512a7f
commit a32b512a7f
parent 243d9c978a
1 changed files with 90 additions and 113 deletions
--- a/apache2/re.c
+++ b/apache2/re.c
@ -250,24 +250,22 @@ char *update_rule_target_ex(modsec_rec *msr, msre_ruleset *ruleset, msre_rule *r
    int i, rc, match = 0, var_appended = 0;

    if (rule != NULL)    {
-
        target_list = strdup(p2);
-        if(target_list == NULL)
-            return apr_psprintf(ruleset->mp, "Error to update target - memory allocation");;
+        if (target_list == NULL) {
+            my_error_msg = apr_psprintf(ruleset->mp, "Error to update target - memory allocation");
+            goto end;
+        }

        if (p3 != NULL)  {
            replace = strdup(p3);
            if (replace == NULL) {
-                free(target_list);
-                target_list = NULL;
-                return apr_psprintf(ruleset->mp, "Error to update target - memory allocation");;
+                my_error_msg = apr_psprintf(ruleset->mp, "Error to update target - memory allocation");
+                goto end;
            }
        }

        if (replace != NULL) {
-
            opt = strchr(replace,'!');
-
            if (opt != NULL)  {
                *opt = '\0';
                opt++;
@ -291,20 +289,13 @@ char *update_rule_target_ex(modsec_rec *msr, msre_ruleset *ruleset, msre_rule *r
            }

            if (apr_table_get(ruleset->engine->variables, name) == NULL)   {
-                if(target_list != NULL)
-                    free(target_list);
-                if(replace != NULL)
-                    free(replace);
-                if(msr) {
-                    msr_log(msr, 9, "Error to update target - [%s] is not valid target", name);
-                }
-                return apr_psprintf(ruleset->mp, "Error to update target - [%s] is not valid target", name);
+                my_error_msg = apr_psprintf(ruleset->mp, "Error to update target - [%s] is not valid target", name);
+                goto end;
            }

            name_len = strlen(name);

-            if(value != NULL)
-                value_len = strlen(value);
+            if (value != NULL) value_len = strlen(value);

            if (msr) {
                msr_log(msr, 9, "Trying to replace by variable name [%s] value [%s]", name, value);
@ -377,16 +368,19 @@ char *update_rule_target_ex(modsec_rec *msr, msre_ruleset *ruleset, msre_rule *r
                    }
 #if !defined(MSC_TEST)
                    else {
-                        ap_log_error(APLOG_MARK, APLOG_ERR, 0, NULL, " ModSecurity: Cannot find varibale to replace");
+                        ap_log_error(APLOG_MARK, APLOG_ERR, 0, NULL, " ModSecurity: Cannot find variable to replace");
                    }
 #endif
                    goto end;
                }
-            } else {
+            }
+            else {

                target = strdup(p);
-                if(target == NULL)
-                    return NULL;
+				if (target == NULL) {
+					my_error_msg = apr_psprintf(ruleset->mp, "Error to update target - memory allocation");
+					goto end;
+				}

                is_negated = is_counting = 0;
                param = name = value = NULL;
@ -408,7 +402,6 @@ char *update_rule_target_ex(modsec_rec *msr, msre_ruleset *ruleset, msre_rule *r
                }

                opt = strchr(param,':');
-
                if (opt != NULL) {
                    name = apr_strtok(param,":",&value);
                } else {
@ -416,20 +409,13 @@ char *update_rule_target_ex(modsec_rec *msr, msre_ruleset *ruleset, msre_rule *r
                }

                if (apr_table_get(ruleset->engine->variables, name) == NULL) {
-                    if(target_list != NULL)
-                        free(target_list);
-                    if(replace != NULL)
-                        free(replace);
-                    if(msr) {
-                        msr_log(msr, 9, "Error to update target - [%s] is not valid target", name);
-                    }
-                    return apr_psprintf(ruleset->mp, "Error to update target - [%s] is not valid target", name);
+                    my_error_msg = apr_psprintf(ruleset->mp, "Error to update target - [%s] is not valid target", name);
+                    goto end;
                }

                name_len = strlen(name);

-                if(value != NULL)
-                    value_len = strlen(value);
+                if (value != NULL) value_len = strlen(value);

                if (msr) {
                    msr_log(msr, 9, "Trying to append variable name [%s] value [%s]", name, value);
@ -455,8 +441,7 @@ char *update_rule_target_ex(modsec_rec *msr, msre_ruleset *ruleset, msre_rule *r
                            }
                        } else if (value == NULL && targets[i]->param == NULL){
                            match = 1;
-                        } else
-                            continue;
+                        } else continue;

                    }
                }
@ -511,19 +496,11 @@ char *update_rule_target_ex(modsec_rec *msr, msre_ruleset *ruleset, msre_rule *r
    }

 end:
-    if(target_list != NULL) {
-        free(target_list);
-        target_list = NULL;
-    }
-    if(replace != NULL) {
-        free(replace);
-        replace = NULL;
-    }
-    if(target != NULL)  {
-        free(target);
-        target = NULL;
-    }
-    return NULL;
+    if (msr && my_error_msg) msr_log(msr, 9, my_error_msg);
+    if (target_list != NULL) free(target_list);
+    if (replace != NULL) free(replace);
+    if (target != NULL) free(target);
+    return my_error_msg;
 }

 int msre_ruleset_rule_matches_exception(msre_rule *rule, rule_exception *re)   {