Fix macro expansion. See #118.

Fix some debug log output to escape NULs properly in preparation for #54.
Up version to prepare for 2.2.0 pre-releases.

CHANGES

@@ -1,7 +1,13 @@
 
-?? ??? 2007 - trunk
--------------------
+?? ??? 2007 - 2.2.0-trunk
+-------------------------
 
+ * Enhanced debug log output to log macro expansion and correctly display
+   values that contained NULs.
+
+ * Removed support for %0 - %9 capture macros as they were incorrectly
+   expanding url encoded values.  Use %{TX.0} - %{TX.9} instead.
+	
  * Added t:length to transform a value to its character length.
 
  * Added t:trimLeft, t:trimRight, t:trim to remove whitespace

apache2/modsecurity.h

@@ -50,7 +50,7 @@ typedef struct msc_string msc_string;
 #include "http_protocol.h"
 
 #define MODULE_NAME "ModSecurity"
-#define MODULE_RELEASE "2.1.1-dev1"
+#define MODULE_RELEASE "2.2.0-trunk"
 #define MODULE_NAME_FULL (MODULE_NAME " v" MODULE_RELEASE " (Apache 2.x)")
 
 #define PHASE_REQUEST_HEADERS       1

apache2/re_actions.c

@@ -110,13 +110,18 @@ int DSOLOCAL expand_macros(modsec_rec *msr, msc_string *var, msre_rule *rule, ap
                 } else {
                     next_text_start = t; /* *t was '\0' */
                 }
-            } else
-            if ((*(p + 1) >= '0')&&(*(p + 1) <= '9')) {
+            }
+/* Removed %0-9 macros as it messes up urlEncoding in the match
+ * where having '%0a' will be treated as %{TX.0}a, which is incorrect.
+ * */
+#if 0
+            else if ((*(p + 1) >= '0')&&(*(p + 1) <= '9')) {
                 /* Special case for regex captures. */
                 var_name = "TX";
                 var_value = apr_pstrmemdup(mptmp, p + 1, 1);
                 next_text_start = p + 2;
             }
+#endif
 
             if (var_name != NULL) {
                 char *my_error_msg = NULL;
@@ -141,15 +146,24 @@ int DSOLOCAL expand_macros(modsec_rec *msr, msc_string *var, msre_rule *rule, ap
                         part->value_len = var_generated->value_len;
                         part->value = (char *)var_generated->value;
                         *(msc_string **)apr_array_push(arr) = part;
+                        msr_log(msr, 9, "Resolved macro %%{%s%s%s} to \"%s\"",
+                            var_name,
+                            (var_value ? "." : ""),
+                            (var_value ? var_value : ""),
+                            log_escape_ex(mptmp, part->value, part->value_len));
                     }
                 } else {
-                    /* ENH Should we log something because the macro could not be resolved? */
+                    msr_log(msr, 4, "Failed to resolve macro %%{%s%s%s}: %s",
+                        var_name,
+                        (var_value ? "." : ""),
+                        (var_value ? var_value : ""),
+                        my_error_msg);
                 }
             } else {
                 /* We could not identify a valid macro so add it as text. */
                 part = (msc_string *)apr_pcalloc(mptmp, sizeof(msc_string));
                 if (part == NULL) return -1;
-                part->value_len = p - text_start;
+                part->value_len = p - text_start + 1; /* len(text)+len("%") */
                 part->value = apr_pstrmemdup(mptmp, text_start, part->value_len);
                 *(msc_string **)apr_array_push(arr) = part;
 
@@ -952,8 +966,10 @@ static apr_status_t msre_action_setvar_execute(modsec_rec *msr, apr_pool_t *mptm
             var->value_len = strlen(var->value);
             apr_table_setn(target_col, var->name, (void *)var);
 
-            msr_log(msr, 9, "Set variable \"%s.%s\" to \"%s\".", log_escape(mptmp, col_name),
-                log_escape(mptmp, var->name), log_escape(mptmp, var->value));
+            msr_log(msr, 9, "Set variable \"%s.%s\" to \"%s\".",
+                log_escape(mptmp, col_name),
+                log_escape_ex(mptmp, var->name, var->name_len),
+                log_escape_ex(mptmp, var->value, var->value_len));
         } else {
             /* Absolute change. */
 
@@ -967,8 +983,10 @@ static apr_status_t msre_action_setvar_execute(modsec_rec *msr, apr_pool_t *mptm
             expand_macros(msr, var, rule, mptmp);
             apr_table_setn(target_col, var->name, (void *)var);
 
-            msr_log(msr, 9, "Set variable \"%s.%s\" to \"%s\".", log_escape(mptmp, col_name),
-                log_escape(mptmp, var->name), log_escape(mptmp, var->value));
+            msr_log(msr, 9, "Set variable \"%s.%s\" to \"%s\".",
+                log_escape(mptmp, col_name),
+                log_escape_ex(mptmp, var->name, var->name_len),
+                log_escape_ex(mptmp, var->value, var->value_len));
         }
     }
 

apache2/re_operators.c

@@ -145,7 +145,7 @@ static int msre_op_rx_execute(modsec_rec *msr, msre_rule *rule, msre_var *var, c
             apr_table_setn(msr->tx_vars, s->name, (void *)s);
             if (msr->txcfg->debuglog_level >= 9) {
                 msr_log(msr, 9, "Adding regex subexpression to TXVARS (%i): %s", i,
-                    log_escape_nq(msr->mp, s->value));
+                    log_escape_nq_ex(msr->mp, s->value, s->value_len));
             }
         }