From aab128f810dcb8b557d3435fba703805a732b298 Mon Sep 17 00:00:00 2001
From: Victor Hora <vhora@trustwave.com>
Date: Sat, 22 Sep 2018 20:21:23 -0400
Subject: [PATCH] Code cosmetics: checks if actionset is not null before use it

---
 apache2/apache2_config.c | 14 +++++++++-----
 apache2/re.c             |  6 +++---
 apache2/re_operators.c   | 12 +++++++++---
 3 files changed, 21 insertions(+), 11 deletions(-)

diff --git a/apache2/apache2_config.c b/apache2/apache2_config.c
index 9a7b7b5c..80f8f2b5 100644
--- a/apache2/apache2_config.c
+++ b/apache2/apache2_config.c
@@ -239,9 +239,9 @@ static void copy_rules_phase(apr_pool_t *mp,
 
                 /* Copy the rule. */
                 *(msre_rule **)apr_array_push(child_phase_arr) = rule;
-                if (rule->actionset->is_chained) mode = 2;
+                if (rule->actionset && rule->actionset->is_chained) mode = 2;
             } else {
-                if (rule->actionset->is_chained) mode = 1;
+                if (rule->actionset && rule->actionset->is_chained) mode = 1;
             }
         } else {
             if (mode == 2) {
@@ -897,8 +897,10 @@ static const char *add_rule(cmd_parms *cmd, directory_config *dcfg, int type,
         rule->actionset, 1);
 
     /* Keep track of the parent action for "block" */
-    rule->actionset->parent_intercept_action_rec = dcfg->tmp_default_actionset->intercept_action_rec;
-    rule->actionset->parent_intercept_action = dcfg->tmp_default_actionset->intercept_action;
+    if (rule->actionset) {
+        rule->actionset->parent_intercept_action_rec = dcfg->tmp_default_actionset->intercept_action_rec;
+        rule->actionset->parent_intercept_action = dcfg->tmp_default_actionset->intercept_action;
+    }
 
     /* Must NOT specify a disruptive action in logging phase. */
     if ((rule->actionset != NULL)
@@ -913,7 +915,9 @@ static const char *add_rule(cmd_parms *cmd, directory_config *dcfg, int type,
 
     if (dcfg->tmp_chain_starter != NULL) {
         rule->chain_starter = dcfg->tmp_chain_starter;
-        rule->actionset->phase = rule->chain_starter->actionset->phase;
+        if (rule->actionset) {
+            rule->actionset->phase = rule->chain_starter->actionset->phase;
+        }
     }
 
     if (rule->actionset->is_chained != 1) {
diff --git a/apache2/re.c b/apache2/re.c
index abc6e4d5..2428a174 100644
--- a/apache2/re.c
+++ b/apache2/re.c
@@ -1781,7 +1781,7 @@ static apr_status_t msre_ruleset_process_phase_(msre_ruleset *ruleset, modsec_re
         }
 
         if (rc == RULE_NO_MATCH) {
-            if (rule->actionset->is_chained) {
+            if (rule->actionset && rule->actionset->is_chained) {
                 /* If the current rule is part of a chain then
                  * we need to skip over all the rules in the chain.
                  */
@@ -2138,9 +2138,9 @@ static int msre_ruleset_phase_rule_remove_with_exception(msre_ruleset *ruleset,
             if (remove_rule) {
                 /* Do not increment j. */
                 removed_count++;
-                if (rule->actionset->is_chained) mode = 2; /* Remove rules in this chain. */
+                if (rule->actionset && rule->actionset->is_chained) mode = 2; /* Remove rules in this chain. */
             } else {
-                if (rule->actionset->is_chained) mode = 1; /* Keep rules in this chain. */
+                if (rule->actionset && rule->actionset->is_chained) mode = 1; /* Keep rules in this chain. */
                 rules[j++] = rules[i];
             }
         } else { /* Handling rule that is part of a chain. */
diff --git a/apache2/re_operators.c b/apache2/re_operators.c
index e0fc6fa8..e0ef2f20 100644
--- a/apache2/re_operators.c
+++ b/apache2/re_operators.c
@@ -2851,7 +2851,9 @@ static int msre_op_verifyCC_execute(modsec_rec *msr, msre_rule *rule, msre_var *
              * and we are done.
              */
 
-            matched_bytes = apr_table_get(rule->actionset->actions, "sanitizeMatchedBytes") ? 1 : 0;
+            if (rule->actionset) {
+                matched_bytes = apr_table_get(rule->actionset->actions, "sanitizeMatchedBytes") ? 1 : 0;
+            }
             if(!matched_bytes)
                 matched_bytes = apr_table_get(rule->actionset->actions, "sanitiseMatchedBytes") ? 1 : 0;
 
@@ -3159,7 +3161,9 @@ static int msre_op_verifyCPF_execute(modsec_rec *msr, msre_rule *rule, msre_var
              * and we are done.
              */
 
-            matched_bytes = apr_table_get(rule->actionset->actions, "sanitizeMatchedBytes") ? 1 : 0;
+            if (rule->actionset) {
+                matched_bytes = apr_table_get(rule->actionset->actions, "sanitizeMatchedBytes") ? 1 : 0;
+            }
             if(!matched_bytes)
                 matched_bytes = apr_table_get(rule->actionset->actions, "sanitiseMatchedBytes") ? 1 : 0;
 
@@ -3451,7 +3455,9 @@ static int msre_op_verifySSN_execute(modsec_rec *msr, msre_rule *rule, msre_var
              * and we are done.
              */
 
-            matched_bytes = apr_table_get(rule->actionset->actions, "sanitizeMatchedBytes") ? 1 : 0;
+            if (rule->actionset) {
+                matched_bytes = apr_table_get(rule->actionset->actions, "sanitizeMatchedBytes") ? 1 : 0;
+            }
             if(!matched_bytes)
                 matched_bytes = apr_table_get(rule->actionset->actions, "sanitiseMatchedBytes") ? 1 : 0;