github_mirrors/ModSecurity
3
0
Fork 1
mirror of https://github.com/owasp-modsecurity/ModSecurity.git synced 2025-08-13 13:26:01 +03:00
Code Issues Packages Projects Releases Wiki Activity

Fix: lmdb regex match on non-null-terminated string

Browse Source
This commit is contained in:
Martin Vierula 2023-09-18 08:27:41 -07:00
parent 375519d5f2
commit af45ccd53f
No known key found for this signature in database
GPG Key ID: F2FC4E45883BCBA4
3 changed files with 17 additions and 14 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
CHANGES
View File

@ -1,6 +1,8 @@
v3.x.y - YYYY-MMM-DD (to be released) v3.x.y - YYYY-MMM-DD (to be released)
------------------------------------- -------------------------------------
- Fix: lmdb regex match on non-null terminated string
[Issue #2985 - @martinhsv]
- Fix memory leaks in lmdb code (new'd strings) - Fix memory leaks in lmdb code (new'd strings)
[Issue #2983 - @martinhsv] [Issue #2983 - @martinhsv]
- Configure: add additional name to pcre2 pkg-config list - Configure: add additional name to pcre2 pkg-config list

5
src/collection/backend/lmdb.cc
View File

@ -473,12 +473,11 @@ void LMDB::resolveRegularExpression(const std::string& var,
} }
while ((rc = mdb_cursor_get(cursor, &key, &data, MDB_NEXT)) == 0) { while ((rc = mdb_cursor_get(cursor, &key, &data, MDB_NEXT)) == 0) {
char *a = reinterpret_cast<char *>(key.mv_data); std::string key_to_insert(reinterpret_cast<char *>(key.mv_data), key.mv_size);
int ret = Utils::regex_search(a, r); int ret = Utils::regex_search(key_to_insert, r);
if (ret <= 0) { if (ret <= 0) {
continue; continue;
} }
std::string key_to_insert(reinterpret_cast<char *>(key.mv_data), key.mv_size);
if (ke.toOmit(key_to_insert)) { if (ke.toOmit(key_to_insert)) {
continue; continue;
} }

24
test/test-cases/regression/collection-regular_expression_selection.json
View File

@ -25,7 +25,7 @@
"Pragma":"no-cache", "Pragma":"no-cache",
"Cache-Control":"no-cache" "Cache-Control":"no-cache"
}, },
"uri":"\/test.pl?id_a= test &id_b=test2&nah=nops", "uri":"\/test.pl?id_a=test&nah=nops",
"method":"GET", "method":"GET",
"http_version":1.1, "http_version":1.1,
"body":"" "body":""
@ -48,12 +48,15 @@
}, },
"expected":{ "expected":{
"audit_log":"", "audit_log":"",
"debug_log":"T \\(0\\) t:lowercase: \"test2\"", "debug_log":"Saving variable: IP:nah with value: nops",
"error_log":"" "error_log":"",
"http_code":200
}, },
"rules":[ "rules":[
"SecRuleEngine On", "SecRuleEngine On",
"SecRule ARGS:/^id_/ \"@contains nops\" \"id:1,t:lowercase,block,status:404\"" "SecRule ARGS:/^id_/ \"@contains test\" \"id:1,phase:2,t:lowercase,initcol:ip=%{REMOTE_ADDR}\"",
"SecRule ARGS:/^id_/ \"@contains test\" \"id:2,phase:2,t:lowercase,setvar:IP.nah=nops\"",
"SecRule IP:/id_a$/ \"rx .\" \"id:3,phase:2,deny,status:403\""
] ]
}, },
{ {
@ -82,7 +85,7 @@
"Pragma":"no-cache", "Pragma":"no-cache",
"Cache-Control":"no-cache" "Cache-Control":"no-cache"
}, },
"uri":"\/test.pl?id_a= test &id_b=test2&nah=nops", "uri":"\/test.pl?id_a=test&nah=nops",
"method":"GET", "method":"GET",
"http_version":1.1, "http_version":1.1,
"body":"" "body":""
@ -105,15 +108,14 @@
}, },
"expected":{ "expected":{
"audit_log":"", "audit_log":"",
"debug_log":"Saving variable: IP:nah with value: nops", "debug_log":"Saving variable: IP:id_a with value: nops",
"error_log":"" "http_code":403
}, },
"rules":[ "rules":[
"SecRuleEngine On", "SecRuleEngine On",
"SecRule ARGS:/^id_/ \"@contains test\" \"id:1,t:lowercase,initcol:ip=%{REMOTE_ADDR},setvar:IP.id_a=test\"", "SecRule ARGS:/^id_/ \"@contains test\" \"id:11,phase:2,t:lowercase,initcol:ip=%{REMOTE_ADDR}\"",
"SecRule ARGS:/^id_/ \"@contains test\" \"id:3,t:lowercase,setvar:IP.nah=nops\"", "SecRule ARGS:/^id_/ \"@contains test\" \"id:12,phase:2,t:lowercase,setvar:IP.id_a=nops\"",
"SecRule IP:/^id_/ \"@contains test\" \"id:2,t:lowercase,initcol:ip=%{REMOTE_ADDR}\"", "SecRule IP:/id_a$/ \"@contains nops\" \"id:13,phase:2,deny,status:403\""
"SecRule IP:/^id_/ \"@contains nops\" \"id:4,t:lowercase,block,status:404\""
] ]
} }
] ]