github_mirrors/ModSecurity
3
0
Fork 1
mirror of https://github.com/owasp-modsecurity/ModSecurity.git synced 2025-08-14 05:45:59 +03:00
Code Issues Packages Projects Releases Wiki Activity

Initial full pass through code to fix issues with 64-bit/mismatch sign/mismatch size printf style formatters.

Browse Source 
Still need to look more into how we are handling time and convert to apr_time_t (or time_t) where appropriate.
Still need to look into our use of 'long' as windows is LLP64 where 'long' is still 32-bit.
This commit is contained in:
brectanus 2007-11-15 19:09:14 +00:00
parent b9defc0adb
commit aff6900539
16 changed files with 73 additions and 71 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
apache2/acmp.c
View File

@ -431,7 +431,6 @@ static void acmp_found(ACMP *parser, acmp_node_t *node) {
parser->bp_buffer[(parser->char_pos - node->depth - 1) % parser->bp_buff_len],
parser->char_pos - node->depth - 1);
}
/* printf("found: %s at position %d\n", node->pattern, parser->char_pos - node->depth - 1); */
node->hit_count++;
parser->hit_count++;
}

6
apache2/apache2_config.c
View File

@ -27,7 +27,7 @@ void *create_directory_config(apr_pool_t *mp, char *path) {
if (dcfg == NULL) return NULL;
#ifdef DEBUG_CONF
fprintf(stderr, "Created directory config %x path %s\n", dcfg, path);
fprintf(stderr, "Created directory config %p path %s\n", (void *)dcfg, path);
#endif
dcfg->mp = mp;
@ -193,7 +193,7 @@ void *merge_directory_configs(apr_pool_t *mp, void *_parent, void *_child) {
directory_config *merged = create_directory_config(mp, NULL);
#ifdef DEBUG_CONF
fprintf(stderr, "Merge parent %x child %x RESULT %x\n", _parent, _child, merged);
fprintf(stderr, "Merge parent %p child %p RESULT %p\n", _parent, _child, merged);
#endif
if (merged == NULL) return NULL;
@ -1114,7 +1114,7 @@ static const char *cmd_rule_remove_by_msg(cmd_parms *cmd, void *_dcfg, const cha
msre_ruleset_rule_remove_with_exception(dcfg->ruleset, re);
#ifdef DEBUG_CONF
fprintf(stderr, "Added exception %x (%d %s) to dcfg %x.\n", re, re->type, re->param, dcfg);
fprintf(stderr, "Added exception %p (%d %s) to dcfg %p.\n", re, re->type, re->param, dcfg);
#endif
return NULL;

8
apache2/apache2_io.c
View File

@ -48,7 +48,7 @@ apr_status_t input_filter(ap_filter_t *f, apr_bucket_brigade *bb_out,
if ((msr->if_status == IF_STATUS_COMPLETE)||(msr->if_status == IF_STATUS_NONE)) {
if (msr->txcfg->debuglog_level >= 4) {
msr_log(msr, 4, "Input filter: Input forwarding already complete, skipping (f %x, r %x).", f, f->r);
msr_log(msr, 4, "Input filter: Input forwarding already complete, skipping (f %p, r %p).", f, f->r);
}
ap_remove_input_filter(f);
return ap_get_brigade(f->next, bb_out, mode, block, nbytes);
@ -56,7 +56,7 @@ apr_status_t input_filter(ap_filter_t *f, apr_bucket_brigade *bb_out,
if (msr->txcfg->debuglog_level >= 4) {
msr_log(msr, 4, "Input filter: Forwarding input: mode=%d, block=%d, nbytes=%" APR_OFF_T_FMT
" (f %x, r %x).", mode, block, nbytes, f, f->r);
" (f %p, r %p).", mode, block, nbytes, f, f->r);
}
if (msr->if_started_forwarding == 0) {
@ -209,7 +209,7 @@ apr_status_t read_request_body(modsec_rec *msr, char **error_msg) {
}
if (msr->txcfg->debuglog_level >= 9) {
msr_log(msr, 9, "Input filter: Bucket type %s contains %d bytes.",
msr_log(msr, 9, "Input filter: Bucket type %s contains %" APR_SIZE_T_FMT " bytes.",
bucket->type->name, buflen);
}
@ -483,7 +483,7 @@ apr_status_t output_filter(ap_filter_t *f, apr_bucket_brigade *bb_in) {
msr->r = r;
if (msr->txcfg->debuglog_level >= 4) {
msr_log(msr, 4, "Output filter: Receiving output (f %x, r %x).", f, f->r);
msr_log(msr, 4, "Output filter: Receiving output (f %p, r %p).", f, f->r);
}
/* Initialise on first invocation */

8
apache2/apache2_util.c
View File

@ -92,7 +92,7 @@ int apache2_exec(modsec_rec *msr, const char *command, const char **argv, char *
procnew = apr_pcalloc(r->pool, sizeof(*procnew));
if (procnew == NULL) {
msr_log(msr, 1, "Exec: Unable to allocate %d bytes.", sizeof(*procnew));
msr_log(msr, 1, "Exec: Unable to allocate %lu bytes.", (unsigned long)sizeof(*procnew));
return -1;
}
@ -246,9 +246,9 @@ void internal_log(request_rec *r, directory_config *dcfg, modsec_rec *msr,
/* Construct the message. */
apr_vsnprintf(str1, sizeof(str1), text, ap);
apr_snprintf(str2, sizeof(str2), "[%s] [%s/sid#%lx][rid#%lx][%s][%d] %s\n",
current_logtime(msr->mp), ap_get_server_name(r), (unsigned long)(r->server),
(unsigned long)r, ((r->uri == NULL) ? "" : log_escape_nq(msr->mp, r->uri)),
apr_snprintf(str2, sizeof(str2), "[%s] [%s/sid#%p][rid#%p][%s][%d] %s\n",
current_logtime(msr->mp), ap_get_server_name(r), (r->server),
r, ((r->uri == NULL) ? "" : log_escape_nq(msr->mp, r->uri)),
level, str1);
/* Write to the debug log. */

16
apache2/mod_security2.c
View File

@ -348,7 +348,7 @@ static modsec_rec *create_tx_context(request_rec *r) {
store_tx_context(msr, r);
if (msr->txcfg->debuglog_level >= 4) {
msr_log(msr, 4, "Transaction context created (dcfg %x).", msr->dcfg1);
msr_log(msr, 4, "Transaction context created (dcfg %p).", msr->dcfg1);
}
return msr;
@ -449,7 +449,7 @@ static int hook_post_config(apr_pool_t *mp, apr_pool_t *mp_log, apr_pool_t *mp_t
if (first_time == 0) {
ap_log_error(APLOG_MARK, APLOG_NOTICE | APLOG_NOERRNO, 0, s,
"ModSecurity: chroot checkpoint #2 (pid=%d ppid=%d)", (int)getpid(), (int)getppid());
"ModSecurity: chroot checkpoint #2 (pid=%ld ppid=%ld)", (long)getpid(), (long)getppid());
if (chdir(chroot_dir) < 0) {
ap_log_error(APLOG_MARK, APLOG_ERR | APLOG_NOERRNO, 0, s,
@ -478,7 +478,7 @@ static int hook_post_config(apr_pool_t *mp, apr_pool_t *mp_log, apr_pool_t *mp_t
"ModSecurity: chroot successful, path=%s", chroot_dir);
} else {
ap_log_error(APLOG_MARK, APLOG_NOTICE | APLOG_NOERRNO, 0, s,
"ModSecurity: chroot checkpoint #1 (pid=%d ppid=%d)", (int)getpid(), (int)getppid());
"ModSecurity: chroot checkpoint #1 (pid=%ld ppid=%ld)", (long)getpid(), (long)getppid());
}
}
#endif
@ -625,7 +625,7 @@ static int hook_request_late(request_rec *r) {
}
if (msr->txcfg->debuglog_level >= 4) {
msr_log(msr, 4, "Second phase starting (dcfg %x).", msr->dcfg2);
msr_log(msr, 4, "Second phase starting (dcfg %p).", msr->dcfg2);
}
/* Figure out whether or not to extract multipart files. */
@ -895,7 +895,7 @@ static void hook_insert_filter(request_rec *r) {
/* Add the input filter, but only if we need it to run. */
if (msr->if_status == IF_STATUS_WANTS_TO_RUN) {
if (msr->txcfg->debuglog_level >= 4) {
msr_log(msr, 4, "Hook insert_filter: Adding input forwarding filter %s(r %x).", (((r->main != NULL)||(r->prev != NULL)) ? "for subrequest " : ""), r);
msr_log(msr, 4, "Hook insert_filter: Adding input forwarding filter %s(r %p).", (((r->main != NULL)||(r->prev != NULL)) ? "for subrequest " : ""), r);
}
ap_add_input_filter("MODSECURITY_IN", msr, r, r->connection);
@ -910,7 +910,7 @@ static void hook_insert_filter(request_rec *r) {
/* We always add the PDF XSS protection filter. */
if (msr->txcfg->debuglog_level >= 4) {
msr_log(msr, 4, "Hook insert_filter: Adding PDF XSS protection output filter (r %x).", r);
msr_log(msr, 4, "Hook insert_filter: Adding PDF XSS protection output filter (r %p).", r);
}
ap_add_output_filter("PDFP_OUT", msr, r, r->connection);
@ -930,7 +930,7 @@ static void hook_insert_filter(request_rec *r) {
*/
if (msr->of_status != OF_STATUS_COMPLETE) {
if (msr->txcfg->debuglog_level >= 4) {
msr_log(msr, 4, "Hook insert_filter: Adding output filter (r %x).", r);
msr_log(msr, 4, "Hook insert_filter: Adding output filter (r %p).", r);
}
ap_add_output_filter("MODSECURITY_OUT", msr, r, r->connection);
@ -963,7 +963,7 @@ static void hook_insert_error_filter(request_rec *r) {
*/
if (msr->of_status != OF_STATUS_COMPLETE) {
if (msr->txcfg->debuglog_level >= 4) {
msr_log(msr, 4, "Hook insert_error_filter: Adding output filter (r %x).", r);
msr_log(msr, 4, "Hook insert_error_filter: Adding output filter (r %p).", r);
}
/* Make a note that the output we will be receiving is a

12
apache2/msc_logging.c
View File

@ -78,7 +78,7 @@ char *construct_log_vcombinedus(modsec_rec *msr) {
/* sessionid */
sessionid = (msr->sessionid == NULL ? "-" : msr->sessionid);
return apr_psprintf(msr->mp, "%s %s %s %s [%s] \"%s\" %d %" APR_OFF_T_FMT " \"%s\" \"%s\" %s \"%s\"",
return apr_psprintf(msr->mp, "%s %s %s %s [%s] \"%s\" %u %" APR_OFF_T_FMT " \"%s\" \"%s\" %s \"%s\"",
log_escape_nq(msr->mp, msr->hostname), msr->remote_addr, log_escape_nq(msr->mp, remote_user),
log_escape_nq(msr->mp, local_user), current_logtime(msr->mp),
((msr->request_line == NULL) ? "" : log_escape(msr->mp, msr->request_line)),
@ -203,7 +203,7 @@ char *construct_log_vcombinedus_limited(modsec_rec *msr, int _limit, int *was_li
*was_limited = 0;
}
return apr_psprintf(msr->mp, "%s %s %s %s [%s] \"%s\" %d %s \"%s\" \"%s\" %s \"%s\"",
return apr_psprintf(msr->mp, "%s %s %s %s [%s] \"%s\" %u %s \"%s\" \"%s\" %s \"%s\"",
hostname, msr->remote_addr, remote_user,
local_user, current_logtime(msr->mp), the_request,
msr->response_status, bytes_sent, referer, user_agent,
@ -284,7 +284,7 @@ static void sanitise_request_line(modsec_rec *msr) {
j = arg->value_origin_offset;
while((*p != '\0')&&(j--)) p++;
if (*p == '\0') {
msr_log(msr, 1, "Unable to sanitise variable \"%s\" at offset %d of QUERY_STRING"
msr_log(msr, 1, "Unable to sanitise variable \"%s\" at offset %u of QUERY_STRING"
"because the request line is too short.",
log_escape_ex(msr->mp, arg->name, arg->name_len),
arg->value_origin_offset);
@ -297,7 +297,7 @@ static void sanitise_request_line(modsec_rec *msr) {
*p++ = '*';
}
if (*p == '\0') {
msr_log(msr, 1, "Unable to sanitise variable \"%s\" at offset %d (size %d) "
msr_log(msr, 1, "Unable to sanitise variable \"%s\" at offset %u (size %d) "
"of QUERY_STRING because the request line is too short.",
log_escape_ex(msr->mp, arg->name, arg->name_len),
arg->value_origin_offset, arg->value_origin_len);
@ -418,7 +418,7 @@ void sec_audit_logger(modsec_rec *msr) {
/* Format: time transaction_id remote_addr remote_port local_addr local_port */
text = apr_psprintf(msr->mp, "[%s] %s %s %d %s %d",
text = apr_psprintf(msr->mp, "[%s] %s %s %u %s %u",
current_logtime(msr->mp), msr->txid, msr->remote_addr, msr->remote_port,
msr->local_addr, msr->local_port);
sec_auditlog_write(msr, text, strlen(text));
@ -638,7 +638,7 @@ void sec_audit_logger(modsec_rec *msr) {
text = apr_psprintf(msr->mp, "%s %s\n", msr->response_protocol,
msr->status_line);
} else {
text = apr_psprintf(msr->mp, "%s %d\n", msr->response_protocol,
text = apr_psprintf(msr->mp, "%s %u\n", msr->response_protocol,
msr->response_status);
}
sec_auditlog_write(msr, text, strlen(text));

8
apache2/msc_multipart.c
View File

@ -520,7 +520,7 @@ static int multipart_process_boundary(modsec_rec *msr, int last_part, char **err
*(multipart_part **)apr_array_push(msr->mpd->parts) = msr->mpd->mpp;
if (msr->mpd->mpp->type == MULTIPART_FILE) {
if (msr->txcfg->debuglog_level >= 9) {
msr_log(msr, 9, "Multipart: Added file part %x to the list: name \"%s\" "
msr_log(msr, 9, "Multipart: Added file part %p to the list: name \"%s\" "
"file name \"%s\" (offset %u, length %u)",
msr->mpd->mpp, log_escape(msr->mp, msr->mpd->mpp->name),
log_escape(msr->mp, msr->mpd->mpp->filename),
@ -529,7 +529,7 @@ static int multipart_process_boundary(modsec_rec *msr, int last_part, char **err
}
else {
if (msr->txcfg->debuglog_level >= 9) {
msr_log(msr, 9, "Multipart: Added part %x to the list: name \"%s\" "
msr_log(msr, 9, "Multipart: Added part %p to the list: name \"%s\" "
"(offset %u, length %u)", msr->mpd->mpp, log_escape(msr->mp, msr->mpd->mpp->name),
msr->mpd->mpp->offset, msr->mpd->mpp->length);
}
@ -833,7 +833,7 @@ int multipart_process_chunk(modsec_rec *msr, const char *buf,
msr->mpd->flag_data_before = 1;
if (msr->txcfg->debuglog_level >= 4) {
msr_log(msr, 4, "Multipart: Ignoring data after last boundary (received %d bytes)", size);
msr_log(msr, 4, "Multipart: Ignoring data after last boundary (received %u bytes)", size);
}
return 1;
@ -1031,7 +1031,7 @@ int multipart_process_chunk(modsec_rec *msr, const char *buf,
msr->mpd->flag_data_after = 1;
if (msr->txcfg->debuglog_level >= 4) {
msr_log(msr, 4, "Multipart: Ignoring data after last boundary (%d bytes left)", inleft);
msr_log(msr, 4, "Multipart: Ignoring data after last boundary (%u bytes left)", inleft);
}
return 1;

2
apache2/msc_multipart.h
View File

@ -45,7 +45,7 @@ struct multipart_part {
/* files only, the name of the temporary file holding data */
char *tmp_file_name;
int tmp_file_fd;
unsigned tmp_file_size;
unsigned int tmp_file_size;
/* files only, filename as supplied by the browser */
char *filename;

5
apache2/msc_reqbody.c
View File

@ -300,7 +300,7 @@ apr_status_t modsecurity_request_body_store(modsec_rec *msr,
}
/* Should never happen. */
*error_msg = apr_psprintf(msr->mp, "Internal error, unknown value for msc_reqbody_storage: %d",
*error_msg = apr_psprintf(msr->mp, "Internal error, unknown value for msc_reqbody_storage: %u",
msr->msc_reqbody_storage);
return -1;
}
@ -592,7 +592,8 @@ apr_status_t modsecurity_request_body_retrieve(modsec_rec *msr,
return 1; /* More data available. */
}
*error_msg = apr_psprintf(msr->mp, "Internal error, invalid msc_reqbody_storage value: %d",
/* Should never happen. */
*error_msg = apr_psprintf(msr->mp, "Internal error, invalid msc_reqbody_storage value: %u",
msr->msc_reqbody_storage);
return -1;

2
apache2/msc_xml.c
View File

@ -109,7 +109,7 @@ int xml_complete(modsec_rec *msr, char **error_msg) {
/* Clean up everything else. */
xmlFreeParserCtxt(msr->xml->parsing_ctx);
msr->xml->parsing_ctx = NULL;
msr_log(msr, 4, "XML: Parsing complete (well_formed %d).", msr->xml->well_formed);
msr_log(msr, 4, "XML: Parsing complete (well_formed %u).", msr->xml->well_formed);
if (msr->xml->well_formed != 1) {
*error_msg = apr_psprintf(msr->mp, "XML: Failed parsing document.");

4
apache2/pdf_protect.c
View File

@ -64,7 +64,7 @@ static char *create_hash(modsec_rec *msr,
*
*/
static char *create_token(modsec_rec *msr) {
unsigned int current_time;
apr_time_t current_time;
const char *time_string = NULL;
const char *hash = NULL;
int timeout = DEFAULT_TIMEOUT;
@ -74,7 +74,7 @@ static char *create_token(modsec_rec *msr) {
}
current_time = apr_time_sec(apr_time_now());
time_string = apr_psprintf(msr->mp, "%d", current_time + timeout);
time_string = apr_psprintf(msr->mp, "%" APR_TIME_T_FMT, (apr_time_t)(current_time + timeout));
if (time_string == NULL) return NULL;
hash = create_hash(msr, time_string);

16
apache2/persist_dbm.c
View File

@ -150,7 +150,7 @@ apr_table_t *collection_retrieve(modsec_rec *msr, const char *col_name,
if (var == NULL) {
/* Error. */
} else {
int td;
apr_time_t td;
counter = atoi(var->value);
var = (msc_string *)apr_table_get(col, "UPDATE_RATE");
if (var == NULL) {
@ -161,13 +161,13 @@ apr_table_t *collection_retrieve(modsec_rec *msr, const char *col_name,
}
/* NOTE: No rate if there has been no time elapsed */
td = (int)(apr_time_sec(apr_time_now()) - create_time);
td = (apr_time_sec(apr_time_now()) - create_time);
if (td == 0) {
var->value = apr_psprintf(msr->mp, "%d", 0);
}
else {
var->value = apr_psprintf(msr->mp, "%d",
(int)((60 * counter)/td));
var->value = apr_psprintf(msr->mp, "%" APR_TIME_T_FMT,
(apr_time_t)((60 * counter)/td));
}
var->value_len = strlen(var->value);
}
@ -279,7 +279,7 @@ int collection_store(modsec_rec *msr, apr_table_t *col) {
int timeout = atoi(var->value);
var = (msc_string *)apr_table_get(col, "__expire_KEY");
if (var != NULL) {
var->value = apr_psprintf(msr->mp, "%d", (int)(apr_time_sec(apr_time_now()) + timeout));
var->value = apr_psprintf(msr->mp, "%" APR_TIME_T_FMT, (apr_time_t)(apr_time_sec(apr_time_now()) + timeout));
var->value_len = strlen(var->value);
}
}
@ -294,7 +294,7 @@ int collection_store(modsec_rec *msr, apr_table_t *col) {
var->name_len = strlen(var->name);
apr_table_setn(col, var->name, (void *)var);
}
var->value = apr_psprintf(msr->mp, "%d", (int)(apr_time_sec(apr_time_now())));
var->value = apr_psprintf(msr->mp, "%" APR_TIME_T_FMT, (apr_time_t)(apr_time_sec(apr_time_now())));
var->value_len = strlen(var->value);
}
@ -418,7 +418,7 @@ int collections_remove_stale(modsec_rec *msr, const char *col_name) {
apr_array_header_t *keys_arr;
char **keys;
int i;
unsigned int now = (unsigned int)apr_time_sec(msr->request_time);
apr_time_t now = apr_time_sec(msr->request_time);
if (msr->txcfg->data_dir == NULL) {
/* The user has been warned about this problem enough times already by now.
@ -493,7 +493,7 @@ int collections_remove_stale(modsec_rec *msr, const char *col_name) {
} else {
unsigned int expiry_time = atoi(var->value);
msr_log(msr, 9, "Record (name \"%s\", key \"%s\") set to expire in %d seconds.",
msr_log(msr, 9, "Record (name \"%s\", key \"%s\") set to expire in %" APR_TIME_T_FMT " seconds.",
log_escape(msr->mp, col_name), log_escape(msr->mp, key.dptr),
expiry_time - now);

10
apache2/re.c
View File

@ -351,6 +351,7 @@ int msre_parse_generic(apr_pool_t *mp, const char *text, apr_table_t *vartable,
for(;;) {
if (*p == '\0') {
// TODO better 64-bit support here
*error_msg = apr_psprintf(mp, "Missing closing quote at position %d: %s",
(int)(p - text), text);
free(value);
@ -358,6 +359,7 @@ int msre_parse_generic(apr_pool_t *mp, const char *text, apr_table_t *vartable,
} else
if (*p == '\\') {
if ( (*(p + 1) == '\0') || ((*(p + 1) != '\'')&&(*(p + 1) != '\\')) ) {
// TODO better 64-bit support here
*error_msg = apr_psprintf(mp, "Invalid quoted pair at position %d: %s",
(int)(p - text), text);
free(value);
@ -773,7 +775,7 @@ apr_status_t msre_ruleset_process_phase(msre_ruleset *ruleset, modsec_rec *msr)
if (rule->actionset != NULL && rule->actionset->rev != NULL) {
rev = apr_psprintf(p, " [rev \"%s\"]", rule->actionset->rev);
}
msr_log(msr, 4, "Recipe: Invoking rule %x;%s%s%s.",
msr_log(msr, 4, "Recipe: Invoking rule %p;%s%s%s.",
rule, (fn ? fn : ""), (id ? id : ""), (rev ? rev : ""));
}
@ -926,7 +928,7 @@ apr_status_t msre_ruleset_process_phase(msre_ruleset *ruleset, modsec_rec *msr)
rules = (msre_rule **)arr->elts;
for (i = 0; i < arr->nelts; i++) {
msre_rule *rule = rules[i];
msr_log(msr, 1, "Rule %x [id \"%s\"][file \"%s\"][line \"%d\"]: %lu usec", rule,
msr_log(msr, 1, "Rule %p [id \"%s\"][file \"%s\"][line \"%d\"]: %lu usec", rule,
((rule->actionset != NULL)&&(rule->actionset->id != NULL)) ? rule->actionset->id : "-",
rule->filename != NULL ? rule->filename : "-",
rule->line_num,
@ -1554,11 +1556,11 @@ apr_status_t msre_rule_process(msre_rule *rule, modsec_rec *msr) {
/* check the cache options */
if (var->value_len < msr->txcfg->cache_trans_min) {
msr_log(msr, 9, "CACHE: Disabled - %s value length=%d, smaller than minlen=%d", var->name, var->value_len, msr->txcfg->cache_trans_min);
msr_log(msr, 9, "CACHE: Disabled - %s value length=%u, smaller than minlen=%" APR_SIZE_T_FMT, var->name, var->value_len, msr->txcfg->cache_trans_min);
usecache = 0;
}
if ((msr->txcfg->cache_trans_max != 0) && (var->value_len > msr->txcfg->cache_trans_max)) {
msr_log(msr, 9, "CACHE: Disabled - %s value length=%d, larger than maxlen=%d", var->name, var->value_len, msr->txcfg->cache_trans_max);
msr_log(msr, 9, "CACHE: Disabled - %s value length=%u, larger than maxlen=%" APR_SIZE_T_FMT, var->name, var->value_len, msr->txcfg->cache_trans_max);
usecache = 0;
}

30
apache2/re_actions.c
View File

@ -557,7 +557,7 @@ static char *msre_action_ctl_validate(msre_engine *engine, msre_action *action)
if (limit > REQUEST_BODY_HARD_LIMIT) {
return apr_psprintf(engine->mp, "Request size limit cannot exceed "
"the hard limit: %li", RESPONSE_BODY_HARD_LIMIT);
"the hard limit: %ld", RESPONSE_BODY_HARD_LIMIT);
}
return NULL;
@ -572,7 +572,7 @@ static char *msre_action_ctl_validate(msre_engine *engine, msre_action *action)
if (limit > RESPONSE_BODY_HARD_LIMIT) {
return apr_psprintf(engine->mp, "Response size limit cannot exceed "
"the hard limit: %li", RESPONSE_BODY_HARD_LIMIT);
"the hard limit: %ld", RESPONSE_BODY_HARD_LIMIT);
}
return NULL;
@ -1118,7 +1118,7 @@ static apr_status_t msre_action_expirevar_execute(modsec_rec *msr, apr_pool_t *m
var = (msc_string *)apr_pcalloc(msr->mp, sizeof(msc_string));
var->name = apr_psprintf(msr->mp, "__expire_%s", var_name);
var->name_len = strlen(var->name);
var->value = apr_psprintf(msr->mp, "%d", (int)(apr_time_sec(msr->request_time)
var->value = apr_psprintf(msr->mp, "%" APR_TIME_T_FMT, (apr_time_t)(apr_time_sec(msr->request_time)
+ atoi(var_value)));
var->value_len = strlen(var->value);
apr_table_setn(target_col, var->name, (void *)var);
@ -1140,8 +1140,8 @@ static apr_status_t msre_action_deprecatevar_execute(modsec_rec *msr, apr_pool_t
char *s = NULL;
apr_table_t *target_col = NULL;
msc_string *var = NULL, *var_last_update_time = NULL;
unsigned int last_update_time, current_time;
long int current_value, new_value;
apr_time_t last_update_time, current_time;
long current_value, new_value;
/* Extract the name and the value. */
/* IMP1 We have a function for this now, parse_name_eq_value? */
@ -1193,7 +1193,7 @@ static apr_status_t msre_action_deprecatevar_execute(modsec_rec *msr, apr_pool_t
return 0;
}
current_time = (unsigned int)apr_time_sec(apr_time_now());
current_time = apr_time_sec(apr_time_now());
last_update_time = atoi(var_last_update_time->value);
s = strstr(var_value, "/");
@ -1209,24 +1209,24 @@ static apr_status_t msre_action_deprecatevar_execute(modsec_rec *msr, apr_pool_t
* time elapsed since the last update.
*/
new_value = current_value -
(atoi(var_value) * ((current_time - last_update_time) / atoi(s)));
(atol(var_value) * ((current_time - last_update_time) / atol(s)));
if (new_value < 0) new_value = 0;
/* Only change the value if it differs. */
if (new_value != current_value) {
var->value = apr_psprintf(msr->mp, "%d", (int)new_value);
var->value = apr_psprintf(msr->mp, "%ld", new_value);
var->value_len = strlen(var->value);
msr_log(msr, 4, "Deprecated variable \"%s.%s\" from %li to %li (%d seconds since "
msr_log(msr, 4, "Deprecated variable \"%s.%s\" from %ld to %ld (%" APR_TIME_T_FMT " seconds since "
"last update).", log_escape(msr->mp, col_name), log_escape(msr->mp, var_name),
current_value, new_value, current_time - last_update_time);
current_value, new_value, (apr_time_t)(current_time - last_update_time));
apr_table_set(msr->collections_dirty, col_name, "1");
} else {
msr_log(msr, 9, "Not deprecating variable \"%s.%s\" because the new value (%li) is "
"the same as the old one (%li) (%d seconds since last update).",
msr_log(msr, 9, "Not deprecating variable \"%s.%s\" because the new value (%ld) is "
"the same as the old one (%ld) (%" APR_TIME_T_FMT " seconds since last update).",
log_escape(msr->mp, col_name), log_escape(msr->mp, var_name), current_value,
new_value, current_time - last_update_time);
new_value, (apr_time_t)(current_time - last_update_time));
}
return 1;
@ -1263,7 +1263,7 @@ static apr_status_t init_collection(modsec_rec *msr, const char *real_col_name,
var = (msc_string *)apr_pcalloc(msr->mp, sizeof(msc_string));
var->name = "__expire_KEY";
var->name_len = strlen(var->name);
var->value = apr_psprintf(msr->mp, "%d", (int)(apr_time_sec(msr->request_time) + 3600));
var->value = apr_psprintf(msr->mp, "%" APR_TIME_T_FMT, (apr_time_t)(apr_time_sec(msr->request_time) + 3600));
var->value_len = strlen(var->value);
apr_table_setn(table, var->name, (void *)var);
@ -1311,7 +1311,7 @@ static apr_status_t init_collection(modsec_rec *msr, const char *real_col_name,
var = apr_pcalloc(msr->mp, sizeof(msc_string));
var->name = "CREATE_TIME";
var->name_len = strlen(var->name);
var->value = apr_psprintf(msr->mp, "%d", (int)apr_time_sec(msr->request_time));
var->value = apr_psprintf(msr->mp, "%" APR_TIME_T_FMT, (apr_time_t)apr_time_sec(msr->request_time));
var->value_len = strlen(var->value);
apr_table_setn(table, var->name, (void *)var);

4
apache2/re_operators.c
View File

@ -278,7 +278,7 @@ static int msre_op_pmFromFile_param_init(msre_rule *rule, char **error_msg) {
rc = apr_file_gets(buf, HUGE_STRING_LEN, fd);
if (rc == APR_EOF) break;
if (rc != APR_SUCCESS) {
*error_msg = apr_psprintf(rule->ruleset->mp, "Could read \"%s\" line %d: %s", fn, line, apr_strerror(rc, errstr, 1024));
*error_msg = apr_psprintf(rule->ruleset->mp, "Could not read \"%s\" line %d: %s", fn, line, apr_strerror(rc, errstr, 1024));
return 0;
}
@ -407,7 +407,7 @@ static int msre_op_within_execute(modsec_rec *msr, msre_rule *rule, msre_var *va
/* scan for first character, then compare from there until we
* have a match or there is no room left in the target
*/
msr_log(msr, 9, "match[%d]='%s' target[%d]='%s'", match_length, match, target_length, target);
msr_log(msr, 9, "match[%u]='%s' target[%u]='%s'", match_length, match, target_length, target);
i_max = match_length - target_length;
for (i = 0; i <= i_max; i++) {
if (match[i] == target[0]) {

12
apache2/re_variables.c
View File

@ -681,7 +681,7 @@ static int var_remote_host_generate(modsec_rec *msr, msre_var *var, msre_rule *r
static int var_remote_port_generate(modsec_rec *msr, msre_var *var, msre_rule *rule,
apr_table_t *vartab, apr_pool_t *mptmp)
{
char *value = apr_psprintf(mptmp, "%d", msr->remote_port);
char *value = apr_psprintf(mptmp, "%u", msr->remote_port);
return var_simple_generate(var, vartab, mptmp, value);
}
@ -1563,7 +1563,7 @@ static int var_time_epoch_generate(modsec_rec *msr, msre_var *var, msre_rule *ru
tc = time(NULL);
tm = localtime(&tc);
rvar = apr_pmemdup(mptmp, var, sizeof(msre_var));
rvar->value = apr_psprintf(mptmp, "%d", (int)tc);
rvar->value = apr_psprintf(mptmp, "%ld", (long)tc);
rvar->value_len = strlen(rvar->value);
apr_table_addn(vartab, rvar->name, (void *)rvar);
@ -1824,7 +1824,7 @@ static int var_server_name_generate(modsec_rec *msr, msre_var *var, msre_rule *r
static int var_server_port_generate(modsec_rec *msr, msre_var *var, msre_rule *rule,
apr_table_t *vartab, apr_pool_t *mptmp)
{
char *value = apr_psprintf(mptmp, "%d", msr->local_port);
char *value = apr_psprintf(mptmp, "%u", msr->local_port);
return var_simple_generate(var, vartab, mptmp, value);
}
@ -1851,7 +1851,7 @@ static int var_script_filename_generate(modsec_rec *msr, msre_var *var, msre_rul
static int var_script_gid_generate(modsec_rec *msr, msre_var *var, msre_rule *rule,
apr_table_t *vartab, apr_pool_t *mptmp)
{
char *value = apr_psprintf(mptmp, "%d", msr->r->finfo.group);
char *value = apr_psprintf(mptmp, "%ld", (long)msr->r->finfo.group);
return var_simple_generate(var, vartab, mptmp, value);
}
@ -1881,7 +1881,7 @@ static int var_script_mode_generate(modsec_rec *msr, msre_var *var, msre_rule *r
static int var_script_uid_generate(modsec_rec *msr, msre_var *var, msre_rule *rule,
apr_table_t *vartab, apr_pool_t *mptmp)
{
char *value = apr_psprintf(mptmp, "%d", msr->r->finfo.user);
char *value = apr_psprintf(mptmp, "%ld", (long)msr->r->finfo.user);
return var_simple_generate(var, vartab, mptmp, value);
}
@ -2039,7 +2039,7 @@ static int var_response_protocol_generate(modsec_rec *msr, msre_var *var, msre_r
static int var_response_status_generate(modsec_rec *msr, msre_var *var, msre_rule *rule,
apr_table_t *vartab, apr_pool_t *mptmp)
{
const char *value = apr_psprintf(mptmp, "%d", msr->response_status);
const char *value = apr_psprintf(mptmp, "%u", msr->response_status);
return var_simple_generate(var, vartab, mptmp, value);
}