github_mirrors/ModSecurity
3
0
Fork 1
mirror of https://github.com/owasp-modsecurity/ModSecurity.git synced 2025-09-30 11:44:32 +03:00
Code Issues Packages Projects Releases Wiki Activity

MODSEC-249

Browse Source
This commit is contained in:
brenosilva
2011-08-31 16:53:11 +00:00
parent d43c7e0bf5
commit b0e9468d6e
2 changed files with 36 additions and 12 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
apache2/re.h
View File

@@ -164,7 +164,11 @@ struct msre_rule {
msc_script *script; msc_script *script;
#endif #endif
#if AP_SERVER_MAJORVERSION_NUMBER > 1 && AP_SERVER_MINORVERSION_NUMBER > 0
ap_regex_t *sub_regex; ap_regex_t *sub_regex;
#else
regex_t *sub_regex;
#endif
char *sub_str; char *sub_str;
char *re_str; char *re_str;
int re_precomp; int re_precomp;

44
apache2/re_operators.c
View File

@@ -21,7 +21,6 @@
#include "acmp.h" #include "acmp.h"
#include "msc_util.h" #include "msc_util.h"
#if !defined(WIN32) || !defined(WINNT) #if !defined(WIN32) || !defined(WINNT)
#include <regex.h>
#include <arpa/inet.h> #include <arpa/inet.h>
#endif #endif
@@ -213,7 +212,11 @@ static char *param_remove_escape(msre_rule *rule, char *str, int len) {
*/ */
#if !defined(MSC_TEST) #if !defined(MSC_TEST)
static int msre_op_rsub_param_init(msre_rule *rule, char **error_msg) { static int msre_op_rsub_param_init(msre_rule *rule, char **error_msg) {
#if AP_SERVER_MAJORVERSION_NUMBER > 1 && AP_SERVER_MINORVERSION_NUMBER > 0
ap_regex_t *regex; ap_regex_t *regex;
#else
regex_t *regex;
#endif
const char *pattern = NULL; const char *pattern = NULL;
const char *line = NULL; const char *line = NULL;
char *reg_pattern = NULL; char *reg_pattern = NULL;
@@ -309,8 +312,13 @@ static int msre_op_rsub_param_init(msre_rule *rule, char **error_msg) {
pattern = apr_pstrndup(rule->ruleset->mp, e_pattern, strlen(e_pattern)); pattern = apr_pstrndup(rule->ruleset->mp, e_pattern, strlen(e_pattern));
if(strstr(pattern,"%{") == NULL) { if(strstr(pattern,"%{") == NULL) {
#if AP_SERVER_MAJORVERSION_NUMBER > 1 && AP_SERVER_MINORVERSION_NUMBER > 0
regex = ap_pregcomp(rule->ruleset->mp, pattern, AP_REG_EXTENDED | regex = ap_pregcomp(rule->ruleset->mp, pattern, AP_REG_EXTENDED |
(ignore_case ? AP_REG_ICASE : 0)); (ignore_case ? AP_REG_ICASE : 0));
#else
regex = ap_pregcomp(rule->ruleset->mp, pattern, REG_EXTENDED |
(ignore_case ? REG_ICASE : 0));
#endif
rule->sub_regex = regex; rule->sub_regex = regex;
} else { } else {
rule->re_precomp = 1; rule->re_precomp = 1;
@@ -342,7 +350,11 @@ static int msre_op_rsub_execute(modsec_rec *msr, msre_rule *rule, msre_var *var,
char *data = NULL, *pattern = NULL; char *data = NULL, *pattern = NULL;
unsigned int size = var->value_len; unsigned int size = var->value_len;
int output_body = 0, input_body = 0, count = 0; int output_body = 0, input_body = 0, count = 0;
#if AP_SERVER_MAJORVERSION_NUMBER > 1 && AP_SERVER_MINORVERSION_NUMBER > 0
ap_regmatch_t pmatch[AP_MAX_REG_MATCH]; ap_regmatch_t pmatch[AP_MAX_REG_MATCH];
#else
regmatch_t pmatch[AP_MAX_REG_MATCH];
#endif
if (error_msg == NULL) return -1; if (error_msg == NULL) return -1;
*error_msg = NULL; *error_msg = NULL;
@@ -367,12 +379,20 @@ static int msre_op_rsub_execute(modsec_rec *msr, msre_rule *rule, msre_var *var,
if (msr->txcfg->debuglog_level >= 6) { if (msr->txcfg->debuglog_level >= 6) {
msr_log(msr, 6, "Escaping pattern [%s]",pattern); msr_log(msr, 6, "Escaping pattern [%s]",pattern);
} }
#if AP_SERVER_MAJORVERSION_NUMBER > 1 && AP_SERVER_MINORVERSION_NUMBER > 0
rule->sub_regex = ap_pregcomp(msr->mp, pattern, AP_REG_EXTENDED); rule->sub_regex = ap_pregcomp(msr->mp, pattern, AP_REG_EXTENDED);
#else
rule->sub_regex = ap_pregcomp(msr->mp, pattern, REG_EXTENDED);
#endif
} else { } else {
#if AP_SERVER_MAJORVERSION_NUMBER > 1 && AP_SERVER_MINORVERSION_NUMBER > 0
rule->sub_regex = ap_pregcomp(msr->mp, re_pattern->value, AP_REG_EXTENDED); rule->sub_regex = ap_pregcomp(msr->mp, re_pattern->value, AP_REG_EXTENDED);
#else
rule->sub_regex = ap_pregcomp(msr->mp, re_pattern->value, REG_EXTENDED);
#endif
} }
} } else {
else {
rule->sub_regex = NULL; rule->sub_regex = NULL;
} }
@@ -387,7 +407,7 @@ static int msre_op_rsub_execute(modsec_rec *msr, msre_rule *rule, msre_var *var,
str->value_len = strlen(str->value); str->value_len = strlen(str->value);
if(strstr(rule->sub_str,"%{") != NULL) if(strstr(rule->sub_str,"%{") != NULL)
expand_macros(msr, str, rule, msr->mp); expand_macros(msr, str, rule, msr->mp);
replace = apr_pstrndup(msr->mp, str->value, str->value_len); replace = apr_pstrndup(msr->mp, str->value, str->value_len);
data = apr_pcalloc(msr->mp, var->value_len+(AP_MAX_REG_MATCH*strlen(replace))+1); data = apr_pcalloc(msr->mp, var->value_len+(AP_MAX_REG_MATCH*strlen(replace))+1);
@@ -436,16 +456,16 @@ static int msre_op_rsub_execute(modsec_rec *msr, msre_rule *rule, msre_var *var,
msr->stream_output_length = size; msr->stream_output_length = size;
if(stream_output_data == NULL) { if(stream_output_data == NULL) {
free (msr->stream_output_data); free (msr->stream_output_data);
msr->stream_output_data = NULL; msr->stream_output_data = NULL;
return -1; return -1;
} }
var->value_len = size; var->value_len = size;
msr->of_stream_changed = 1; msr->of_stream_changed = 1;
msr->stream_output_data = (char *)stream_output_data; msr->stream_output_data = (char *)stream_output_data;
if(msr->stream_output_data != NULL) if(msr->stream_output_data != NULL)
apr_cpystrn(msr->stream_output_data, data, size); apr_cpystrn(msr->stream_output_data, data, size);
} }
@@ -456,15 +476,15 @@ static int msre_op_rsub_execute(modsec_rec *msr, msre_rule *rule, msre_var *var,
msr->stream_input_length = size; msr->stream_input_length = size;
if(stream_input_data == NULL) { if(stream_input_data == NULL) {
free (msr->stream_input_data); free (msr->stream_input_data);
msr->stream_input_data = NULL; msr->stream_input_data = NULL;
return -1; return -1;
} }
var->value_len = size; var->value_len = size;
msr->stream_input_data = (char *)stream_input_data; msr->stream_input_data = (char *)stream_input_data;
if(msr->stream_input_data != NULL) if(msr->stream_input_data != NULL)
apr_cpystrn(msr->stream_input_data, data, size); apr_cpystrn(msr->stream_input_data, data, size);
msr->if_stream_changed = 1; msr->if_stream_changed = 1;
} }