github_mirrors/ModSecurity
3
0
Fork 1
mirror of https://github.com/owasp-modsecurity/ModSecurity.git synced 2025-08-13 21:36:00 +03:00
Code Issues Packages Projects Releases Wiki Activity

Fix RulesProperties::appendRules()

Browse Source 
RulesProperties::appendRules() was not checking for duplicate IDs as well as
throwing an error if there were secMarkers in more than one file (when
calling any combination of rules->load(), rules->loadFromUri() or
rules->loadRemote() more than once). To fix the secMarker issue, the if
statement on rules_properties.h:441 just needed to be negated.

This function also doesn't accurately check for duplicate IDs. the check
can be circumvented by putting the rule in a different phase. To fix this
the ruleId list (v) had to be populated completely before checking against
the other list.
This commit is contained in:
Steven 2018-09-15 16:32:20 -04:00 committed by Felipe Zimmerle
parent f1da6dd29b
commit b12a8f5c6f
No known key found for this signature in database
GPG Key ID: E6DFB08CE8B11277
1 changed files with 10 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

18
headers/modsecurity/rules_properties.h
View File

@ -431,34 +431,36 @@ class RulesProperties {
std::vector<modsecurity::Rule *> *to,
std::ostringstream *err) {
int amount_of_rules = 0;
// TODO: std::vector could be replaced with something more efficient.
std::vector<int64_t> v;
for (int i = 0; i < modsecurity::Phases::NUMBER_OF_PHASES; i++) {
std::vector<modsecurity::Rule *> *rules_to = to+i;
std::vector<modsecurity::Rule *> *rules_from = from+i;
// FIXME: std::vector could be replaced with something more efficient.
std::vector<int64_t> v;
v.reserve(rules_to->size());
for (size_t z = 0; z < rules_to->size(); z++) {
Rule *rule_ckc = rules_to->at(z);
if (rule_ckc->m_secMarker == false) {
if (rule_ckc->m_secMarker == true) {
continue;
}
v.push_back(rule_ckc->m_ruleId);
}
std::sort(v.begin(), v.end());
}
std::sort (v.begin(), v.end());
for (int i = 0; i < modsecurity::Phases::NUMBER_OF_PHASES; i++) {
std::vector<modsecurity::Rule *> *rules_from = from+i;
std::vector<modsecurity::Rule *> *rules_to = to+i;
for (size_t j = 0; j < rules_from->size(); j++) {
Rule *rule = rules_from->at(j);
if (std::binary_search(v.begin(), v.end(), rule->m_ruleId)) {
if (err != NULL) {
*err << "Rule id: " \
<< std::to_string(rule->m_ruleId) \
*err << "Rule id: " << std::to_string(rule->m_ruleId) \
<< " is duplicated" << std::endl;
}
return -1;
}
amount_of_rules++;
rules_to->push_back(rule);
rule->refCountIncrease();
rules_to->push_back(rule);
}
}
return amount_of_rules;