github_mirrors/ModSecurity
3
0
Fork 1
mirror of https://github.com/owasp-modsecurity/ModSecurity.git synced 2025-08-14 13:56:01 +03:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #8 from hideaki/strmatch_coredump

Browse Source 
handle invalid escape sequence passed to strmatch operator
This commit is contained in:
Breno Silva 2012-11-09 10:36:40 -08:00
commit b31f83b292
1 changed files with 8 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
apache2/re_operators.c
View File

@ -2394,6 +2394,7 @@ static int msre_op_endsWith_execute(modsec_rec *msr, msre_rule *rule, msre_var *
static int msre_op_strmatch_param_init(msre_rule *rule, char **error_msg) {
const apr_strmatch_pattern *compiled_pattern;
char *processed = NULL;
const char *pattern = rule->op_param;
unsigned short int op_len;
@ -2402,8 +2403,14 @@ static int msre_op_strmatch_param_init(msre_rule *rule, char **error_msg) {
op_len = strlen(pattern);
/* Process pattern */
processed = parse_pm_content(pattern, op_len, rule, error_msg);
if (processed == NULL) {
return 0;
}
/* Compile pattern */
compiled_pattern = apr_strmatch_precompile(rule->ruleset->mp, parse_pm_content(pattern, op_len, rule, error_msg), 1);
compiled_pattern = apr_strmatch_precompile(rule->ruleset->mp, processed, 1);
if (compiled_pattern == NULL) {
*error_msg = apr_psprintf(rule->ruleset->mp, "Error compiling pattern: %s", pattern);
return 0;