diff --git a/CHANGES b/CHANGES index fc531217..f4b620ce 100644 --- a/CHANGES +++ b/CHANGES @@ -1,5 +1,10 @@ ?? ??? 2007 - 2.2.0-trunk +------------------------- + + * Removed strnlen() calls for non-GNU platforms. + +11 May 2007 - 2.2.0-dev1 ------------------------- * Add SecGeoLookupsDb, @geoLookups and GEO collection to support @@ -18,10 +23,10 @@ * Added experimental variables RESPONSE_CONTENT_LENGTH, RESPONSE_CONTENT_TYPE, and RESPONSE_CONTENT_ENCODING. - * Added experimental support for content injection. Directive SecContentInjection - (On|Off) controls whether injection is taking place. Actions "prepend" - and "append" inject content when executed. Do note that it is your - responsibility to make sure the response is of the appropriate + * Added experimental support for content injection. Directive + SecContentInjection (On|Off) controls whether injection is taking place. + Actions "prepend" and "append" inject content when executed. Do note that + it is your responsibility to make sure the response is of the appropriate content type (e.g. HTML, plain text, etc). * Added string comparison operators with support for macro expansion: @@ -32,7 +37,7 @@ * Removed support for %0 - %9 capture macros as they were incorrectly expanding url encoded values. Use %{TX.0} - %{TX.9} instead. - + * Added t:length to transform a value to its character length. * Added t:trimLeft, t:trimRight, t:trim to remove whitespace @@ -58,25 +63,21 @@ and/or counting operator in the debug log. -05 Apr 2007 - 2.1.1-rc2 ------------------------ +11 Apr 2007 - 2.1.1 +------------------- * Add the PCRE_DOLLAR_ENDONLY option when compiling regular expression for the @rx operator and variables. - + * Really set PCRE_DOTALL option when compiling the regular expression for the @rx operator as the docs state. - - -11 Mar 2007 - 2.1.1-rc1 ------------------------ - + * Fixed potential memory corruption when expanding macros. - * Fixed error when a collection var was fetched in the same second as creation - by setting the rate to zero. + * Fixed error when a collection was retrieved from storage in the same second + as creation by setting the rate to zero. - * Fixed ASCIIZ (NUL) parsing for application/x-www-form-urlencoded forms + * Fixed ASCIIZ (NUL) parsing for application/x-www-form-urlencoded forms. * Fixed the faulty REQUEST_FILENAME variable, which used to change the internal Apache structures by mistake. diff --git a/apache2/msc_geo.c b/apache2/msc_geo.c index 798d8d28..0cf74998 100644 --- a/apache2/msc_geo.c +++ b/apache2/msc_geo.c @@ -228,6 +228,23 @@ static int db_open(directory_config *dcfg, char **error_msg) return 1; } +static int field_length(const char *field, int maxlen) +{ + int i; + + if (field == NULL) { + return 0; + } + + for (i = 0; i < maxlen; i++) { + if (field[i] == '\0') { + break; + } + } + + return i; +} + /** * Initialise Geo data structure */ @@ -375,21 +392,21 @@ int geo_lookup(modsec_rec *msr, geo_rec *georec, const char *target, char **erro remaining -= rec_offset; /* Region */ - field_len = strnlen((const char *)cbuf+rec_offset,remaining); + field_len = field_length((const char *)cbuf+rec_offset, remaining); msr_log(msr, 9, "GEO: region=\"%.*s\"", ((field_len+1)*4), log_escape_raw(msr->mp, cbuf, sizeof(cbuf))+(rec_offset*4)); georec->region = apr_pstrmemdup(msr->mp, (const char *)cbuf+rec_offset, (remaining)); rec_offset += field_len + 1; remaining -= field_len + 1; /* City */ - field_len = strnlen((const char *)cbuf+rec_offset,remaining); + field_len = field_length((const char *)cbuf+rec_offset, remaining); msr_log(msr, 9, "GEO: city=\"%.*s\"", ((field_len+1)*4), log_escape_raw(msr->mp, cbuf, sizeof(cbuf))+(rec_offset*4)); georec->city = apr_pstrmemdup(msr->mp, (const char *)cbuf+rec_offset, (remaining)); rec_offset += field_len + 1; remaining -= field_len + 1; /* Postal Code */ - field_len = strnlen((const char *)cbuf+rec_offset,remaining); + field_len = field_length((const char *)cbuf+rec_offset, remaining); msr_log(msr, 9, "GEO: postal_code=\"%.*s\"", ((field_len+1)*4), log_escape_raw(msr->mp, cbuf, sizeof(cbuf))+(rec_offset*4)); georec->postal_code = apr_pstrmemdup(msr->mp, (const char *)cbuf+rec_offset, (remaining)); rec_offset += field_len + 1;