diff --git a/build/win32/README.md b/build/win32/README.md index 85fd868e..2c9c11d0 100644 --- a/build/win32/README.md +++ b/build/win32/README.md @@ -18,7 +18,7 @@ The Windows build of libModSecurity uses Build Tools for Visual Studio 2022 (for * Windows SDK * CMake * Address Sanitizer - * [Conan package manager 2.2.2](https://github.com/conan-io/conan/releases/download/2.2.2/conan-2.2.2-windows-x86_64-installer.exe) + * [Conan package manager 2.10.2](https://github.com/conan-io/conan/releases/download/2.10.2/conan-2.10.2-windows-x86_64-installer.exe) * Install and then setup the default Conan profile to use the MSVC C++ compiler: 1. Open a command-prompt and set the MSVC C++ compiler environment by executing: `C:\BuildTools\VC\Auxiliary\Build\vcvars64.bat` 2. Execute: `conan profile detect --force` @@ -30,7 +30,7 @@ The Windows build of libModSecurity uses Build Tools for Visual Studio 2022 (for ## Build -Install the prerequisites listsed in the previous section, checkout libModSecurity and from the directory where it's located execute: +Install the prerequisites listed in the previous section, checkout libModSecurity and from the directory where it's located execute: ``` vcbuild.bat [build_configuration] [arch] [USE_ASAN] diff --git a/build/win32/docker/Dockerfile b/build/win32/docker/Dockerfile index a33d12f8..e0189790 100644 --- a/build/win32/docker/Dockerfile +++ b/build/win32/docker/Dockerfile @@ -35,7 +35,7 @@ RUN %INSTALLER% /SP- /VERYSILENT /SUPPRESSMSGBOXES /NOCANCEL ` /NORESTART /CLOSEAPPLICATIONS /RESTARTAPPLICATIONS /LOADINF=git.inf # download & setup conan -ARG CONAN_VERSION=2.2.2 +ARG CONAN_VERSION=2.10.2 ARG CONAN_BINARY=conan-${CONAN_VERSION}-windows-x86_64-installer.exe ARG CONAN_URL=https://github.com/conan-io/conan/releases/download/${CONAN_VERSION}/${CONAN_BINARY} diff --git a/build/yajl.m4 b/build/yajl.m4 index e050c084..10d4e78a 100644 --- a/build/yajl.m4 +++ b/build/yajl.m4 @@ -62,7 +62,7 @@ else YAJL_DISPLAY="${YAJL_LDADD}, ${YAJL_CFLAGS}" else # If pkg-config did not find anything useful, go over file lookup. - for x in ${YAJL_POSSIBLE_LIB_NAMES}; do + for x in ${YAJL_POSSIBLE_PATHS}; do CHECK_FOR_YAJL_AT(${x}) if test -n "${YAJL_VERSION}"; then break diff --git a/src/operators/validate_byte_range.cc b/src/operators/validate_byte_range.cc index 2553b9c1..05d06c78 100644 --- a/src/operators/validate_byte_range.cc +++ b/src/operators/validate_byte_range.cc @@ -37,6 +37,11 @@ bool ValidateByteRange::getRange(const std::string &rangeRepresentation, "' into a number"); return false; } + if ((start < 0) || (start > 255)) { + error->assign("Invalid byte value: " + + std::to_string(start)); + return false; + } table[start >> 3] = (table[start >> 3] | (1 << (start & 0x7))); return true; } @@ -87,21 +92,29 @@ bool ValidateByteRange::getRange(const std::string &rangeRepresentation, bool ValidateByteRange::init(const std::string &file, std::string *error) { size_t pos = m_param.find_first_of(","); + bool rc; if (pos == std::string::npos) { - getRange(m_param, error); + rc = getRange(m_param, error); } else { - getRange(std::string(m_param, 0, pos), error); + rc = getRange(std::string(m_param, 0, pos), error); + } + + if (rc == false) { + return false; } while (pos != std::string::npos) { size_t next_pos = m_param.find_first_of(",", pos + 1); if (next_pos == std::string::npos) { - getRange(std::string(m_param, pos + 1, m_param.length() - + rc = getRange(std::string(m_param, pos + 1, m_param.length() - (pos + 1)), error); } else { - getRange(std::string(m_param, pos + 1, next_pos - (pos + 1)), error); + rc = getRange(std::string(m_param, pos + 1, next_pos - (pos + 1)), error); + } + if (rc == false) { + return false; } pos = next_pos; }