github_mirrors/ModSecurity
3
0
Fork 1
mirror of https://github.com/owasp-modsecurity/ModSecurity.git synced 2025-09-29 19:24:29 +03:00
Code Issues Packages Projects Releases Wiki Activity

Fix rsub

Browse Source
This commit is contained in:
brenosilva
2011-03-25 20:31:59 +00:00
parent 49732256f6
commit c2504b1008
1 changed files with 11 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files

19
apache2/re_operators.c
View File

@@ -520,6 +520,7 @@ static char *remove_escape(msre_rule *rule, char *str, int len) {
} }
} }
*parm = '\0';
return ret; return ret;
} }
@@ -628,8 +629,8 @@ static int msre_op_rsub_param_init(msre_rule *rule, char **error_msg) {
} }
} }
pattern = apr_pstrdup(rule->ruleset->mp, e_pattern); pattern = apr_pstrndup(rule->ruleset->mp, e_pattern, strlen(e_pattern));
rule->sub_str = apr_pstrdup(rule->ruleset->mp, e_replace); rule->sub_str = apr_pstrndup(rule->ruleset->mp, e_replace, strlen(e_replace));
if(strstr(pattern,"%{") == NULL) { if(strstr(pattern,"%{") == NULL) {
regex = ap_pregcomp(rule->ruleset->mp, pattern, AP_REG_EXTENDED | regex = ap_pregcomp(rule->ruleset->mp, pattern, AP_REG_EXTENDED |
@@ -637,7 +638,7 @@ static int msre_op_rsub_param_init(msre_rule *rule, char **error_msg) {
rule->sub_regex = regex; rule->sub_regex = regex;
} else { } else {
rule->re_precomp = 1; rule->re_precomp = 1;
rule->re_str = apr_pstrdup(rule->ruleset->mp, reg_pattern); rule->re_str = apr_pstrndup(rule->ruleset->mp, pattern, strlen(pattern));
rule->sub_regex = NULL; rule->sub_regex = NULL;
} }
@@ -680,13 +681,13 @@ static int msre_op_rsub_execute(modsec_rec *msr, msre_rule *rule, msre_var *var,
} }
if(rule->re_precomp == 1) { if(rule->re_precomp == 1) {
re_pattern->value = (char *)rule->re_str; re_pattern->value = apr_pstrndup(msr->mp, rule->re_str, strlen(rule->re_str));
re_pattern->value_len = strlen(re_pattern->value); re_pattern->value_len = strlen(re_pattern->value);
expand_macros(msr, re_pattern, rule, msr->mp); expand_macros(msr, re_pattern, rule, msr->mp);
if(strlen(re_pattern->value) > 0) if(strlen(re_pattern->value) > 0)
rule->sub_regex = ap_pregcomp(rule->ruleset->mp, re_pattern->value, AP_REG_EXTENDED); rule->sub_regex = ap_pregcomp(msr->mp, re_pattern->value, AP_REG_EXTENDED);
else else
rule->sub_regex = NULL; rule->sub_regex = NULL;
@@ -698,12 +699,13 @@ static int msre_op_rsub_execute(modsec_rec *msr, msre_rule *rule, msre_var *var,
return -1; return -1;
} }
str->value = (char *)rule->sub_str; str->value = apr_pstrndup(msr->mp, rule->sub_str, strlen(rule->sub_str));
str->value_len = strlen(str->value); str->value_len = strlen(str->value);
if(strstr(rule->sub_str,"%{") != NULL)
expand_macros(msr, str, rule, msr->mp); expand_macros(msr, str, rule, msr->mp);
replace = apr_pstrdup(rule->ruleset->mp, str->value); replace = apr_pstrndup(msr->mp, str->value, str->value_len);
data = apr_pcalloc(msr->mp, var->value_len+(AP_MAX_REG_MATCH*strlen(replace))+1); data = apr_pcalloc(msr->mp, var->value_len+(AP_MAX_REG_MATCH*strlen(replace))+1);
if(replace == NULL || data == NULL) { if(replace == NULL || data == NULL) {
@@ -712,6 +714,7 @@ static int msre_op_rsub_execute(modsec_rec *msr, msre_rule *rule, msre_var *var,
} }
memcpy(data,var->value,var->value_len); memcpy(data,var->value,var->value_len);
size += (AP_MAX_REG_MATCH*strlen(replace)+2); size += (AP_MAX_REG_MATCH*strlen(replace)+2);
if (ap_regexec(rule->sub_regex, data ,AP_MAX_REG_MATCH, pmatch, 0)) return 0; if (ap_regexec(rule->sub_regex, data ,AP_MAX_REG_MATCH, pmatch, 0)) return 0;
@@ -739,7 +742,7 @@ static int msre_op_rsub_execute(modsec_rec *msr, msre_rule *rule, msre_var *var,
if (sub >= 0) break; if (sub >= 0) break;
} }
size -= ((AP_MAX_REG_MATCH - count)*(strlen(replace)) + ((strlen(replace) - p_len)*(count+AP_MAX_REG_MATCH) - (AP_MAX_REG_MATCH+4))); size -= (((AP_MAX_REG_MATCH - count)*(strlen(replace))) + p_len+2);
if(msr->stream_output_data != NULL && output_body == 1) { if(msr->stream_output_data != NULL && output_body == 1) {
msr->stream_output_data = (char *)realloc(msr->stream_output_data,size); msr->stream_output_data = (char *)realloc(msr->stream_output_data,size);