github_mirrors/ModSecurity
3
0
Fork 1
mirror of https://github.com/owasp-modsecurity/ModSecurity.git synced 2025-09-30 03:34:29 +03:00
Code Issues Packages Projects Releases Wiki Activity

MODSEC-270

Browse Source
This commit is contained in:
brenosilva
2011-10-10 16:30:30 +00:00
parent a4f0957b0c
commit c99d14797a
1 changed files with 200 additions and 190 deletions
Download Patch File Download Diff File Expand all files Collapse all files

24
apache2/re.c
View File

@@ -128,12 +128,14 @@ char *update_rule_target(cmd_parms *cmd, directory_config *dcfg,
targets = (msre_var **)rule->targets->elts; targets = (msre_var **)rule->targets->elts;
// TODO need a good way to remove the element from array, maybe change array by tables or rings // TODO need a good way to remove the element from array, maybe change array by tables or rings
for (i = 0; i < rule->targets->nelts; i++) { for (i = 0; i < rule->targets->nelts; i++) {
if((strncasecmp(targets[i]->name,name,name_len) == 0) && if((strlen(targets[i]->name) == strlen(name)) &&
(strncasecmp(targets[i]->name,name,strlen(targets[i]->name)) == 0) &&
(targets[i]->is_negated == is_negated) && (targets[i]->is_negated == is_negated) &&
(targets[i]->is_counting == is_counting)) { (targets[i]->is_counting == is_counting)) {
if(value != NULL && targets[i]->param != NULL) { if(value != NULL && targets[i]->param != NULL) {
if(strncasecmp(targets[i]->param,value,value_len) == 0) { if((strlen(targets[i]->param) == strlen(value)) &&
strncasecmp(targets[i]->param,value,strlen(targets[i]->param)) == 0) {
memset(targets[i]->name,0,strlen(targets[i]->name)); memset(targets[i]->name,0,strlen(targets[i]->name));
memset(targets[i]->param,0,strlen(targets[i]->param)); memset(targets[i]->param,0,strlen(targets[i]->param));
match = 1; match = 1;
@@ -196,39 +198,47 @@ char *update_rule_target(cmd_parms *cmd, directory_config *dcfg,
} else { } else {
name = param; name = param;
} }
name_len = strlen(name); name_len = strlen(name);
if(value != NULL) if(value != NULL)
value_len = strlen(value); value_len = strlen(value);
match = 0;
targets = (msre_var **)rule->targets->elts; targets = (msre_var **)rule->targets->elts;
for (i = 0; i < rule->targets->nelts; i++) { for (i = 0; i < rule->targets->nelts; i++) {
if((strncasecmp(targets[i]->name,name,name_len) == 0) && if((strlen(targets[i]->name) == strlen(name)) &&
(strncasecmp(targets[i]->name,name,strlen(targets[i]->name)) == 0) &&
(targets[i]->is_negated == is_negated) && (targets[i]->is_negated == is_negated) &&
(targets[i]->is_counting == is_counting)) { (targets[i]->is_counting == is_counting)) {
if(value != NULL && targets[i]->param != NULL) { if(value != NULL && targets[i]->param != NULL) {
if(strncasecmp(targets[i]->param,value,value_len) == 0) { if((strlen(targets[i]->param) == strlen(value)) &&
goto end; strncasecmp(targets[i]->param,value,strlen(targets[i]->param)) == 0) {
match = 1;
} }
} else if (value == NULL && targets[i]->param == NULL){ } else if (value == NULL && targets[i]->param == NULL){
goto end; match = 1;
} else } else
continue; continue;
} }
} }
if(target != NULL) { if(target != NULL) {
free(target); free(target);
target = NULL; target = NULL;
} }
if(match == 0 ) {
rc = msre_parse_targets(ruleset, p, rule->targets, &my_error_msg); rc = msre_parse_targets(ruleset, p, rule->targets, &my_error_msg);
if (rc < 0) { if (rc < 0) {
goto end; goto end;
} }
} }
}
p = apr_strtok(NULL,",",&savedptr); p = apr_strtok(NULL,",",&savedptr);
} }
@@ -1073,7 +1083,7 @@ apr_status_t msre_ruleset_process_phase(msre_ruleset *ruleset, modsec_rec *msr)
static apr_status_t msre_ruleset_process_phase_(msre_ruleset *ruleset, modsec_rec *msr) { static apr_status_t msre_ruleset_process_phase_(msre_ruleset *ruleset, modsec_rec *msr) {
#else #else
apr_status_t msre_ruleset_process_phase(msre_ruleset *ruleset, modsec_rec *msr) { apr_status_t msre_ruleset_process_phase(msre_ruleset *ruleset, modsec_rec *msr) {
#endif #endif
apr_array_header_t *arr = NULL; apr_array_header_t *arr = NULL;
msre_rule **rules; msre_rule **rules;