github_mirrors/ModSecurity
3
0
Fork 1
mirror of https://github.com/owasp-modsecurity/ModSecurity.git synced 2026-01-14 23:47:11 +03:00
Code Issues Packages Projects Releases Wiki Activity

Fix issue in ruleRemoveTargetById

Browse Source
This commit is contained in:
brenosilva
2012-07-23 19:18:44 +00:00
parent 47a3e991a8
commit cd32253c5d
1 changed files with 54 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files

63
apache2/re.c
View File

@@ -32,7 +32,7 @@ static const char *const severities[] = {
NULL, NULL,
}; };
static int fetch_target_exception(msre_rule *rule, modsec_rec *msr, const char *full_varname); static int fetch_target_exception(msre_rule *rule, modsec_rec *msr, msre_var *var);
static apr_status_t msre_parse_targets(msre_ruleset *ruleset, const char *text, static apr_status_t msre_parse_targets(msre_ruleset *ruleset, const char *text,
apr_array_header_t *arr, char **error_msg); apr_array_header_t *arr, char **error_msg);
static char *msre_generate_target_string(apr_pool_t *pool, msre_rule *rule); static char *msre_generate_target_string(apr_pool_t *pool, msre_rule *rule);
@@ -44,13 +44,19 @@ static apr_status_t msre_rule_process(msre_rule *rule, modsec_rec *msr);
/* -- Actions, variables, functions and operator functions ----------------- */ /* -- Actions, variables, functions and operator functions ----------------- */
static int fetch_target_exception(msre_rule *rule, modsec_rec *msr, const char *full_varname) { static int fetch_target_exception(msre_rule *rule, modsec_rec *msr, msre_var *var) {
const char *targets = NULL, *exceptions = NULL; const char *targets = NULL, *exceptions = NULL;
char *savedptr = NULL, *target = NULL; char *savedptr = NULL, *target = NULL, *value = NULL;
char *c = NULL, *name = NULL;
char *variable = NULL, *myvar = NULL;
char *myvalue = NULL, *myname = NULL;
if(msr == NULL) if(msr == NULL)
return 0; return 0;
if(var == NULL)
return 0;
if(rule == NULL) if(rule == NULL)
return 0; return 0;
@@ -59,6 +65,16 @@ static int fetch_target_exception(msre_rule *rule, modsec_rec *msr, const char *
if(rule->actionset->id !=NULL) { if(rule->actionset->id !=NULL) {
myvar = apr_pstrdup(msr->mp, var->name);
c = strchr(myvar,':');
if(c != NULL) {
myname = apr_strtok(myvar,":",&myvalue);
} else {
myname = myvar;
}
exceptions = (const char *)apr_table_get(msr->removed_targets, rule->actionset->id); exceptions = (const char *)apr_table_get(msr->removed_targets, rule->actionset->id);
targets = apr_pstrdup(msr->mp, exceptions); targets = apr_pstrdup(msr->mp, exceptions);
@@ -71,12 +87,41 @@ static int fetch_target_exception(msre_rule *rule, modsec_rec *msr, const char *
target = apr_strtok((char *)targets, ",", &savedptr); target = apr_strtok((char *)targets, ",", &savedptr);
while(target != NULL) { while(target != NULL) {
if(strncasecmp(target, full_varname, strlen(target)) == 0) {
if (msr->txcfg->debuglog_level >= 9) { variable = apr_pstrdup(msr->mp, target);
msr_log(msr, 9, "fetch_target_exception: Target %s will not be processed.", target);
} c = strchr(variable,':');
return 1;
if(c != NULL) {
name = apr_strtok(variable,":",&value);
} else {
name = variable;
} }
if((strlen(myname) == strlen(name)) &&
(strncasecmp(myname, name,strlen(myname)) == 0)) {
if(value != NULL && myvalue != NULL) {
if((strlen(myvalue) == strlen(value)) &&
strncasecmp(myvalue,value,strlen(myvalue)) == 0) {
if (msr->txcfg->debuglog_level >= 9) {
msr_log(msr, 9, "fetch_target_exception: Target %s will not be processed.", target);
}
return 1;
}
} else if (value == NULL && myvalue == NULL) {
if (msr->txcfg->debuglog_level >= 9) {
msr_log(msr, 9, "fetch_target_exception: Target %s will not be processed.", target);
}
return 1;
} else if (value == NULL && myvalue != NULL) {
if (msr->txcfg->debuglog_level >= 9) {
msr_log(msr, 9, "fetch_target_exception: Target %s will not be processed.", target);
}
return 1;
}
}
target = apr_strtok(NULL, ",", &savedptr); target = apr_strtok(NULL, ",", &savedptr);
} }
} else { } else {
@@ -2209,7 +2254,7 @@ static int execute_operator(msre_var *var, msre_rule *rule, modsec_rec *msr,
full_varname = var->name; full_varname = var->name;
} }
rc = fetch_target_exception(rule, msr, full_varname); rc = fetch_target_exception(rule, msr, var);
if(rc > 0) { if(rc > 0) {