From d038ab6c4af57f9eb5185b06f3acc216f1b92736 Mon Sep 17 00:00:00 2001
From: brenosilva <brenosilva@9017d574-64ec-4062-9424-5e00b32a252b>
Date: Thu, 12 May 2011 16:14:42 +0000
Subject: [PATCH] Fixed matched_var bug

---
 apache2/re.c | 49 ++++++++++++++++++++++++++-----------------------
 1 file changed, 26 insertions(+), 23 deletions(-)

diff --git a/apache2/re.c b/apache2/re.c
index 634d1990..4196a323 100644
--- a/apache2/re.c
+++ b/apache2/re.c
@@ -2142,37 +2142,40 @@ static int execute_operator(msre_var *var, msre_rule *rule, modsec_rec *msr,
         *(const msre_rule **)apr_array_push(msr->matched_rules) = rule;
 
         /* Save the last matched var data */
-        msr->matched_var->name = apr_pstrdup(msr->mp, var->name);
-        msr->matched_var->name_len = strlen(msr->matched_var->name);
-        msr->matched_var->value = apr_pmemdup(msr->mp, var->value, var->value_len);
-        msr->matched_var->value_len = var->value_len;
+        if(var != NULL && var->value_len > 0)   {
+            msr->matched_var->name = apr_pstrdup(msr->mp, var->name);
+            msr->matched_var->name_len = strlen(msr->matched_var->name);
+            msr->matched_var->value = apr_pmemdup(msr->mp, var->value, var->value_len);
+            msr->matched_var->value_len = var->value_len;
 
-        parm = strchr(msr->matched_var->name,':');
+            parm = strchr(msr->matched_var->name,':');
 
-        if(parm)    {
-            msc_string *mvar = NULL;
+            if(parm)    {
+                msc_string *mvar = NULL;
 
-            parm++;
+                parm++;
 
-            mvar = apr_palloc(msr->mp, sizeof(msc_string));
-            mvar->name = apr_pstrdup(msr->mp, parm);
-            mvar->name_len = strlen(mvar->name);
-            mvar->value = apr_pmemdup(msr->mp, var->value, var->value_len);
-            mvar->value_len = var->value_len;
+                mvar = apr_palloc(msr->mp, sizeof(msc_string));
+                mvar->name = apr_pstrdup(msr->mp, parm);
+                mvar->name_len = strlen(mvar->name);
+                mvar->value = apr_pmemdup(msr->mp, var->value, var->value_len);
+                mvar->value_len = var->value_len;
 
-            apr_table_unset(msr->matched_vars, parm);
-            apr_table_setn(msr->matched_vars, parm, (void *)mvar);
+                apr_table_unset(msr->matched_vars, parm);
+                apr_table_setn(msr->matched_vars, parm, (void *)mvar);
 
-        } else {
+            } else {
 
-            msc_string *mvar = apr_palloc(msr->mp, sizeof(msc_string));
-            mvar->name = apr_pstrdup(msr->mp, var->name);
-            mvar->name_len = strlen(mvar->name);
-            mvar->value = apr_pmemdup(msr->mp, var->value, var->value_len);
-            mvar->value_len = var->value_len;
+                msc_string *mvar = apr_palloc(msr->mp, sizeof(msc_string));
+                mvar->name = apr_pstrdup(msr->mp, var->name);
+                mvar->name_len = strlen(mvar->name);
+                mvar->value = apr_pmemdup(msr->mp, var->value, var->value_len);
+                mvar->value_len = var->value_len;
+
+                apr_table_unset(msr->matched_vars, mvar->name);
+                apr_table_setn(msr->matched_vars, mvar->name, (void *)mvar);
+            }
 
-            apr_table_unset(msr->matched_vars, mvar->name);
-            apr_table_setn(msr->matched_vars, mvar->name, (void *)mvar);
         }
 
         /* Keep track of the highest severity matched so far */