github_mirrors/ModSecurity
3
0
Fork 1
mirror of https://github.com/owasp-modsecurity/ModSecurity.git synced 2025-09-29 19:24:29 +03:00
Code Issues Packages Projects Releases Wiki Activity

handle invalid escape sequence passed to strmatch operator

Browse Source
This commit is contained in:
Breno Silva
2012-11-09 15:03:43 -04:00
parent b353bd60a9
commit d1c002d6cc
1 changed files with 8 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
apache2/re_operators.c
View File

@@ -2394,6 +2394,7 @@ static int msre_op_endsWith_execute(modsec_rec *msr, msre_rule *rule, msre_var *
static int msre_op_strmatch_param_init(msre_rule *rule, char **error_msg) { static int msre_op_strmatch_param_init(msre_rule *rule, char **error_msg) {
const apr_strmatch_pattern *compiled_pattern; const apr_strmatch_pattern *compiled_pattern;
char *processed = NULL;
const char *pattern = rule->op_param; const char *pattern = rule->op_param;
unsigned short int op_len; unsigned short int op_len;
@@ -2402,8 +2403,14 @@ static int msre_op_strmatch_param_init(msre_rule *rule, char **error_msg) {
op_len = strlen(pattern); op_len = strlen(pattern);
/* Process pattern */
processed = parse_pm_content(pattern, op_len, rule, error_msg);
if (processed == NULL) {
return 0;
}
/* Compile pattern */ /* Compile pattern */
compiled_pattern = apr_strmatch_precompile(rule->ruleset->mp, parse_pm_content(pattern, op_len, rule, error_msg), 1); compiled_pattern = apr_strmatch_precompile(rule->ruleset->mp, processed, 1);
if (compiled_pattern == NULL) { if (compiled_pattern == NULL) {
*error_msg = apr_psprintf(rule->ruleset->mp, "Error compiling pattern: %s", pattern); *error_msg = apr_psprintf(rule->ruleset->mp, "Error compiling pattern: %s", pattern);
return 0; return 0;