github_mirrors/ModSecurity
3
0
Fork 1
mirror of https://github.com/owasp-modsecurity/ModSecurity.git synced 2025-09-30 03:34:29 +03:00
Code Issues Packages Projects Releases Wiki Activity

Checks HTTP code after performing a resource download

Browse Source 
As reported by Walter Hop on our dev- mailing list, remote resource download
was not validating the HTTP code, parsing errors pages as resources. This
commit fix  this issue, from now one HTTP error codes will be verified and
treated as errors. Operators are now dealing well with empty values that may
be produced in consequence of a download error.
This commit is contained in:
Felipe Zimmerle
2014-11-27 11:26:31 -08:00
parent 87a401af05
commit d4a055e78e
2 changed files with 26 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

18
apache2/re_operators.c
View File

@@ -266,8 +266,12 @@ static int msre_op_ipmatchFromFile_execute(modsec_rec *msr, msre_rule *rule,
else
*error_msg = NULL;
if(rtree == NULL) {
msr_log(msr, 1, "ipMatchFromFile Internal Error: tree value is null.");
if (rtree == NULL)
{
if (msr->txcfg->debuglog_level >= 4)
{
msr_log(msr, 1, "ipMatchFromFile: tree value is null.");
}
return 0;
}
@@ -1388,6 +1392,16 @@ static int msre_op_pm_execute(modsec_rec *msr, msre_rule *rule, msre_var *var, c
/* Are we supposed to capture subexpressions? */
capture = apr_table_get(rule->actionset->actions, "capture") ? 1 : 0;
if (rule->op_param_data == NULL)
{
if (msr->txcfg->debuglog_level >= 4)
{
msr_log(msr, 1, "ACMPTree is null.");
}
return 0;
}
pt.parser = (ACMP *)rule->op_param_data;
pt.ptr = NULL;