github_mirrors/ModSecurity
3
0
Fork 1
mirror of https://github.com/owasp-modsecurity/ModSecurity.git synced 2026-01-13 15:07:10 +03:00
Code Issues Packages Projects Releases Wiki Activity

Fixed memory leak in v1 cookie parser reported by Sogeti/ESEC R&D (MODSEC-121).

Browse Source
This commit is contained in:
b1v1r
2010-02-05 18:07:56 +00:00
parent 7262e026d2
commit d66760d09c
2 changed files with 17 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
CHANGES
View File

@@ -1,6 +1,8 @@
14 Jan 2010 - 2.5.12 14 Jan 2010 - 2.5.12
-------------------- --------------------
* Fixed memory leak in v1 cookie parser. Reported by Sogeti/ESEC R&D.
* Now support macro expansion in numeric operators (@eq, @ge, @lt, etc.) * Now support macro expansion in numeric operators (@eq, @ge, @lt, etc.)
* Update copyright to 2010. * Update copyright to 2010.

18
apache2/msc_parsers.c
View File

@@ -22,7 +22,9 @@
/** /**
* *
*/ */
int parse_cookies_v0(modsec_rec *msr, char *_cookie_header, apr_table_t *cookies) { int parse_cookies_v0(modsec_rec *msr, char *_cookie_header,
apr_table_t *cookies)
{
char *attr_name = NULL, *attr_value = NULL; char *attr_name = NULL, *attr_value = NULL;
char *cookie_header; char *cookie_header;
char *saveptr = NULL; char *saveptr = NULL;
@@ -85,13 +87,21 @@ int parse_cookies_v0(modsec_rec *msr, char *_cookie_header, apr_table_t *cookies
/** /**
* *
*/ */
int parse_cookies_v1(modsec_rec *msr, char *_cookie_header, apr_table_t *cookies) { int parse_cookies_v1(modsec_rec *msr, char *_cookie_header,
apr_table_t *cookies)
{
char *attr_name = NULL, *attr_value = NULL, *p = NULL; char *attr_name = NULL, *attr_value = NULL, *p = NULL;
char *prev_attr_name = NULL; char *prev_attr_name = NULL;
char *cookie_header = NULL; char *cookie_header = NULL;
int cookie_count = 0; int cookie_count = 0;
if (_cookie_header == NULL) return -1; if (_cookie_header == NULL) return -1;
// XXX Should it not match _v0 parser?
//if (_cookie_header == NULL) {
// msr_log(msr, 1, "Cookie parser: Received null for argument.");
// return -1;
//}
cookie_header = strdup(_cookie_header); cookie_header = strdup(_cookie_header);
if (cookie_header == NULL) return -1; if (cookie_header == NULL) return -1;
@@ -213,6 +223,7 @@ int parse_cookies_v1(modsec_rec *msr, char *_cookie_header, apr_table_t *cookies
while( (*p != 0)&&( (*p == ',')||(*p == ';')||(isspace(*p)) ) ) p++; while( (*p != 0)&&( (*p == ',')||(*p == ';')||(isspace(*p)) ) ) p++;
} }
free(cookie_header);
return cookie_count; return cookie_count;
} }
@@ -322,7 +333,8 @@ int parse_arguments(modsec_rec *msr, const char *s, apr_size_t inputlength,
/** /**
* *
*/ */
void add_argument(modsec_rec *msr, apr_table_t *arguments, msc_arg *arg) { void add_argument(modsec_rec *msr, apr_table_t *arguments, msc_arg *arg)
{
if (msr->txcfg->debuglog_level >= 5) { if (msr->txcfg->debuglog_level >= 5) {
msr_log(msr, 5, "Adding request argument (%s): name \"%s\", value \"%s\"", msr_log(msr, 5, "Adding request argument (%s): name \"%s\", value \"%s\"",
arg->origin, log_escape_ex(msr->mp, arg->name, arg->name_len), arg->origin, log_escape_ex(msr->mp, arg->name, arg->name_len),