From dab9bb6a11aa70667c27295f48109685b9a23490 Mon Sep 17 00:00:00 2001 From: Eduardo Arias Date: Fri, 3 May 2024 14:33:02 -0300 Subject: [PATCH] Added methods to free buffers allocated by ModSecurity APIs - The following methods are introduced to allow clients of libModSecurity that are not able to link and call the C/C++ standard library to be able to free the buffers allocated by libModSecurity. - msc_intervention_cleanup: Frees the buffers in a ModSecurityIntervention structure that have been allocated by calls to msc_intervention. - msc_rules_error_cleanup: Frees an error message buffer allocated by the msc_rules_xxx functions to detail the condition that triggered the error. --- examples/simple_example_using_c/test.c | 2 ++ headers/modsecurity/rules_set.h | 1 + headers/modsecurity/transaction.h | 3 +++ src/rules_set.cc | 15 +++++++++++++++ src/transaction.cc | 16 ++++++++++++++++ 5 files changed, 37 insertions(+) diff --git a/examples/simple_example_using_c/test.c b/examples/simple_example_using_c/test.c index c7ed91b2..0c60ad5c 100644 --- a/examples/simple_example_using_c/test.c +++ b/examples/simple_example_using_c/test.c @@ -68,6 +68,8 @@ int main (int argc, char **argv) msc_process_response_body(transaction); msc_process_logging(transaction); end: + if(error != NULL) + msc_rules_error_cleanup(error); msc_rules_cleanup(rules); msc_cleanup(modsec); diff --git a/headers/modsecurity/rules_set.h b/headers/modsecurity/rules_set.h index 4af55f40..c5616cc4 100644 --- a/headers/modsecurity/rules_set.h +++ b/headers/modsecurity/rules_set.h @@ -99,6 +99,7 @@ int msc_rules_add_remote(RulesSet *rules, const char *key, const char *uri, const char **error); int msc_rules_add_file(RulesSet *rules, const char *file, const char **error); int msc_rules_add(RulesSet *rules, const char *plain_rules, const char **error); +void msc_rules_error_cleanup(const char *error); int msc_rules_cleanup(RulesSet *rules); #ifdef __cplusplus diff --git a/headers/modsecurity/transaction.h b/headers/modsecurity/transaction.h index e35ed6eb..c5e8881f 100644 --- a/headers/modsecurity/transaction.h +++ b/headers/modsecurity/transaction.h @@ -723,6 +723,9 @@ void msc_transaction_cleanup(Transaction *transaction); /** @ingroup ModSecurity_C_API */ int msc_intervention(Transaction *transaction, ModSecurityIntervention *it); +/** @ingroup ModSecurity_C_API */ +void msc_intervention_cleanup(ModSecurityIntervention *it); + /** @ingroup ModSecurity_C_API */ int msc_process_logging(Transaction *transaction); diff --git a/src/rules_set.cc b/src/rules_set.cc index 883c78e1..025abe69 100644 --- a/src/rules_set.cc +++ b/src/rules_set.cc @@ -311,6 +311,21 @@ extern "C" int msc_rules_add(RulesSet *rules, const char *plain_rules, } +/** + * @name msc_rules_error_cleanup + * @brief Deallocates an error message buffer returned by a msc_rules_xxx function. + * + * This is a helper function to free the error message buffer allocated + * by a msc_rules_xxx function. + * + * @param error Error message pointer. + * + */ +extern "C" void msc_rules_error_cleanup(const char *error) { + free((void*) error); +} + + extern "C" int msc_rules_cleanup(RulesSet *rules) { delete rules; return true; diff --git a/src/transaction.cc b/src/transaction.cc index efd1cd1b..5826c264 100644 --- a/src/transaction.cc +++ b/src/transaction.cc @@ -2273,6 +2273,22 @@ extern "C" int msc_intervention(Transaction *transaction, } +/** + * @name msc_intervention_cleanup + * @brief Removes all the resources allocated by a given Intervention. + * + * This is a helper function to free any allocated buffers owned by the + * intervention. + * + * @param it ModSecurity intervention. + * + */ +extern "C" void msc_intervention_cleanup(ModSecurityIntervention *it) { + intervention::free(it); + intervention::clean(it); +} + + /** * @name msc_get_response_body * @brief Retrieve a buffer with the updated response body.