Add quoting to unparsed rule generation.

2025-09-29 11:16:33 +03:00 · 2007-12-19 16:11:32 +00:00
parent cdcb3bdb14
commit e357bb55af
2 changed files with 25 additions and 6 deletions
--- a/apache2/re.c
+++ b/apache2/re.c
@@ -1232,13 +1232,26 @@ msre_rule *msre_rule_create(msre_ruleset *ruleset,

    /* Add the unparsed rule */
    if ((strcmp(SECACTION_TARGETS, targets) == 0) && (strcmp(SECACTION_ARGS, args) == 0)) {
-        rule->unparsed = apr_pstrcat(ruleset->mp, "SecAction", " \"", actions, "\"", NULL);
+        rule->unparsed = apr_psprintf(ruleset->mp, "SecAction \"%s\"",
+            log_escape(ruleset->mp, actions));
    }
-    else if ((strcmp(SECMARKER_TARGETS, targets) == 0) && (strcmp(SECMARKER_ARGS, args) == 0) && (strncmp(SECMARKER_BASE_ACTIONS, actions, strlen(SECMARKER_BASE_ACTIONS)) == 0)) {
-        rule->unparsed = apr_pstrcat(ruleset->mp, "SecMarker", " \"", (actions + strlen(SECMARKER_BASE_ACTIONS)), "\"", NULL);
+    else
+        if ((strcmp(SECMARKER_TARGETS, targets) == 0)
+            && (strcmp(SECMARKER_ARGS, args) == 0)
+            && (strncmp(SECMARKER_BASE_ACTIONS, actions, strlen(SECMARKER_BASE_ACTIONS)) == 0))
+        {
+            rule->unparsed = apr_psprintf(ruleset->mp, "SecMarker \"%s\"",
+                log_escape(ruleset->mp, actions + strlen(SECMARKER_BASE_ACTIONS)));
    }
    else {
-        rule->unparsed = apr_pstrcat(ruleset->mp, "SecRule", " \"", targets, "\" \"", args, "\"", (actions != NULL ? " \"" : ""), (actions != NULL ? actions : ""), (actions != NULL ? "\"" : ""), NULL);
+        if (actions == NULL) {
+            rule->unparsed = apr_psprintf(ruleset->mp, "SecRule \"%s\" \"%s\"",
+                log_escape(ruleset->mp, targets), log_escape(ruleset->mp, args));
+        } else {
+            rule->unparsed = apr_psprintf(ruleset->mp, "SecRule \"%s\" \"%s\" \"%s\"",
+                log_escape(ruleset->mp, targets), log_escape(ruleset->mp, args),
+                log_escape(ruleset->mp, actions));
+        }
    }

    /* Parse targets */
@@ -1323,8 +1336,13 @@ msre_rule *msre_rule_lua_create(msre_ruleset *ruleset,

    rule->type = RULE_TYPE_LUA;

-    rule->unparsed = apr_pstrcat(ruleset->mp, "SecRuleScript ", script_filename,
-        (actions != NULL ? " ACTIONS" : ""), NULL);
+    if (actions == NULL) {
+        rule->unparsed = apr_psprintf(ruleset->mp, "SecRuleScript \"%s\"",
+            script_filename);
+    } else {
+        rule->unparsed = apr_psprintf(ruleset->mp, "SecRuleScript \"%s\" \"%s\"",
+            script_filename, log_escape(ruleset->mp, actions));
+    }

    /* Compile script. */
    *error_msg = lua_compile(&rule->script, script_filename, ruleset->mp);