Fix warnings on Solaris and/or 64bit builds.

CHANGES

@@ -1,7 +1,8 @@
-
-17 Oct 2007 - 2.5.0-dev3
+02 Nov 2007 - 2.5.0-dev3
 ------------------------
 
+ * Fix warnings on Solaris and/or 64bit builds.
+
  * Added skipAfter:<id> action to allow skipping all rules until a rule
    with a specified ID is reached.  Rule execution then continues after
    the specified rule.

apache2/Makefile

@@ -17,7 +17,17 @@ builddir     = .
 #     Debian - /usr/share/apache2  (apache2-prefork-dev or apache2-threaded-dev
 #                                   needed, depending on your installation type)
 #
-top_dir      = /apps/apache22
+# NOTE: On Solaris the top_builddir is /var/apache2.  This version of Apache
+# httpd uses the buildin PCRE, but you must still install the PCRE headers
+# to compile ModSecurity as they are not installed with Apache httpd. Because
+# of this, it is recommended to install your own version of Apache httpd.
+#
+# Additionally, if you do not have PCRE installed, you can use the
+# headers included with Apache httpd.  To do this, add the PCRE
+# include directory to the INCLUDES variable below
+# Something like: -I /path/to/httpd-x.y/srclib/pcre
+#
+top_dir      = /usr/local/apache2
 
 top_srcdir   = ${top_dir}
 top_builddir = ${top_dir}
@@ -28,6 +38,7 @@ APXS      = apxs
 APACHECTL = apachectl
 
 INCLUDES = -I /usr/include/libxml2
+#INCLUDES = -I /usr/include/libxml2 -I /path/to/httpd-x.y/srclib/pcre
 DEFS = -DWITH_LIBXML2
 #DEFS = -DWITH_LIBXML2 -DPERFORMANCE_MEASUREMENT
 #DEFS = -DWITH_LIBXML2 -DNO_MODSEC_API

apache2/apache2_config.c

@@ -1304,11 +1304,18 @@ static const char *cmd_cache_transformations(cmd_parms *cmd, void *_dcfg, const
         charval = apr_table_get(vartable, "minlen");
         if (charval != NULL) {
             intval = apr_atoi64(charval);
+            if (errno == ERANGE) {
+                return apr_psprintf(cmd->pool, "ModSecurity: SecCacheTransformations minlen out of range: %s", charval);
+            }
             if (intval < 0) {
                 return apr_psprintf(cmd->pool, "ModSecurity: SecCacheTransformations minlen must be positive: %s", charval);
             }
-            if (intval >= (apr_size_t)NOT_SET) {
-                return apr_psprintf(cmd->pool, "ModSecurity: SecCacheTransformations minlen must be less than: %u", (apr_size_t)NOT_SET);
+
+            /* The NOT_SET indicator is -1, a signed long, and therfore
+             * we cannot be >= the unsigned value of NOT_SET.
+             */
+            if ((unsigned long)intval >= (unsigned long)NOT_SET) {
+                return apr_psprintf(cmd->pool, "ModSecurity: SecCacheTransformations minlen must be less than: %u", (unsigned long)NOT_SET);
             }
             dcfg->cache_trans_min = (apr_size_t)intval;
         }
@@ -1317,14 +1324,21 @@ static const char *cmd_cache_transformations(cmd_parms *cmd, void *_dcfg, const
         charval = apr_table_get(vartable, "maxlen");
         if (charval != NULL) {
             intval = apr_atoi64(charval);
+            if (errno == ERANGE) {
+                return apr_psprintf(cmd->pool, "ModSecurity: SecCacheTransformations maxlen out of range: %s", charval);
+            }
             if (intval < 0) {
                 return apr_psprintf(cmd->pool, "ModSecurity: SecCacheTransformations maxlen must be positive: %s", charval);
             }
-            if (intval >= (apr_size_t)NOT_SET) {
-                return apr_psprintf(cmd->pool, "ModSecurity: SecCacheTransformations maxlen must be less than: %u", (apr_size_t)NOT_SET);
+
+            /* The NOT_SET indicator is -1, a signed long, and therfore
+             * we cannot be >= the unsigned value of NOT_SET.
+             */
+            if ((unsigned long)intval >= (unsigned long)NOT_SET) {
+                return apr_psprintf(cmd->pool, "ModSecurity: SecCacheTransformations maxlen must be less than: %u", (unsigned long)NOT_SET);
             }
-            if ((intval != 0) && (intval < dcfg->cache_trans_min)) {
-                return apr_psprintf(cmd->pool, "ModSecurity: SecCacheTransformations maxlen must not be less than minlen: %u < %u", (apr_size_t)intval, dcfg->cache_trans_min);
+            if ((intval != 0) && ((apr_size_t)intval < dcfg->cache_trans_min)) {
+                return apr_psprintf(cmd->pool, "ModSecurity: SecCacheTransformations maxlen must not be less than minlen: %u < %" APR_SIZE_T_FMT, (unsigned long)intval, dcfg->cache_trans_min);
             }
             dcfg->cache_trans_max = (apr_size_t)intval;
 

apache2/mod_security2.c

@@ -449,7 +449,7 @@ static int hook_post_config(apr_pool_t *mp, apr_pool_t *mp_log, apr_pool_t *mp_t
 
         if (first_time == 0) {
             ap_log_error(APLOG_MARK, APLOG_NOTICE | APLOG_NOERRNO, 0, s,
-                "ModSecurity: chroot checkpoint #2 (pid=%d ppid=%d)", getpid(), getppid());
+                "ModSecurity: chroot checkpoint #2 (pid=%d ppid=%d)", (int)getpid(), (int)getppid());
 
             if (chdir(chroot_dir) < 0) {
                 ap_log_error(APLOG_MARK, APLOG_ERR | APLOG_NOERRNO, 0, s,
@@ -478,7 +478,7 @@ static int hook_post_config(apr_pool_t *mp, apr_pool_t *mp_log, apr_pool_t *mp_t
                 "ModSecurity: chroot successful, path=%s", chroot_dir);
         } else {
             ap_log_error(APLOG_MARK, APLOG_NOTICE | APLOG_NOERRNO, 0, s,
-                "ModSecurity: chroot checkpoint #1 (pid=%d ppid=%d)", getpid(), getppid());
+                "ModSecurity: chroot checkpoint #1 (pid=%d ppid=%d)", (int)getpid(), (int)getppid());
         }
     }
     #endif
@@ -986,7 +986,7 @@ static void hook_insert_error_filter(request_rec *r) {
  */
 static void modsec_register_tfn(const char *name, void *fn) {
     if (modsecurity != NULL) {
-        msre_engine_tfn_register(modsecurity->msre, name, fn);
+        msre_engine_tfn_register(modsecurity->msre, name, (fn_tfn_execute_t)fn);
     }
 }
 
@@ -996,7 +996,7 @@ static void modsec_register_tfn(const char *name, void *fn) {
  */
 static void modsec_register_operator(const char *name, void *fn_init, void *fn_exec) {
     if (modsecurity != NULL) {
-        msre_engine_op_register(modsecurity->msre, name, fn_init, fn_exec);
+        msre_engine_op_register(modsecurity->msre, name, (fn_op_param_init_t)fn_init, (fn_op_execute_t)fn_exec);
     }
 }
 

apache2/modsecurity.c

@@ -480,9 +480,8 @@ apr_status_t modsecurity_process_phase(modsec_rec *msr, int phase) {
             break;
         default :
             msr_log(msr, 1, "Invalid processing phase: %d", msr->phase);
-            return -1;
             break;
     }
 
-    return 0;
+    return -1;
 }

apache2/modsecurity.h

@@ -75,8 +75,8 @@ extern DSOLOCAL modsec_build_type_rec modsec_build_type[];
 #define PHASE_FIRST                 PHASE_REQUEST_HEADERS
 #define PHASE_LAST                  PHASE_LOGGING
 
-#define NOT_SET                    -1
-#define NOT_SET_P          (void *)-1
+#define NOT_SET                    -1l
+#define NOT_SET_P          (void *)-1l
 
 #define CREATEMODE ( APR_UREAD | APR_UWRITE | APR_GREAD )
 #define CREATEMODE_DIR ( APR_UREAD | APR_UWRITE | APR_UEXECUTE | APR_GREAD | APR_GEXECUTE )

apache2/re.h

@@ -145,17 +145,16 @@ apr_status_t DSOLOCAL msre_rule_process(msre_rule *rule, modsec_rec *msr);
 #define PHASE_RESPONSE_BODY     4
 #define PHASE_LOGGING           5
 
-#define FN_OP_PARAM_INIT(X) int (*X)(msre_rule *rule, char **error_msg)
-#define FN_OP_EXECUTE(X)    int (*X)(modsec_rec *msr, msre_rule *rule, msre_var *var, char **error_msg)
-
+typedef int (*fn_op_param_init_t)(msre_rule *rule, char **error_msg);
+typedef int (*fn_op_execute_t)(modsec_rec *msr, msre_rule *rule, msre_var *var, char **error_msg);
 
 struct msre_op_metadata {
     const char              *name;
-    FN_OP_PARAM_INIT        (param_init);
-    FN_OP_EXECUTE           (execute);
+    fn_op_param_init_t       param_init;
+    fn_op_execute_t          execute;
 };
 
-#define FN_TFN_EXECUTE(X)    int (*X)(apr_pool_t *pool, unsigned char *input, long int input_length, char **rval, long int *rval_length)
+typedef int (*fn_tfn_execute_t)(apr_pool_t *pool, unsigned char *input, long int input_length, char **rval, long int *rval_length);
 
 struct msre_tfn_metadata {
     const char              *name;
@@ -171,14 +170,14 @@ struct msre_tfn_metadata {
      *
      * NOTE Strict transformation functions not supported yet.
      */
-    FN_TFN_EXECUTE(execute);    
+    fn_tfn_execute_t execute;    
 };
 
 void DSOLOCAL msre_engine_tfn_register(msre_engine *engine, const char *name,
-    FN_TFN_EXECUTE(execute));
+    fn_tfn_execute_t execute);
 
 void DSOLOCAL msre_engine_op_register(msre_engine *engine, const char *name,
-    FN_OP_PARAM_INIT(fn1), FN_OP_EXECUTE(fn2));
+    fn_op_param_init_t fn1, fn_op_execute_t fn2);
 
 void DSOLOCAL msre_engine_register_default_tfns(msre_engine *engine);
 
@@ -193,16 +192,16 @@ msre_tfn_metadata DSOLOCAL *msre_engine_tfn_resolve(msre_engine *engine, const c
 #define VAR_DONT_CACHE  0
 #define VAR_CACHE       1
 
-#define FN_VAR_VALIDATE(X)  char *(*X)(msre_ruleset *ruleset, msre_var *var)
-#define FN_VAR_GENERATE(X)  int (*X)(modsec_rec *msr, msre_var *var, msre_rule *rule, apr_table_t *table, apr_pool_t *mptmp)
+typedef char *(*fn_var_validate_t)(msre_ruleset *ruleset, msre_var *var);
+typedef int (*fn_var_generate_t)(modsec_rec *msr, msre_var *var, msre_rule *rule, apr_table_t *table, apr_pool_t *mptmp);
 
 struct msre_var_metadata {
     const char              *name;
     unsigned int             type;          /* VAR_TYPE_ constants */
     unsigned int             argc_min;
     unsigned int             argc_max;
-    FN_VAR_VALIDATE          (validate);
-    FN_VAR_GENERATE          (generate);
+    fn_var_validate_t        validate;
+    fn_var_generate_t        generate;
     unsigned int             is_cacheable;  /* 0 - no, 1 - yes */
     unsigned int             availability;  /* when does this variable become available? */
 };
@@ -250,7 +249,7 @@ struct msre_actionset {
 
 void DSOLOCAL msre_engine_variable_register(msre_engine *engine, const char *name, 
     unsigned int type, unsigned int argc_min, unsigned int argc_max,
-    FN_VAR_VALIDATE(validate), FN_VAR_GENERATE(generate),
+    fn_var_validate_t validate, fn_var_generate_t generate,
     unsigned int is_cacheable, unsigned int availability);
 
 msre_actionset DSOLOCAL *msre_actionset_create(msre_engine *engine, const char *text,
@@ -263,9 +262,9 @@ msre_actionset DSOLOCAL *msre_actionset_create_default(msre_engine *engine);
 
 void DSOLOCAL msre_actionset_init(msre_actionset *actionset, msre_rule *rule);
 
-#define FN_ACTION_VALIDATE(X)   char *(*X)(msre_engine *engine, msre_action *action)
-#define FN_ACTION_INIT(X)       apr_status_t (*X)(msre_engine *engine, msre_actionset *actionset, msre_action *action)
-#define FN_ACTION_EXECUTE(X)    apr_status_t (*X)(modsec_rec *msr, apr_pool_t *mptmp, msre_rule *rule, msre_action *action)
+typedef char *(*fn_action_validate_t)(msre_engine *engine, msre_action *action);
+typedef apr_status_t (*fn_action_init_t)(msre_engine *engine, msre_actionset *actionset, msre_action *action);
+typedef apr_status_t (*fn_action_execute_t)(modsec_rec *msr, apr_pool_t *mptmp, msre_rule *rule, msre_action *action);
 
 #define ACTION_DISRUPTIVE       1
 #define ACTION_NON_DISRUPTIVE   2
@@ -285,9 +284,9 @@ struct msre_action_metadata {
     unsigned int             argc_max;
     unsigned int             allow_param_plusminus;
     unsigned int             cardinality;
-    FN_ACTION_VALIDATE       (validate);
-    FN_ACTION_INIT           (init);
-    FN_ACTION_EXECUTE        (execute);
+    fn_action_validate_t     validate;
+    fn_action_init_t         init;
+    fn_action_execute_t      execute;
 };
 
 struct msre_action {

apache2/re_actions.c

@@ -16,8 +16,8 @@
  */
 static void msre_engine_action_register(msre_engine *engine, const char *name, unsigned int type,
     unsigned int argc_min, unsigned int argc_max, unsigned int allow_param_plusminus,
-    unsigned int cardinality, FN_ACTION_VALIDATE(validate), FN_ACTION_INIT(init),
-    FN_ACTION_EXECUTE(execute))
+    unsigned int cardinality, fn_action_validate_t validate, fn_action_init_t init,
+    fn_action_execute_t execute)
 {
     msre_action_metadata *metadata = (msre_action_metadata *)apr_pcalloc(engine->mp,
         sizeof(msre_action_metadata));

apache2/re_operators.c

@@ -19,7 +19,7 @@
  *
  */
 void msre_engine_op_register(msre_engine *engine, const char *name,
-    FN_OP_PARAM_INIT(fn1), FN_OP_EXECUTE(fn2))
+    fn_op_param_init_t fn1, fn_op_execute_t fn2)
 {
     msre_op_metadata *metadata = (msre_op_metadata *)apr_pcalloc(engine->mp,
         sizeof(msre_op_metadata));
@@ -1240,17 +1240,17 @@ static int msre_op_validateUrlEncoding_execute(modsec_rec *msr, msre_rule *rule,
     int rc = validate_url_encoding(var->value, var->value_len);
     switch(rc) {
         case 1 :
-            return 0; /* Encoding is valid, no match. */
+            /* Encoding is valid */
             break;
         case -2 :
             *error_msg = apr_psprintf(msr->mp, "Invalid URL Encoding: Non-hexadecimal "
                 "digits used.");
-            return 1; /* Invalid, match. */
+            return 1; /* Invalid match. */
             break;
         case -3 :
             *error_msg = apr_psprintf(msr->mp, "Invalid URL Encoding: Not enough characters "
                 "at the end of input.");
-            return 1; /* Invalid, match. */
+            return 1; /* Invalid match. */
             break;
         case -1 :
         default :

apache2/re_tfns.c

@@ -432,7 +432,7 @@ static int msre_fn_normalisePathWin_execute(apr_pool_t *mptmp, unsigned char *in
  * Registers one transformation function with the engine.
  */
 void msre_engine_tfn_register(msre_engine *engine, const char *name,
-    FN_TFN_EXECUTE(execute))
+    fn_tfn_execute_t execute)
 {
     msre_tfn_metadata *metadata = (msre_tfn_metadata *)apr_pcalloc(engine->mp,
         sizeof(msre_tfn_metadata));

apache2/re_variables.c

@@ -2094,7 +2094,7 @@ static int var_webappid_generate(modsec_rec *msr, msre_var *var, msre_rule *rule
  */
 void msre_engine_variable_register(msre_engine *engine, const char *name, 
     unsigned int type, unsigned int argc_min, unsigned int argc_max,
-    FN_VAR_VALIDATE(validate), FN_VAR_GENERATE(generate),
+    fn_var_validate_t validate, fn_var_generate_t generate,
     unsigned int is_cacheable, unsigned int availability)
 {
     msre_var_metadata *metadata = (msre_var_metadata *)apr_pcalloc(engine->mp,