mirror of
https://github.com/owasp-modsecurity/ModSecurity.git
synced 2025-08-17 01:36:08 +03:00
Fix invalid read on sql hex decode transformation
This commit is contained in:
Felipe Zimmerle
parent
9919026620
commit
e6c542c5b5
@ -66,32 +66,38 @@ std::string SqlHexDecode::evaluate(std::string value,
|
|||||||
|
|
||||||
int SqlHexDecode::inplace(unsigned char *data, int len) {
|
int SqlHexDecode::inplace(unsigned char *data, int len) {
|
||||||
unsigned char *d, *begin = data;
|
unsigned char *d, *begin = data;
|
||||||
|
int count = 0;
|
||||||
|
|
||||||
if ((data == NULL) || (len == 0)) {
|
if ((data == NULL) || (len == 0)) {
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
for (d = data; *data; *d++ = *data++) {
|
for (d = data; (++count < len) && *data; *d++ = *data++) {
|
||||||
if (*data != '0') {
|
if (*data != '0') {
|
||||||
continue;
|
continue;
|
||||||
}
|
}
|
||||||
++data;
|
++data;
|
||||||
|
++count;
|
||||||
if (mytolower(*data) != 'x') {
|
if (mytolower(*data) != 'x') {
|
||||||
data--;
|
data--;
|
||||||
|
count--;
|
||||||
continue;
|
continue;
|
||||||
}
|
}
|
||||||
|
|
||||||
data++;
|
data++;
|
||||||
|
++count;
|
||||||
|
|
||||||
// Do we need to keep "0x" if no hexa after?
|
// Do we need to keep "0x" if no hexa after?
|
||||||
if (!VALID_HEX(data[0]) || !VALID_HEX(data[1])) {
|
if (!VALID_HEX(data[0]) || !VALID_HEX(data[1])) {
|
||||||
data -= 2;
|
data -= 2;
|
||||||
|
count -= 2;
|
||||||
continue;
|
continue;
|
||||||
}
|
}
|
||||||
|
|
||||||
while (VALID_HEX(data[0]) && VALID_HEX(data[1])) {
|
while (VALID_HEX(data[0]) && VALID_HEX(data[1])) {
|
||||||
*d++ = x2c(data);
|
*d++ = x2c(data);
|
||||||
data += 2;
|
data += 2;
|
||||||
|
count += 2;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user