github_mirrors/ModSecurity
3
0
Fork 1
mirror of https://github.com/owasp-modsecurity/ModSecurity.git synced 2025-10-04 05:22:57 +03:00
Code Issues Packages Projects Releases Wiki Activity

Fix crash on SecRuleRemoveById malformated parameter

Browse Source 
Fix issue #1440
This commit is contained in:
Felipe Zimmerle
2017-06-06 22:11:09 -03:00
parent 2a5085255e
commit e795253ecf
6 changed files with 2118 additions and 2130 deletions
Download Patch File Download Diff File Expand all files Collapse all files

17
src/rules_exceptions.cc
View File

@@ -24,9 +24,13 @@ namespace modsecurity {
bool RulesExceptions::load(const std::string &a, std::string *error) {
bool added = false;
std::vector<std::string> toRemove = utils::string::split(a, ' ');
for (std::string &a : toRemove) {
std::string b = utils::string::removeBracketsIfNeeded(a);
std::string b = modsecurity::utils::string::parserSanitizer(a);
if (b.size() == 0) {
continue;
}
size_t dash = b.find('-');
if (dash != std::string::npos) {
@@ -36,12 +40,14 @@ bool RulesExceptions::load(const std::string &a, std::string *error) {
int n2n = 0;
try {
n1n = std::stoi(n1s);
added = true;
} catch (...) {
error->assign("Not a number: " + n1s);
return false;
}
try {
n2n = std::stoi(n2s);
added = true;
} catch (...) {
error->assign("Not a number: " + n2s);
return false;
@@ -52,10 +58,12 @@ bool RulesExceptions::load(const std::string &a, std::string *error) {
return false;
}
addRange(n1n, n2n);
added = true;
} else {
try {
int num = std::stoi(b);
addNumber(num);
added = true;
} catch (...) {
error->assign("Not a number or range: " + b);
return false;
@@ -63,7 +71,12 @@ bool RulesExceptions::load(const std::string &a, std::string *error) {
}
}
return true;
if (added) {
return true;
}
error->assign("Not a number or range: " + a);
return false;
}