github_mirrors/ModSecurity
3
0
Fork 1
mirror of https://github.com/owasp-modsecurity/ModSecurity.git synced 2025-08-14 13:56:01 +03:00
Code Issues Packages Projects Releases Wiki Activity

Merge branch 'v2/master' of https://github.com/marcstern/ModSecurity into v2/master

Browse Source
This commit is contained in:
Marc Stern 2024-05-24 10:13:00 +02:00
commit e803cdd802
3 changed files with 19 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
CHANGES
View File

@ -1,6 +1,8 @@
DD mmm YYYY - 2.9.x (to be released) DD mmm YYYY - 2.9.x (to be released)
------------------- -------------------
* Enhance logging
[Issue #3107 - @marcstern]
* Fix possible segfault in collection_unpack * Fix possible segfault in collection_unpack
[Issue #3072 - @twouters] [Issue #3072 - @twouters]
* Set the minimum security protocol version for SecRemoteRules * Set the minimum security protocol version for SecRemoteRules

17
README.md
View File

@ -1,14 +1,13 @@
ModSecurity for Apache 2.x # ModSecurity 2
======
http://www.modsecurity.org/ https://www.modsecurity.org/
Copyright (c) 2004-2013 Trustwave Holdings, Inc. (http://www.trustwave.com/) Copyright (c) 2004-2024 Trustwave Holdings, Inc. (https://www.trustwave.com/)
Copyright (c) 2024-2024 OWASP ModSecurity Project (https://www.owasp.org/)
You may not use this file except in compliance with the License. You may obtain a copy of the License at: https://www.apache.org/licenses/LICENSE-2.0 You may not use this file except in compliance with the License. You may obtain a copy of the License at: https://www.apache.org/licenses/LICENSE-2.0
If any of the files related to licensing are missing or if you have any other questions related to licensing please contact Trustwave Holdings, Inc. directly using the email address: modsecurity@owasp.org. If any of the files related to licensing are missing or if you have any other questions related to licensing please contact us here: modsecurity@owasp.org.
## Documentation ## Documentation
@ -16,4 +15,8 @@ Please refer to: [the documentation folder](https://github.com/owasp-modsecurity
## Sponsor Note ## Sponsor Note
Development of ModSecurity is sponsored by Trustwave. Sponsorship will end July 1, 2024. Additional information can be found here https://www.trustwave.com/en-us/resources/security-resources/software-updates/end-of-sale-and-trustwave-support-for-modsecurity-web-application-firewall/ Original Development of ModSecurity was sponsored by Trustwave. In 2024, [stewardship was transferred to OWASP](https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/trustwave-transfers-modsecurity-custodianship-to-the-open-worldwide-application-security-project/).
Contact us for sponsorship!
You can also send us donations using the [OWASP donations page](https://owasp.org/donate/?reponame=www-project-modsecurity&title=OWASP+ModSecurity).

10
apache2/msc_json.c
View File

@ -65,6 +65,7 @@ int json_add_argument(modsec_rec *msr, const char *value, unsigned length)
log_escape_ex(msr->mp, arg->value, arg->value_len)); log_escape_ex(msr->mp, arg->value, arg->value_len));
} }
msr->msc_reqbody_error = 1; msr->msc_reqbody_error = 1;
msr->json->yajl_error = apr_psprintf(msr->mp, "More than %ld JSON keys", msr->txcfg->arguments_limit);
return 0; return 0;
} }
@ -374,9 +375,12 @@ int json_process_chunk(modsec_rec *msr, const char *buf, unsigned int size, char
if (msr->json->depth_limit_exceeded) { if (msr->json->depth_limit_exceeded) {
*error_msg = "JSON depth limit exceeded"; *error_msg = "JSON depth limit exceeded";
} else { } else {
char *yajl_err = yajl_get_error(msr->json->handle, 0, buf, size); if (msr->json->yajl_error) *error_msg = msr->json->yajl_error;
*error_msg = apr_pstrdup(msr->mp, yajl_err); else {
yajl_free_error(msr->json->handle, yajl_err); char* yajl_err = yajl_get_error(msr->json->handle, 0, buf, size);
*error_msg = apr_pstrdup(msr->mp, yajl_err);
yajl_free_error(msr->json->handle, yajl_err);
}
} }
return -1; return -1;
} }