github_mirrors/ModSecurity
3
0
Fork 1
mirror of https://github.com/owasp-modsecurity/ModSecurity.git synced 2025-08-14 05:45:59 +03:00
Code Issues Packages Projects Releases Wiki Activity

Make sure we fail to validate DTD/schema after a parsing error. Fixes MODSEC-5.

Browse Source
This commit is contained in:
brectanus 2008-09-03 22:16:42 +00:00
parent f5af5ef429
commit f20059b009
3 changed files with 21 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
CHANGES
View File

@ -1,6 +1,9 @@
03 Sep 2008 - trunk 03 Sep 2008 - trunk
------------------- -------------------
* Fixed XML DTD/Schema validation which will now fail after request body
processing errors, even if the XML parser returns a document tree.
* Added ctl:requestBodyBuffering=on|off which, when enabled, will force * Added ctl:requestBodyBuffering=on|off which, when enabled, will force
the request body to be buffered and allow REQUEST_BODY to be inspected. the request body to be buffered and allow REQUEST_BODY to be inspected.
Previously the REQUEST_BODY target was only populated if the request body Previously the REQUEST_BODY target was only populated if the request body

12
apache2/re_operators.c
View File

@ -872,6 +872,12 @@ static int msre_op_validateDTD_execute(modsec_rec *msr, msre_rule *rule, msre_va
xmlValidCtxtPtr cvp; xmlValidCtxtPtr cvp;
xmlDtdPtr dtd; xmlDtdPtr dtd;
if (msr->msc_reqbody_error) {
*error_msg = apr_psprintf(msr->mp, "XML: DTD validation could not proceed"
" due to previous processing errors.");
return 1;
}
if ((msr->xml == NULL)||(msr->xml->doc == NULL)) { if ((msr->xml == NULL)||(msr->xml->doc == NULL)) {
*error_msg = apr_psprintf(msr->mp, "XML document tree could not be found for " *error_msg = apr_psprintf(msr->mp, "XML document tree could not be found for "
"DTD validation."); "DTD validation.");
@ -928,6 +934,12 @@ static int msre_op_validateSchema_execute(modsec_rec *msr, msre_rule *rule, msre
xmlSchemaPtr schema; xmlSchemaPtr schema;
int rc; int rc;
if (msr->msc_reqbody_error) {
*error_msg = apr_psprintf(msr->mp, "XML: Schema validation could not proceed"
" due to previous processing errors.");
return 1;
}
if ((msr->xml == NULL)||(msr->xml->doc == NULL)) { if ((msr->xml == NULL)||(msr->xml->doc == NULL)) {
*error_msg = apr_psprintf(msr->mp, "XML document tree could not be found for " *error_msg = apr_psprintf(msr->mp, "XML document tree could not be found for "
"Schema validation."); "Schema validation.");

12
apache2/t/regression/rule/10-xml.t
View File

@ -111,9 +111,9 @@
"phase:2,deny,id:12345" "phase:2,deny,id:12345"
), ),
match_log => { match_log => {
debug => [ qr/XML: Initialising parser.*XML: Parsing complete \(well_formed 0\).*XML parser error/s, 1 ], debug => [ qr/XML: Initialising parser.*XML: Parsing complete \(well_formed 0\).*XML parser error.*validation could not proceed due to previous processing errors/s, 1 ],
-debug => [ qr/Failed to load/, 1 ], -debug => [ qr/Failed to load|Successfully validated/, 1 ],
-error => [ qr/Failed to load/, 1 ], -error => [ qr/Failed to load|Successfully validated/, 1 ],
}, },
match_response => { match_response => {
status => qr/^403$/, status => qr/^403$/,
@ -291,9 +291,9 @@
"phase:2,deny,id:12345" "phase:2,deny,id:12345"
), ),
match_log => { match_log => {
debug => [ qr/XML: Initialising parser.*XML: Parsing complete \(well_formed 0\).*XML parser error/s, 1 ], debug => [ qr/XML: Initialising parser.*XML: Parsing complete \(well_formed 0\).*XML parser error.*validation could not proceed due to previous processing errors/s, 1 ],
-debug => [ qr/Failed to load/, 1 ], -debug => [ qr/Failed to load|Successfully validated/, 1 ],
-error => [ qr/Failed to load/, 1 ], -error => [ qr/Failed to load|Successfully validated/, 1 ],
}, },
match_response => { match_response => {
status => qr/^403$/, status => qr/^403$/,