github_mirrors/ModSecurity
3
0
Fork 1
mirror of https://github.com/owasp-modsecurity/ModSecurity.git synced 2025-10-01 20:17:46 +03:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #3191 from marcstern/v2/pr/mem_leak_re

Browse Source 
Memory leaks + enhanced logging
This commit is contained in:
Ervin Hegedus
2024-08-26 16:37:01 +02:00
committed by GitHub
parent fd0e042abc 046d3eb3ec
commit f65415ae8a
2 changed files with 95 additions and 142 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
apache2/msc_logging.c
View File

@@ -1475,7 +1475,8 @@ void sec_audit_logger_json(modsec_rec *msr) {
/* Unlock the mutex we used to serialise access to the audit log file. */ /* Unlock the mutex we used to serialise access to the audit log file. */
rc = apr_global_mutex_unlock(msr->modsecurity->auditlog_lock); rc = apr_global_mutex_unlock(msr->modsecurity->auditlog_lock);
if (rc != APR_SUCCESS) { if (rc != APR_SUCCESS) {
msr_log(msr, 1, "Audit log: Failed to unlock global mutex: %s", msr_log(msr, 1, "Audit log: Failed to unlock global mutex '%s': %s",
apr_global_mutex_lockfile(msr->modsecurity->auditlog_lock),
get_apr_error(msr->mp, rc)); get_apr_error(msr->mp, rc));
} }
@@ -2256,7 +2257,8 @@ void sec_audit_logger_native(modsec_rec *msr) {
/* Unlock the mutex we used to serialise access to the audit log file. */ /* Unlock the mutex we used to serialise access to the audit log file. */
rc = apr_global_mutex_unlock(msr->modsecurity->auditlog_lock); rc = apr_global_mutex_unlock(msr->modsecurity->auditlog_lock);
if (rc != APR_SUCCESS) { if (rc != APR_SUCCESS) {
msr_log(msr, 1, "Audit log: Failed to unlock global mutex: %s", msr_log(msr, 1, "Audit log: Failed to unlock global mutex '%s': %s",
apr_global_mutex_lockfile(msr->modsecurity->auditlog_lock),
get_apr_error(msr->mp, rc)); get_apr_error(msr->mp, rc));
} }

231
apache2/re.c
View File

@@ -65,13 +65,13 @@ static int fetch_target_exception(msre_rule *rule, modsec_rec *msr, msre_var *va
char *myvalue = NULL, *myname = NULL; char *myvalue = NULL, *myname = NULL;
int match = 0; int match = 0;
if(var == NULL) if (var == NULL)
return 0; return 0;
if(rule == NULL) if (rule == NULL)
return 0; return 0;
if(rule->actionset == NULL) if (rule->actionset == NULL)
return 0; return 0;
assert(exceptions != NULL); assert(exceptions != NULL);
@@ -81,7 +81,7 @@ static int fetch_target_exception(msre_rule *rule, modsec_rec *msr, msre_var *va
c = strchr(myvar,':'); c = strchr(myvar,':');
if(c != NULL) { if (c != NULL) {
myname = apr_strtok(myvar,":",&myvalue); myname = apr_strtok(myvar,":",&myvalue);
} else { } else {
myname = myvar; myname = myvar;
@@ -91,7 +91,7 @@ static int fetch_target_exception(msre_rule *rule, modsec_rec *msr, msre_var *va
targets = apr_pstrdup(msr->mp, exceptions); targets = apr_pstrdup(msr->mp, exceptions);
if(targets != NULL) { if (targets != NULL) {
if (msr->txcfg->debuglog_level >= 9) { if (msr->txcfg->debuglog_level >= 9) {
msr_log(msr, 9, "fetch_target_exception: Found exception target list [%s] for rule id %s", targets, id_log(rule)); msr_log(msr, 9, "fetch_target_exception: Found exception target list [%s] for rule id %s", targets, id_log(rule));
} }
@@ -103,18 +103,18 @@ static int fetch_target_exception(msre_rule *rule, modsec_rec *msr, msre_var *va
c = strchr(variable,':'); c = strchr(variable,':');
if(c != NULL) { if (c != NULL) {
name = apr_strtok(variable,":",&value); name = apr_strtok(variable,":",&value);
} else { } else {
name = variable; name = variable;
value = NULL; value = NULL;
} }
if((strlen(myname) == strlen(name)) && if ((strlen(myname) == strlen(name)) &&
(strncasecmp(myname, name,strlen(myname)) == 0)) { (strncasecmp(myname, name,strlen(myname)) == 0)) {
if(value != NULL && myvalue != NULL) { if (value != NULL && myvalue != NULL) {
if((strlen(myvalue) == strlen(value)) && if ((strlen(myvalue) == strlen(value)) &&
strncasecmp(myvalue,value,strlen(myvalue)) == 0) { strncasecmp(myvalue,value,strlen(myvalue)) == 0) {
if (msr->txcfg->debuglog_level >= 9) { if (msr->txcfg->debuglog_level >= 9) {
msr_log(msr, 9, "fetch_target_exception: Target %s will not be processed.", target); msr_log(msr, 9, "fetch_target_exception: Target %s will not be processed.", target);
@@ -145,7 +145,7 @@ static int fetch_target_exception(msre_rule *rule, modsec_rec *msr, msre_var *va
} }
if(match == 1) if (match == 1)
return 1; return 1;
return 0; return 0;
@@ -163,10 +163,10 @@ static int fetch_target_exception(msre_rule *rule, modsec_rec *msr, msre_var *va
char *msre_ruleset_rule_update_target_matching_exception(modsec_rec *msr, msre_ruleset *ruleset, rule_exception *re, const char *p2, const char *p3) { char *msre_ruleset_rule_update_target_matching_exception(modsec_rec *msr, msre_ruleset *ruleset, rule_exception *re, const char *p2, const char *p3) {
char *err; char *err;
if(ruleset == NULL) if (ruleset == NULL)
return NULL; return NULL;
if(p2 == NULL) { if (p2 == NULL) {
return apr_psprintf(ruleset->mp, "Trying to update without a target"); return apr_psprintf(ruleset->mp, "Trying to update without a target");
} }
@@ -253,26 +253,24 @@ char *update_rule_target_ex(modsec_rec *msr, msre_ruleset *ruleset, msre_rule *r
char *target_list = NULL, *replace = NULL; char *target_list = NULL, *replace = NULL;
int i, rc, match = 0, var_appended = 0; int i, rc, match = 0, var_appended = 0;
if(rule != NULL) { if (rule != NULL) {
target_list = strdup(p2); target_list = strdup(p2);
if(target_list == NULL) if (target_list == NULL) {
return apr_psprintf(ruleset->mp, "Error to update target - memory allocation");; my_error_msg = apr_psprintf(ruleset->mp, "Error to update target - memory allocation");
goto end;
}
if(p3 != NULL) { if (p3 != NULL) {
replace = strdup(p3); replace = strdup(p3);
if(replace == NULL) { if (replace == NULL) {
free(target_list); my_error_msg = apr_psprintf(ruleset->mp, "Error to update target - memory allocation");
target_list = NULL; goto end;
return apr_psprintf(ruleset->mp, "Error to update target - memory allocation");;
} }
} }
if(replace != NULL) { if (replace != NULL) {
opt = strchr(replace,'!'); opt = strchr(replace,'!');
if (opt != NULL) {
if(opt != NULL) {
*opt = '\0'; *opt = '\0';
opt++; opt++;
param = opt; param = opt;
@@ -288,47 +286,31 @@ char *update_rule_target_ex(modsec_rec *msr, msre_ruleset *ruleset, msre_rule *r
opt = strchr(param,':'); opt = strchr(param,':');
if(opt != NULL) { if (opt != NULL) {
name = apr_strtok(param,":",&value); name = apr_strtok(param,":",&value);
} else { } else {
name = param; name = param;
} }
if(apr_table_get(ruleset->engine->variables, name) == NULL) { if (apr_table_get(ruleset->engine->variables, name) == NULL) {
if(target_list != NULL) my_error_msg = apr_psprintf(ruleset->mp, "Error to update target - [%s] is not valid target", name);
free(target_list); goto end;
if(replace != NULL)
free(replace);
if(msr) {
msr_log(msr, 9, "Error to update target - [%s] is not valid target", name);
}
return apr_psprintf(ruleset->mp, "Error to update target - [%s] is not valid target", name);
} }
name_len = strlen(name); name_len = strlen(name);
if(value != NULL) if (value != NULL) value_len = strlen(value);
value_len = strlen(value);
if(msr) {
msr_log(msr, 9, "Trying to replace by variable name [%s] value [%s]", name, value);
}
#if !defined(MSC_TEST)
else {
ap_log_error(APLOG_MARK, APLOG_INFO, 0, NULL, " ModSecurity: Trying to replace by variable name [%s] value [%s]", name, value);
}
#endif
targets = (msre_var **)rule->targets->elts; targets = (msre_var **)rule->targets->elts;
// TODO need a good way to remove the element from array, maybe change array by tables or rings // TODO need a good way to remove the element from array, maybe change array by tables or rings
for (i = 0; i < rule->targets->nelts; i++) { for (i = 0; i < rule->targets->nelts; i++) {
if((strlen(targets[i]->name) == strlen(name)) && if ((strlen(targets[i]->name) == strlen(name)) &&
(strncasecmp(targets[i]->name,name,strlen(targets[i]->name)) == 0) && (strncasecmp(targets[i]->name,name,strlen(targets[i]->name)) == 0) &&
(targets[i]->is_negated == is_negated) && (targets[i]->is_negated == is_negated) &&
(targets[i]->is_counting == is_counting)) { (targets[i]->is_counting == is_counting)) {
if(value != NULL && targets[i]->param != NULL) { if (value != NULL && targets[i]->param != NULL) {
if((strlen(targets[i]->param) == strlen(value)) && if ((strlen(targets[i]->param) == strlen(value)) &&
strncasecmp(targets[i]->param,value,strlen(targets[i]->param)) == 0) { strncasecmp(targets[i]->param,value,strlen(targets[i]->param)) == 0) {
targets[i]->name[0] = '\0'; targets[i]->name[0] = '\0';
targets[i]->param[0] = '\0'; targets[i]->param[0] = '\0';
@@ -350,22 +332,16 @@ char *update_rule_target_ex(modsec_rec *msr, msre_ruleset *ruleset, msre_rule *r
p = apr_strtok(target_list, ",", &savedptr); p = apr_strtok(target_list, ",", &savedptr);
while(p != NULL) { while (p != NULL) {
if(replace != NULL) { if (replace != NULL) {
if(match == 1) { if (match == 1) {
rc = msre_parse_targets(ruleset, p, rule->targets, &my_error_msg); rc = msre_parse_targets(ruleset, p, rule->targets, &my_error_msg);
if (rc < 0) { if (rc < 0) {
if(msr) { if (my_error_msg) my_error_msg = apr_psprintf(ruleset->mp, "Error parsing rule targets to replace variable: %s", my_error_msg);
msr_log(msr, 9, "Error parsing rule targets to replace variable"); else my_error_msg = apr_psprintf(ruleset->mp, "Error parsing rule targets to replace variable");
}
#if !defined(MSC_TEST)
else {
ap_log_error(APLOG_MARK, APLOG_ERR, 0, NULL, " ModSecurity: Error parsing rule targets to replace variable");
}
#endif
goto end; goto end;
} }
if(msr) { if (msr) {
msr_log(msr, 9, "Successfully replaced variable"); msr_log(msr, 9, "Successfully replaced variable");
} }
#if !defined(MSC_TEST) #if !defined(MSC_TEST)
@@ -376,28 +352,24 @@ char *update_rule_target_ex(modsec_rec *msr, msre_ruleset *ruleset, msre_rule *r
var_appended = 1; var_appended = 1;
} else { } else {
if(msr) { my_error_msg = apr_psprintf(ruleset->mp, "Cannot find variable to replace");
msr_log(msr, 9, "Cannot find variable to replace");
}
#if !defined(MSC_TEST)
else {
ap_log_error(APLOG_MARK, APLOG_ERR, 0, NULL, " ModSecurity: Cannot find varibale to replace");
}
#endif
goto end; goto end;
} }
} else { }
else {
target = strdup(p); target = strdup(p);
if(target == NULL) if (target == NULL) {
return NULL; my_error_msg = apr_psprintf(ruleset->mp, "Error to update target - memory allocation");
goto end;
}
is_negated = is_counting = 0; is_negated = is_counting = 0;
param = name = value = NULL; param = name = value = NULL;
opt = strchr(target,'!'); opt = strchr(target,'!');
if(opt != NULL) { if (opt != NULL) {
*opt = '\0'; *opt = '\0';
opt++; opt++;
param = opt; param = opt;
@@ -412,30 +384,22 @@ char *update_rule_target_ex(modsec_rec *msr, msre_ruleset *ruleset, msre_rule *r
} }
opt = strchr(param,':'); opt = strchr(param,':');
if (opt != NULL) {
if(opt != NULL) {
name = apr_strtok(param,":",&value); name = apr_strtok(param,":",&value);
} else { } else {
name = param; name = param;
} }
if(apr_table_get(ruleset->engine->variables, name) == NULL) { if (apr_table_get(ruleset->engine->variables, name) == NULL) {
if(target_list != NULL) my_error_msg = apr_psprintf(ruleset->mp, "Error to update target - [%s] is not valid target", name);
free(target_list); goto end;
if(replace != NULL)
free(replace);
if(msr) {
msr_log(msr, 9, "Error to update target - [%s] is not valid target", name);
}
return apr_psprintf(ruleset->mp, "Error to update target - [%s] is not valid target", name);
} }
name_len = strlen(name); name_len = strlen(name);
if(value != NULL) if (value != NULL) value_len = strlen(value);
value_len = strlen(value);
if(msr) { if (msr) {
msr_log(msr, 9, "Trying to append variable name [%s] value [%s]", name, value); msr_log(msr, 9, "Trying to append variable name [%s] value [%s]", name, value);
} }
#if !defined(MSC_TEST) #if !defined(MSC_TEST)
@@ -447,45 +411,37 @@ char *update_rule_target_ex(modsec_rec *msr, msre_ruleset *ruleset, msre_rule *r
targets = (msre_var **)rule->targets->elts; targets = (msre_var **)rule->targets->elts;
for (i = 0; i < rule->targets->nelts; i++) { for (i = 0; i < rule->targets->nelts; i++) {
if((strlen(targets[i]->name) == strlen(name)) && if ((strlen(targets[i]->name) == strlen(name)) &&
(strncasecmp(targets[i]->name,name,strlen(targets[i]->name)) == 0) && (strncasecmp(targets[i]->name,name,strlen(targets[i]->name)) == 0) &&
(targets[i]->is_negated == is_negated) && (targets[i]->is_negated == is_negated) &&
(targets[i]->is_counting == is_counting)) { (targets[i]->is_counting == is_counting)) {
if(value != NULL && targets[i]->param != NULL) { if (value != NULL && targets[i]->param != NULL) {
if((strlen(targets[i]->param) == strlen(value)) && if ((strlen(targets[i]->param) == strlen(value)) &&
strncasecmp(targets[i]->param,value,strlen(targets[i]->param)) == 0) { strncasecmp(targets[i]->param,value,strlen(targets[i]->param)) == 0) {
match = 1; match = 1;
} }
} else if (value == NULL && targets[i]->param == NULL){ } else if (value == NULL && targets[i]->param == NULL){
match = 1; match = 1;
} else } else continue;
continue;
} }
} }
if(target != NULL) { if (target != NULL) {
free(target); free(target);
target = NULL; target = NULL;
} }
if(match == 0 ) { if (match == 0 ) {
rc = msre_parse_targets(ruleset, p, rule->targets, &my_error_msg); rc = msre_parse_targets(ruleset, p, rule->targets, &my_error_msg);
if (rc < 0) { if (rc < 0) {
if(msr) { my_error_msg = apr_psprintf(ruleset->mp, "Error parsing rule targets to append variable");
msr_log(msr, 9, "Error parsing rule targets to append variable");
}
#if !defined(MSC_TEST)
else {
ap_log_error(APLOG_MARK, APLOG_ERR, 0, NULL, " ModSecurity: Error parsing rule targets to append variable");
}
#endif
goto end; goto end;
} }
var_appended = 1; var_appended = 1;
} else { } else {
if(msr) { if (msr) {
msr_log(msr, 9, "Skipping variable, already appended"); msr_log(msr, 9, "Skipping variable, already appended");
} }
#if !defined(MSC_TEST) #if !defined(MSC_TEST)
@@ -499,11 +455,11 @@ char *update_rule_target_ex(modsec_rec *msr, msre_ruleset *ruleset, msre_rule *r
p = apr_strtok(NULL,",",&savedptr); p = apr_strtok(NULL,",",&savedptr);
} }
if(var_appended == 1) { if (var_appended == 1) {
current_targets = msre_generate_target_string(ruleset->mp, rule); current_targets = msre_generate_target_string(ruleset->mp, rule);
rule->unparsed = msre_rule_generate_unparsed(ruleset->mp, rule, current_targets, NULL, NULL); rule->unparsed = msre_rule_generate_unparsed(ruleset->mp, rule, current_targets, NULL, NULL);
rule->p1 = apr_pstrdup(ruleset->mp, current_targets); rule->p1 = apr_pstrdup(ruleset->mp, current_targets);
if(msr) { if (msr) {
msr_log(msr, 9, "Successfully appended variable"); msr_log(msr, 9, "Successfully appended variable");
} }
#if !defined(MSC_TEST) #if !defined(MSC_TEST)
@@ -515,19 +471,14 @@ char *update_rule_target_ex(modsec_rec *msr, msre_ruleset *ruleset, msre_rule *r
} }
end: end:
if(target_list != NULL) { if (my_error_msg) {
free(target_list); if (msr) msr_log(msr, 9, my_error_msg);
target_list = NULL; else ap_log_error(APLOG_MARK, APLOG_INFO, 0, NULL, my_error_msg);
} }
if(replace != NULL) { if (target_list != NULL) free(target_list);
free(replace); if (replace != NULL) free(replace);
replace = NULL; if (target != NULL) free(target);
} return my_error_msg;
if(target != NULL) {
free(target);
target = NULL;
}
return NULL;
} }
int msre_ruleset_rule_matches_exception(msre_rule *rule, rule_exception *re) { int msre_ruleset_rule_matches_exception(msre_rule *rule, rule_exception *re) {
@@ -573,7 +524,7 @@ int msre_ruleset_rule_matches_exception(msre_rule *rule, rule_exception *re) {
for (act = 0; act < tarr->nelts; act++) { for (act = 0; act < tarr->nelts; act++) {
msre_action *action = (msre_action *)telts[act].val; msre_action *action = (msre_action *)telts[act].val;
if((action != NULL) && (action->metadata != NULL) && (strcmp("tag", action->metadata->name) == 0)) { if ((action != NULL) && (action->metadata != NULL) && (strcmp("tag", action->metadata->name) == 0)) {
int rc = msc_regexec(re->param_data, int rc = msc_regexec(re->param_data,
action->param, strlen(action->param), action->param, strlen(action->param),
@@ -624,7 +575,7 @@ static char *msre_generate_target_string(apr_pool_t *pool, msre_rule *rule) {
for (i = 0; i < rule->targets->nelts; i++) { for (i = 0; i < rule->targets->nelts; i++) {
if(targets[i]->name != NULL && strlen(targets[i]->name) > 0) { if (targets[i]->name != NULL && strlen(targets[i]->name) > 0) {
target_str = apr_pstrcat(pool, target_str = apr_pstrcat(pool,
(target_str == NULL) ? "" : apr_psprintf(pool, "%s|", target_str), (target_str == NULL) ? "" : apr_psprintf(pool, "%s|", target_str),
(targets[i]->is_negated == 0) ? "" : "!", (targets[i]->is_negated == 0) ? "" : "!",
@@ -1569,12 +1520,12 @@ static apr_status_t msre_ruleset_process_phase_(msre_ruleset *ruleset, modsec_re
if ((rule->placeholder == RULE_PH_NONE) || (rule->actionset->id == NULL) || (strcmp(skip_after, rule->actionset->id) != 0)) { if ((rule->placeholder == RULE_PH_NONE) || (rule->actionset->id == NULL) || (strcmp(skip_after, rule->actionset->id) != 0)) {
if(i-1 >=0) if (i-1 >=0)
last_rule = rules[i-1]; last_rule = rules[i-1];
else else
last_rule = rules[0]; last_rule = rules[0];
if((last_rule != NULL) && (last_rule->actionset != NULL) && last_rule->actionset->is_chained && (saw_starter == 1)) { if ((last_rule != NULL) && (last_rule->actionset != NULL) && last_rule->actionset->is_chained && (saw_starter == 1)) {
mode = NEXT_RULE; mode = NEXT_RULE;
skipped = 1; skipped = 1;
--i; --i;
@@ -1666,7 +1617,7 @@ static apr_status_t msre_ruleset_process_phase_(msre_ruleset *ruleset, modsec_re
for(j = 0; j < msr->removed_rules_msg->nelts; j++) { for(j = 0; j < msr->removed_rules_msg->nelts; j++) {
re = ((rule_exception **)msr->removed_rules_msg->elts)[j]; re = ((rule_exception **)msr->removed_rules_msg->elts)[j];
if(rule->actionset->msg !=NULL) { if (rule->actionset->msg !=NULL) {
if (msr->txcfg->debuglog_level >= 9) { if (msr->txcfg->debuglog_level >= 9) {
msr_log(msr, 9, "Checking removal of rule msg=\"%s\" against: %s", rule->actionset->msg, re->param); msr_log(msr, 9, "Checking removal of rule msg=\"%s\" against: %s", rule->actionset->msg, re->param);
@@ -1685,7 +1636,7 @@ static apr_status_t msre_ruleset_process_phase_(msre_ruleset *ruleset, modsec_re
for(j = 0; j < msr->removed_rules->nelts; j++) { for(j = 0; j < msr->removed_rules->nelts; j++) {
range = ((const char**)msr->removed_rules->elts)[j]; range = ((const char**)msr->removed_rules->elts)[j];
if(rule->actionset->id !=NULL) { if (rule->actionset->id !=NULL) {
if (msr->txcfg->debuglog_level >= 9) { if (msr->txcfg->debuglog_level >= 9) {
msr_log(msr, 9, "Checking removal of rule id=\"%s\" against: %s", rule->actionset->id, range); msr_log(msr, 9, "Checking removal of rule id=\"%s\" against: %s", rule->actionset->id, range);
@@ -1704,13 +1655,13 @@ static apr_status_t msre_ruleset_process_phase_(msre_ruleset *ruleset, modsec_re
for (act = 0; act < tag_tarr->nelts; act++) { for (act = 0; act < tag_tarr->nelts; act++) {
msre_action *action = (msre_action *)tag_telts[act].val; msre_action *action = (msre_action *)tag_telts[act].val;
if((action != NULL) && (action->metadata != NULL ) && strcmp("tag", action->metadata->name) == 0) { if ((action != NULL) && (action->metadata != NULL ) && strcmp("tag", action->metadata->name) == 0) {
for(j = 0; j < msr->removed_rules_tag->nelts; j++) { for(j = 0; j < msr->removed_rules_tag->nelts; j++) {
re = ((rule_exception **)msr->removed_rules_tag->elts)[j]; re = ((rule_exception **)msr->removed_rules_tag->elts)[j];
if(action->param != NULL) { if (action->param != NULL) {
/* Expand variables in the tag argument. */ /* Expand variables in the tag argument. */
msc_string *var = (msc_string *)apr_pcalloc(msr->mp, sizeof(msc_string)); msc_string *var = (msc_string *)apr_pcalloc(msr->mp, sizeof(msc_string));
@@ -1756,7 +1707,7 @@ static apr_status_t msre_ruleset_process_phase_(msre_ruleset *ruleset, modsec_re
} }
} }
if(msr->txcfg->is_enabled == MODSEC_DISABLED) { if (msr->txcfg->is_enabled == MODSEC_DISABLED) {
saw_starter = 0; saw_starter = 0;
skipped = 0; skipped = 0;
skip_after = NULL; skip_after = NULL;
@@ -1836,12 +1787,12 @@ static apr_status_t msre_ruleset_process_phase_(msre_ruleset *ruleset, modsec_re
msr_log(msr, 9, "Match, intercepted -> returning."); msr_log(msr, 9, "Match, intercepted -> returning.");
} }
if(i-1 >= 0) if (i-1 >= 0)
last_rule = rules[i-1]; last_rule = rules[i-1];
else else
last_rule = rules[0]; last_rule = rules[0];
if((last_rule != NULL) && (last_rule->actionset != NULL) && last_rule->actionset->is_chained) { if ((last_rule != NULL) && (last_rule->actionset != NULL) && last_rule->actionset->is_chained) {
int st = 0; int st = 0;
@@ -1849,8 +1800,8 @@ static apr_status_t msre_ruleset_process_phase_(msre_ruleset *ruleset, modsec_re
rule_starter = rules[st]; rule_starter = rules[st];
if(rule_starter != NULL && rule_starter->chain_starter != NULL) { if (rule_starter != NULL && rule_starter->chain_starter != NULL) {
if((msr != NULL) && (msr->intercept_actionset != NULL) && (rule_starter->actionset != NULL)) if ((msr != NULL) && (msr->intercept_actionset != NULL) && (rule_starter->actionset != NULL))
msr->intercept_actionset->intercept_uri = rule_starter->actionset->intercept_uri; msr->intercept_actionset->intercept_uri = rule_starter->actionset->intercept_uri;
break; break;
} }
@@ -1874,7 +1825,7 @@ static apr_status_t msre_ruleset_process_phase_(msre_ruleset *ruleset, modsec_re
continue; continue;
} }
if(skipped == 1) { if (skipped == 1) {
mode = SKIP_RULES; mode = SKIP_RULES;
continue; continue;
} }
@@ -2040,7 +1991,7 @@ static msre_rule * msre_ruleset_fetch_phase_rule(const msre_ruleset *ruleset, co
&& (strcmp(rule->actionset->id, id) == 0)) && (strcmp(rule->actionset->id, id) == 0))
{ {
/* Return rule that matched unless it is a placeholder */ /* Return rule that matched unless it is a placeholder */
if(offset == 0) { if (offset == 0) {
return (rule->placeholder == RULE_PH_NONE) ? rule : NULL; return (rule->placeholder == RULE_PH_NONE) ? rule : NULL;
} }
else { else {
@@ -2139,7 +2090,7 @@ static int msre_ruleset_phase_rule_remove_with_exception(msre_ruleset *ruleset,
for (act = 0; act < tarr->nelts; act++) { for (act = 0; act < tarr->nelts; act++) {
msre_action *action = (msre_action *)telts[act].val; msre_action *action = (msre_action *)telts[act].val;
if((action != NULL) && (action->metadata != NULL) && (strcmp("tag", action->metadata->name) == 0)) { if ((action != NULL) && (action->metadata != NULL) && (strcmp("tag", action->metadata->name) == 0)) {
int rc = msc_regexec(re->param_data, int rc = msc_regexec(re->param_data,
action->param, strlen(action->param), action->param, strlen(action->param),
@@ -2682,7 +2633,7 @@ static int execute_operator(msre_var *var, msre_rule *rule, modsec_rec *msr,
if (rc > 0) { if (rc > 0) {
rc = fetch_target_exception(rule, msr, var, exceptions); rc = fetch_target_exception(rule, msr, var, exceptions);
if(rc > 0) { if (rc > 0) {
if (msr->txcfg->debuglog_level >= 4) { if (msr->txcfg->debuglog_level >= 4) {
msr_log(msr, 4, "Executing operator \"%s%s\" with param \"%s\" against %s skipped.", msr_log(msr, 4, "Executing operator \"%s%s\" with param \"%s\" against %s skipped.",
@@ -2730,22 +2681,22 @@ static int execute_operator(msre_var *var, msre_rule *rule, modsec_rec *msr,
msr_log(msr, 4, "Operator completed in %" APR_TIME_T_FMT " usec.", (t1 - time_before_op)); msr_log(msr, 4, "Operator completed in %" APR_TIME_T_FMT " usec.", (t1 - time_before_op));
} }
if(msr->txcfg->max_rule_time > 0) { if (msr->txcfg->max_rule_time > 0) {
apr_time_t t1 = apr_time_now(); apr_time_t t1 = apr_time_now();
apr_time_t rule_time = 0; apr_time_t rule_time = 0;
const char *rt_time = NULL; const char *rt_time = NULL;
if(rule->actionset->id != NULL) { if (rule->actionset->id != NULL) {
rt_time = apr_table_get(msr->perf_rules, rule->actionset->id); rt_time = apr_table_get(msr->perf_rules, rule->actionset->id);
if(rt_time == NULL) { if (rt_time == NULL) {
rt_time = apr_psprintf(msr->mp, "%" APR_TIME_T_FMT, (t1 - time_before_op)); rt_time = apr_psprintf(msr->mp, "%" APR_TIME_T_FMT, (t1 - time_before_op));
rule_time = (apr_time_t)atoi(rt_time); rule_time = (apr_time_t)atoi(rt_time);
if(rule_time >= msr->txcfg->max_rule_time) if (rule_time >= msr->txcfg->max_rule_time)
apr_table_setn(msr->perf_rules, rule->actionset->id, rt_time); apr_table_setn(msr->perf_rules, rule->actionset->id, rt_time);
} else { } else {
rule_time = (apr_time_t)atoi(rt_time); rule_time = (apr_time_t)atoi(rt_time);
rule_time += (t1 - time_before_op); rule_time += (t1 - time_before_op);
if(rule_time >= msr->txcfg->max_rule_time) { if (rule_time >= msr->txcfg->max_rule_time) {
rt_time = apr_psprintf(msr->mp, "%" APR_TIME_T_FMT, rule_time); rt_time = apr_psprintf(msr->mp, "%" APR_TIME_T_FMT, rule_time);
apr_table_setn(msr->perf_rules, rule->actionset->id, rt_time); apr_table_setn(msr->perf_rules, rule->actionset->id, rt_time);
} }
@@ -2783,7 +2734,7 @@ static int execute_operator(msre_var *var, msre_rule *rule, modsec_rec *msr,
*(const msre_rule **)apr_array_push(msr->matched_rules) = rule; *(const msre_rule **)apr_array_push(msr->matched_rules) = rule;
/* Save the last matched var data */ /* Save the last matched var data */
if(var != NULL && msr != NULL) { if (var != NULL && msr != NULL) {
msc_string *mvar = NULL; msc_string *mvar = NULL;
msr->matched_var->name = apr_pstrdup(msr->mp, var->name); msr->matched_var->name = apr_pstrdup(msr->mp, var->name);