Allow empty strings to be evaluated by regex::searchAll

2025-08-13 13:26:01 +03:00 · 2018-06-18 22:01:07 -03:00 · 2018-06-18 22:01:07 -03:00 · fd8e72fd97
commit fd8e72fd97
parent 7def498c4c
3 changed files with 55 additions and 5 deletions
--- a/Makefile.am
+++ b/Makefile.am
@ -87,6 +87,7 @@ LOG_COMPILER=test/test-suite.sh
 # for i in `find test/test-cases -iname *.json`; do echo TESTS+=$i; done
 TESTS=
 TESTS+=test/test-cases/regression/issue-1591.json
+TESTS+=test/test-cases/regression/issue-1785.json
 TESTS+=test/test-cases/regression/variable-RESPONSE_HEADERS.json
 TESTS+=test/test-cases/regression/config-include.json
 TESTS+=test/test-cases/regression/variable-WEBSERVER_ERROR_LOG.json
--- a/src/utils/regex.cc
+++ b/src/utils/regex.cc
@ -91,16 +91,16 @@ std::list<SMatch> Regex::searchAll(const std::string& s) {
                rc = 0;
                break;
            }
-            if (len == 0) {
-                rc = 0;
-                break;
-            }
            match.match = std::string(tmpString, start, len);
            match.m_offset = start;
            match.m_length = len;
            offset = start + len;
-
            retList.push_front(match);
+
+            if (len == 0) {
+                rc = 0;
+                break;
+            }
        }
    } while (rc > 0);

--- a/test/test-cases/regression/issue-1785.json
+++ b/test/test-cases/regression/issue-1785.json
@ -0,0 +1,49 @@
+[
+  {
+    "enabled": 1,
+    "version_min": 209000,
+    "version_max": -1,
+    "title": "Should libmodsec pass action clear m_actions?",
+    "url": "https:\/\/github.com\/SpiderLabs\/ModSecurity\/issues\/1152",
+    "client": {
+      "ip": "200.249.12.31",
+      "port": 2313
+    },
+    "server": {
+      "ip": "200.249.12.31",
+      "port": 80
+    },
+    "request": {
+      "headers": {
+        "Host": "net.tutsplus.com",
+        "User-Agent": "",
+        "Accept": "text\/html,application\/xhtml+xml,application\/xml;q=0.9,*\/*;q=0.8",
+        "Accept-Language": "en-us,en;q=0.5",
+        "Accept-Encoding": "gzip,deflate",
+        "Accept-Charset": "ISO-8859-1,utf-8;q=0.7,*;q=0.7",
+        "Keep-Alive": "300",
+        "Connection": "keep-alive",
+        "Cookie": "PHPSESSID=r2t5uvjq435r4q7ib3vtdjq120",
+        "Pragma": "no-cache",
+        "Cache-Control": "no-cache"
+      },
+      "uri": "\/test.pl?foo=bar",
+      "method": "GET",
+      "http_version": 1.1,
+      "body": ""
+    },
+    "response": {
+      "headers": {
+        "Content-Type": "text\/xml; charset=utf-8\n\r",
+        "Content-Length": "length\n\r"
+      }
+    },
+    "expected": {
+      "http_code": 403
+    },
+    "rules": [
+      "SecRuleEngine On",
+      "SecRule REQUEST_HEADERS:User-Agent \"^$\" \"id:'900017',phase:1,t:none,deny,nolog,msg:'foo = bar'\""
+    ]
+  }
+]