github_mirrors/ModSecurity
3
0
Fork 1
mirror of https://github.com/owasp-modsecurity/ModSecurity.git synced 2025-08-14 13:56:01 +03:00
Code Issues Packages Projects Releases Wiki Activity
1,666 Commits 55 Branches 109 Tags
Commit Graph

975 Commits

Author SHA1 Message Date
David Andrews
27dd513ab6 Flip allocations that happen during initialization (typically) over to use non-global apr memory pools. 2014-03-03 08:00:53 -08:00
Felipe Zimmerle
31d7fc6d38 Code cosmetics: Place copy_rules in nice shape. 
Continuation of kukackajiri's work to provide fixes for errors pointed by
Parfait. The function copy_rules had an integer as return code but it was not
filed proper neither checked by its callers. This commit just adds sanity
checks and documentation for the copy_rules function. Marking were placed
on the copy_rules callers, but the return code is not handled yet.
For kukackajiri's work, see merge request: #612
 2014-03-03 04:27:29 -08:00
Jiri Kukacka
62a6f228f8 Fixes for Parfait errors - mostly unhandled NULL pointer dereference and data type mismatch 2014-02-28 17:05:41 -08:00
Justin Gerace
498b9b2e7a Don't reject a large request with ProcessPartial set 2014-02-28 12:36:48 -08:00
Felipe Zimmerle
063dd640e5 Adds internal error messages while parsing the configutarion 
Before this patch, if something went wrong while loading the configuration in
memory, not in terms of syntax but other run time factors such as memory
allocation, the webserver will refuse to start and no further message was given
to the user. This patch adds "Internal Error messages" that are intend to let
the user know more information about the problem that he/she is facing.
 2014-02-24 03:56:17 -08:00
Felipe Zimmerle
795d6a64d2 nginx: Warn about not workable 'proxy' 
Proxy is not yet ready for nginx. Instead of give a generic error, this patch
adds a clean message explains that such functionality is not available on the
nginx port. This patch also modifies the test cases to reflect this changes.
 2014-01-09 11:12:28 -08:00
Felipe Zimmerle
7ac515ee29 nginx: Adds proper support to SecServerSignature 
SecServerSignature was leading nginx to crash. It was trying to write over a
memory area that it was not allowed to. In order to fix that a new function was
created on the standalone api. This function is called
modsecIsServerSignatureAvailale. Whenever it returns data it means that the
function SecServerSignature was used by the user. Nginx module was also patched
to support this new function.
 2014-01-08 18:06:32 -08:00
Chase Venters
0ddd2b4639 Add mod_extract_forwarded.c to run before mod_security2.c 
mod_extract_forwarded2.c is already present in this list, but there is a
(seemingly better) alternative for Apache 2.2 which is distributed in
Fedora EPEL that is called mod_extract_forwarded.c.
 2013-12-18 18:05:03 -08:00
Nick Galbreath
74ec784005 libinjection sync 2013-12-18 04:19:02 +00:00
Felipe Zimmerle
227de9fb8a Reverts commit b1cbccdc6b18a0f3a4edda8a5dfa9f6621485e81 
This belongs to a specific branch as long as it is not stable yet.
 2013-12-18 15:05:01 -08:00
Felipe Zimmerle
2f5af6af73 Merge tag 'refs/tags/v2.7.7' 2013-12-18 14:56:22 -08:00
Felipe Zimmerle
c473aabb4a Changes release version to 2.7.7 
Release version is now 2.7.7.
 2013-12-18 03:46:36 -08:00
ivanr
b1cbccdc6b Added new directive (SecPdfProtectMethod) to enable the user to choose between using token redirection (falling back on forced download in some cases) and forced download (in all cases). 2013-12-17 07:14:25 -08:00
Felipe Zimmerle
1cde4d2dd9 Organizes all Makefile.am 
Now using one file per line (sorted). This is the better way
to handle it, since it reduces the possibility of merge conflicts.
 2013-12-13 09:44:51 -08:00
Felipe \"Zimmerle\" Costa
5046c8327e iis: Cosmetics fixies on sqli. 
This is needed to get it compiled with VS2011 on Windows8
 2013-12-12 14:53:49 -08:00
Felipe \\\"Zimmerle\\\" Costa
a4202146b8 iis: Fix inet_pton build problem 
There is a function named inet_pton on windows API, with different
signature. This patch just override the windows function and point
the inet_pton to our implementation.
 2013-11-07 17:15:52 -02:00
Felipe Zimmerle
b0c3977845 Merge pull request #578 from client9/remotes/trunk 
libinjection sync to v3.8.0
 2013-10-18 05:14:17 -07:00
Nick Galbreath
a5f175d79f libinjection sync 2013-10-18 14:18:55 +09:00
Felipe Zimmerle
88ebf8a0bd Merge pull request #152 from client9/remotes/trunk 
Merge pull request #152 from client9/remotes/trunk

Sync to libinjection v3.7.1
 2013-10-14 07:11:39 -07:00
Nick Galbreath
fcb6dc13ed libinjection sync 2013-10-12 22:04:16 +09:00
Nick Galbreath
f52242a013 libinjection sync 2013-10-12 21:51:26 +09:00
Breno Silva
9a630eea23 Merge pull request #141 from client9/remotes/trunk 
libinjection sync to v3.6.0
 2013-09-16 10:06:25 -07:00
Nick Galbreath
11217207e8 libinjection sync 2013-09-12 11:47:12 +09:00
Breno Silva
f8d441cd25 Fix Chunked string case sensitive issue - CVE-2013-5705 2013-09-04 08:57:07 -03:00
Breno Silva
3901128f17 Revert "Fix Chuncked string case sensitive issue" 
This reverts commit 16a815a3c2735f62238ef99af26090a2b8430d3d.
 2013-09-04 08:53:40 -03:00
Breno Silva
16a815a3c2 Fix Chuncked string case sensitive issue 2013-09-04 08:43:34 -03:00
Nick Galbreath
2268626c20 libinjection sync 2013-08-25 15:30:19 +09:00
Breno Silva
7e0a9ecf7d Fix logical disjunction and conjunction issues 2013-08-12 18:43:56 -03:00
Breno Silva
464ac1ecac Fix crash when use SessionID as paramenter in SecHashKey 2013-07-17 08:51:31 -07:00
Breno Silva
50f9d01406 Merge pull request #130 from client9/remotes/trunk 
libinjection sync v3.4.1
 2013-07-17 20:33:45 -07:00
Nick Galbreath
cefddebe13 libinjection sync 2013-07-14 14:33:34 +09:00
Breno Silva
3f080fa8ce Merge pull request #128 from client9/remotes/trunk 
libinjection v3.3.0 sync
 2013-07-13 12:26:20 -07:00
Nick Galbreath
15f3a3040d libinjection v3.3.0 sync 2013-07-13 13:29:50 +09:00
Nick Galbreath
65e97684bb libinjection v3.2.0 2013-07-12 11:34:27 +09:00
Breno Silva
0fc4142a31 Change strncpy to memcpy 2013-07-05 02:45:05 -07:00
Breno Silva
f44a535c96 Merge pull request #125 from client9/remotes/trunk 
libinjection v3.2.0
 2013-07-12 06:04:19 -07:00
Breno Silva
a6fd09b691 Fix null byte convertion into utf8toUnicode 2013-07-04 03:34:10 -07:00
Breno Silva
229d4e4fe2 Merge pull request #124 from client9/remotes/trunk 
v3.1.0
 2013-07-02 09:19:42 -07:00
Nick Galbreath
9eca8b5ca1 v3.1.0 2013-07-02 10:06:50 +09:00
Breno Silva
b1f61617b5 Merge pull request #122 from client9/remotes/trunk 
sync with 3.0.0 tag
 2013-06-24 19:00:01 -07:00
Nick Galbreath
83fdf34dde sync with 3.0.0 tag 2013-06-25 10:52:48 +09:00
Nick Galbreath
c07b9a5362 libinjection v3.0.0pre21 take 2 2013-06-23 13:58:22 +09:00
Breno Silva
4064e74cca Fixed: Libjection 3.0.0 compilation errors 2013-06-19 11:05:59 -07:00
Breno Silva
bebb45f3bb SecUnicodeMapFile now accepts the code page. SecUnicodeCodePage is deprecated 2013-06-16 01:28:16 -07:00
Breno Silva
034bf19121 Fix double free 2013-06-13 02:11:24 -07:00
Breno Silva
9851769ea4 Fixed: increasing compatibility with older versions of install 2013-06-05 06:48:11 -07:00
Breno Silva
5cf5ff043a Fixed: flush libxml2 output buffer 2013-06-04 19:58:36 -07:00
Breno Silva
df0b048254 Setting crypt outpur buffer as libxml2 output size 2013-06-04 11:02:44 -07:00
Breno Silva
9517c3475d Fixed: URL normalization for SecHashEngine 2013-06-04 10:59:00 -07:00
Breno Silva
1b3b38e6de Added: Release to 2.7.5 2013-06-03 19:54:48 -07:00