github_mirrors/ModSecurity
3
0
Fork 1
mirror of https://github.com/owasp-modsecurity/ModSecurity.git synced 2025-09-27 18:28:50 +03:00
Code Issues Packages Projects Releases Wiki Activity
2,286 Commits 55 Branches 109 Tags
Commit Graph

1314 Commits

Author SHA1 Message Date
Ervin Hegedus
1953e37217
Add nullptr check conditions 2025-04-20 21:44:47 +02:00
Ervin Hegedus
0c8cc6e2cf
Finish XMLArgs processing 2025-04-07 14:01:46 +02:00
Marc Stern
fa621f81e9
Merge pull request #3284 from marcstern/v2/pr/utf8toUnicodeVsMultibyte 
Incorrect utf8toUnicode transformation for 00xx
 2024-11-12 17:34:05 +01:00
Marc Stern
87dbae9bb2 assert(input != NULL); 2024-11-04 13:53:28 +01:00
Marc Stern
907d61ad6d Incorrect utf8toUnicode transformation for 00xx 
Fix issue and restructure handling
 2024-10-22 15:51:55 +02:00
Marc Stern
ecab91a74e Add problematic pattern when DEBUG_CONF is defined 2024-10-17 14:43:03 +02:00
Marc Stern
89ff91dae3 Fixed PCRE2 error message 2024-10-17 14:10:56 +02:00
Tomas Korbar
bec33810e9 Move log opening to appropriate execution phase 
When piped logs are opened during parsing of configuration
it results in unexpected situations in apache httpd
and can cause hang of process which is trying to log
into auditlog.

Code should work as before, with the exception of
one additional condition evaluation when primary
audit log is not set and secondary audit log
path to piped executable is now not relative
to server root.
 2024-10-11 14:50:20 +02:00
Marc Stern
23e3cb491a Fix for #3255 
We don't have to generate a temp name ourselves, it'll be done in apr_global_mutex_create().
We don't have to provide a filename, apr_global_mutex_create() generates one automatically.
Moreover, under Unix & Windows, the preferred mechanism won't use a file at all.
apr_file_mktemp() cannot be used as it creates the file (at least on FreeBSD).
Discussion in Apache mailing list: https://lists.apache.org/thread/ykb26kg4lgcqnldvxwd9p6hv16fy4z9l
 2024-10-03 12:42:23 +02:00
Marc Stern
090e4d3baa
Merge pull request #3257 from marcstern/v2/pr/msr_global_mutex_lock 
msr_global_mutex_lock: handle errors from apr_global_mutex_lock
 2024-10-02 17:09:51 +02:00
Rainer Jung
149376377e Move id_log() to msc_util to fix unit tests; it is declared on msc_util.h already 2024-10-01 13:58:22 +02:00
Marc Stern
c99d931f3c Initialize filename to NULL 2024-09-30 13:53:31 +02:00
Marc Stern
b8e8e30730 Fixed parameters/functions names 2024-09-30 13:12:38 +02:00
Marc Stern
9ba1caa2fa Missing #include <time.h> 2024-09-25 13:57:05 +02:00
Marc Stern
b850c74b12 We should have get the warning at lock time, so ignore it at unlock time 2024-09-12 14:07:55 +02:00
Marc Stern
449c080e63 Same for global_mutex_unlock 2024-09-12 13:01:44 +02:00
Marc Stern
b52201010d msr_global_mutex_lock: Handle errors from apr_global_mutex_lock 2024-09-12 12:18:25 +02:00
Ervin Hegedus
cddd9a7eb5
Fix build error if -Werror=format-security is presented 2024-09-03 21:49:43 +02:00
Ervin Hegedus
ad0161118d
Change release version to v2.9.8 2024-09-03 14:40:55 +02:00
Marc Stern
6be2ee534a Fixed ap_log_perror() usage 
Replaces  #3236
 2024-08-26 17:17:36 +02:00
Ervin Hegedus
f65415ae8a
Merge pull request #3191 from marcstern/v2/pr/mem_leak_re 
Memory leaks + enhanced logging
 2024-08-26 16:37:01 +02:00
Marc Stern
046d3eb3ec Fixed two error messages 2024-08-19 14:19:05 +02:00
Ervin Hegedus
e7e11d972f
Merge pull request #3202 from marcstern/v2/pr/assert 
Fixed assert() usage
 2024-08-18 22:58:06 +02:00
Marc Stern
60d07a5547 added one more NULL check at run-time 2024-08-16 09:23:11 +02:00
Marc Stern
4b391834ec added more NULL checks at run-time 2024-08-14 19:09:15 +02:00
Marc Stern
0066a67911 added more NULL checks at run-time 2024-08-14 19:00:25 +02:00
Marc Stern
22a6829690 added more NULL checks at run-time 2024-08-14 18:44:45 +02:00
Marc Stern
e5bbd89399 re-added some NULL check at run-time, with an error message on stderr 2024-08-14 13:53:52 +02:00
Ervin Hegedus
277e7e2bf6
Merge pull request #3193 from marcstern/v2/pr/useless 
Removed useless code
 2024-08-14 10:59:03 +02:00
Ervin Hegedus
e6e3417e9d
Remove unnecessary assert() 2024-08-13 11:07:44 +02:00
Ervin Hegedus
f27c85cf47
Check if the MP header contains invalid character 2024-08-13 11:07:18 +02:00
Ervin Hegedus
935e68c816
Merge pull request #3192 from marcstern/v2/pr/errorlog 
Use standard httpd logging format in error log
 2024-08-12 17:17:15 +02:00
Marc Stern
d32c8f1ad8 Fixed invalid logging 2024-08-12 17:06:35 +02:00
Ervin Hegedus
914c1a1cb2
Merge pull request #3194 from marcstern/v2/pr/PCRE_ERROR_NOMATCH 
msc_regexec() != PCRE_ERROR_NOMATCH
 2024-08-12 16:40:40 +02:00
Marc Stern
692710cab7 Replaced 0 by '\0' for char 2024-08-07 13:45:09 +02:00
Marc Stern
8dd5d5f46b re_operators.c: removed invalid check (done correctly on line 1067) 
copy_rules(): only one return code => void
 2024-08-07 09:42:40 +02:00
Marc Stern
cb11716af7 Merge branch 'v2/master' of https://github.com/marcstern/ModSecurity into v2/pr/assert 2024-08-02 17:52:01 +02:00
Ervin Hegedus
e4245986bf
Merge pull request #3198 from marcstern/v2/pr/collection_store_log 
Add collection size in log in case of writing error
 2024-07-31 18:20:46 +02:00
Marc Stern
7c379c8d59 Fixed assert() usage: 
- added some missing
 - removed some invalid
 - removed some that were not relevant in the context of the current function, when done in a called function
 2024-07-31 11:17:36 +02:00
Marc Stern
0be1f1566a
Remove redundant entry 
[client %s] is added by the standard httpd log function => remove it
 2024-07-31 09:38:20 +02:00
Ervin Hegedus
df79bf6843
Merge pull request #3187 from marcstern/v2/pr/logidptr 
Invalid pointer access in case rule id == NOT_SET_P
 2024-07-30 16:25:54 +02:00
Ervin Hegedus
223ce91aee
Move xmlFree() call to the right place 2024-07-25 20:52:55 +02:00
Marc Stern
f143663cf0 Add collection in log in case of writing error 2024-07-25 09:30:48 +02:00
Marc Stern
73a79af593 Fixed duplicate log entry 
use ap_log_error() if msr is NULL
Fixed indentation
 2024-07-25 08:55:26 +02:00
Marc Stern
b53c2277d7 removed duplicate log entry 2024-07-25 08:39:44 +02:00
Marc Stern
9b987cc3f9 Return of msc_regexec() compared with PCRE_ERROR_NOMATCH (!=) to check if match. 
Other errors may happen that would return -2, -3, ...
Matching would be incorrectly set in this case.
We must check if >= 0
 2024-07-22 17:08:16 +02:00
Marc Stern
cd65a44d64 Removed useless code 2024-07-22 16:53:58 +02:00
Marc Stern
f32be70793 Use standard httpd logging format in error log 2024-07-22 16:24:56 +02:00
Marc Stern
a32b512a7f Systematically log problems in update_rule_target_ex(). 
Fix some memory leaks in update_rule_target_ex().
 2024-07-22 15:59:28 +02:00
Marc Stern
243d9c978a Log audit lock name in case of problem 2024-07-22 15:57:15 +02:00