1223 Commits

Author	SHA1	Message	Date
Ervin Hegedus	935e68c816	Merge pull request #3192 from marcstern/v2/pr/errorlog ... Use standard httpd logging format in error log	2024-08-12 17:17:15 +02:00
Ervin Hegedus	914c1a1cb2	Merge pull request #3194 from marcstern/v2/pr/PCRE_ERROR_NOMATCH ... msc_regexec() != PCRE_ERROR_NOMATCH	2024-08-12 16:40:40 +02:00
Ervin Hegedus	e4245986bf	Merge pull request #3198 from marcstern/v2/pr/collection_store_log ... Add collection size in log in case of writing error	2024-07-31 18:20:46 +02:00
Marc Stern	0be1f1566a	Remove redundant entry ... [client %s] is added by the standard httpd log function => remove it	2024-07-31 09:38:20 +02:00
Ervin Hegedus	df79bf6843	Merge pull request #3187 from marcstern/v2/pr/logidptr ... Invalid pointer access in case rule id == NOT_SET_P	2024-07-30 16:25:54 +02:00
Ervin Hegedus	223ce91aee	Move xmlFree() call to the right place	2024-07-25 20:52:55 +02:00
Marc Stern	f143663cf0	Add collection in log in case of writing error	2024-07-25 09:30:48 +02:00
Marc Stern	9b987cc3f9	Return of msc_regexec() compared with PCRE_ERROR_NOMATCH (!=) to check if match. ... Other errors may happen that would return -2, -3, ... Matching would be incorrectly set in this case. We must check if >= 0	2024-07-22 17:08:16 +02:00
Marc Stern	f32be70793	Use standard httpd logging format in error log	2024-07-22 16:24:56 +02:00
Marc Stern	ca593a4a40	Passing address of lock instead of lock in acquire_global_lock()	2024-07-20 18:53:30 +02:00
Marc Stern	9fb773c1ce	Invalid pointer access in case rule id == NOT_SET_P	2024-07-20 18:45:14 +02:00
Marc Stern	b89c447782	Merge pull request #3149 from fzipi/fix-tmpnam ... fix: remove usage of insecure tmpnam	2024-05-31 10:07:47 +02:00
Ervin Hegedus	3f4c02fdb3	Merge pull request #3154 from marcstern/v2/pcre ... Use PCRE_STUDY_EXTRA_NEEDED flag	2024-05-31 00:14:07 +02:00
Felipe Zipitria	93aa06bc1f	feat: consolidate into acquire_global_lock and export prototype ... Signed-off-by: Felipe Zipitria <felipe.zipitria@owasp.org>	2024-05-30 09:32:50 -03:00
Felipe Zipitria	54f531efd7	fix: add error logging ... Signed-off-by: Felipe Zipitria <felipe.zipitria@owasp.org>	2024-05-29 15:18:54 -03:00
Felipe Zipitria	e9d0150102	refactor: add acquire mutex function ... Signed-off-by: Felipe Zipitria <felipe.zipitria@owasp.org>	2024-05-29 15:18:54 -03:00
Felipe Zipitria	d4d71b4f28	fix: remove unsafe tmpnam usage ... Signed-off-by: Felipe Zipitria <felipe.zipitria@owasp.org>	2024-05-29 15:18:54 -03:00
Marc Stern	bc682d5b4a	Revert pcre_study() creating the extra data, as it's done afterwards anyway.	2024-05-29 11:38:10 +02:00
Ervin Hegedus	8a3b62021e	Merge pull request #3153 from marcstern/v2/LARGE_STREAM_INPUT_nullend ... Missing null byte + optimization	2024-05-28 22:33:26 +02:00
Marc Stern	f08897003b	msr->msc_full_request_buffer is freed but not assigned to NULL. It could be freed again later	2024-05-28 16:25:26 +02:00
Marc Stern	84ad094ff6	Use PCRE_STUDY_EXTRA_NEEDED flag	2024-05-28 16:19:29 +02:00
Marc Stern	4a992b5a16	Replace a memset to 0 by a single assignment and fixing the 0 byte missing at the end when MSC_LARGE_STREAM_INPUT is not defined	2024-05-28 15:41:38 +02:00
Marc Stern	746f57f963	Changed indentation	2024-05-16 15:52:31 +02:00
Marc Stern	a61820fe2c	Enhanced logging [Issue #3107]	2024-05-10 17:26:23 +02:00
Marc Stern	4961f46a6f	(re)fixed const type	2024-04-16 18:09:00 +02:00
Marc Stern	243ac0563a	Merge branch 'v2/mst/nullcheck2' of https://github.com/marcstern/ModSecurity into v2/mst/nullcheck2	2024-04-16 18:02:16 +02:00
Marc Stern	d35018ef3f	another null check	2024-04-16 18:02:06 +02:00
Marc Stern	62302c2474	Update apache2/apache2_io.c ... Co-authored-by: Felipe Zipitría <3012076+fzipi@users.noreply.github.com>	2024-04-16 17:59:43 +02:00
Marc Stern	5122f89005	defined id_log() only once	2024-04-16 13:28:37 +02:00
Marc Stern	a01b9b527e	minor fixes	2024-04-10 14:04:34 +02:00
Marc Stern	5f938536a0	fixed a NULL check	2024-04-08 11:01:29 +02:00
Marc Stern	c8e1904da8	Missing function	2024-04-05 18:21:02 +02:00
Marc Stern	1014e479b7	Added missing prototype	2024-04-05 18:17:25 +02:00
Marc Stern	649aea7288	Merge branch 'v2/master' into v2/mst/nullcheck2	2024-04-04 16:08:59 +02:00
Marc Stern	518b8ba6ab	more null pointer checks	2024-04-04 16:01:51 +02:00
Marc Stern	538ffa6baa	Added some null pointer checks. ... Added a design doc.	2024-04-04 15:45:55 +02:00
Thomas Wouters	4f33f5b656	Fix possible segfault in collection_unpack ... When var->value_len somehow becomes 0, we risk wrapping around to 4294967295 due to it being an unsigned int. Fixes #3082	2024-03-01 12:12:19 +01:00
Marc Stern	91da5872c1	Many null pointer checks	2024-02-20 13:15:52 +01:00
Ervin Hegedus	2812553a45	Revert "Update re_operators.c" ... This reverts commit 9c0d05f73470b3e6acb1078d8b59a837b363731a.	2024-02-08 00:10:25 +01:00
Ervin Hegedus	6dafdb2b97	Revert "remove useless memset" ... This reverts commit 3dc5ff5f6532a9222bc9607f5f2dd34b28ca6fe4.	2024-02-08 00:07:20 +01:00
Ervin Hegedus	892033237f	Revert "Update re_operators.c" ... This reverts commit 931f8b6ed455fa91d5eead31a34c6320e3cfc1ca.	2024-02-08 00:05:00 +01:00
Ervin Hegedus	a2c4813814	Revert "Fixed variable definition scope (compile error)" ... This reverts commit 0cd8b15c5a780951714e83f9dc907f93562df268.	2024-02-08 00:00:25 +01:00
Ervin Hegedus	ac332cc79d	Revert "'jit' variable not initialized when WITH_PCRE2 is defined"	2024-02-07 23:10:22 +01:00
Ervin Hegedus	5cbd7e6e6c	Revert "Double memory allocation"	2024-02-07 23:09:59 +01:00
Ervin Hegedus	7eabbb2b72	Revert " Fix for DEBUG_CONF compile flag"	2024-02-07 23:09:34 +01:00
Ervin Hegedus	7828c63205	Revert "Fixed 2 memory leaks"	2024-02-07 23:09:05 +01:00
Ervin Hegedus	7073c262b8	Revert "Compatibility with libyajl decoding the buffer inline"	2024-02-07 23:08:46 +01:00
Ervin Hegedus	3f8d21c4b1	Revert "Centralized function to get user name"	2024-02-07 23:08:06 +01:00
Ervin Hegedus	e04e8c4934	Revert "remove useless apr_pstrdup()"	2024-02-07 23:07:14 +01:00
Ervin Hegedus	b034f5ad98	Revert "Fix for https://github.com/SpiderLabs/ModSecurity/issues/610"	2024-02-07 23:06:42 +01:00