github_mirrors/ModSecurity
3
0
Fork 1
mirror of https://github.com/owasp-modsecurity/ModSecurity.git synced 2025-08-14 13:56:01 +03:00
Code Issues Packages Projects Releases Wiki Activity
2,062 Commits 55 Branches 109 Tags
Commit Graph

1200 Commits

Author SHA1 Message Date
Martin Vierula
ac52086b44
Distinguish PCRE vs. PCRE2 in startup version message 2022-12-12 02:41:16 -08:00
Martin Vierula
583b465fdb
Silence compiler warning about discarded const 2022-12-12 02:26:13 -08:00
Martin Vierula
a17cbc8f5e
Support for JIT option for PCRE2 2022-12-07 07:47:42 -08:00
martinhsv
8f04f44b09
Merge pull request #2046 from arminabf/segfault-with-assigned-user 
segfault with assigned user id on OpenShift
 2022-11-23 14:20:25 -08:00
Martin Vierula
f7fa00aadf
Fix: handle error with SecConnReadStateLimit configuration 2022-11-20 10:39:04 -08:00
Erki Aring
b5130acb45 Move APLOG_USE_MODULE out of modsecurity.h 2022-11-15 17:31:18 +02:00
martinhsv
c2b47ea1bb
Merge pull request #2781 from erkia/fix/add-aplog-use-module 
Fix logging for Apache 2.4 (again)
 2022-11-14 14:26:54 -05:00
Martin Vierula
8fc0b519b7
Support for PCRE2 2022-11-08 08:06:39 -08:00
Martin Vierula
dfba4fd24a
Version 2.9.6 2022-09-07 13:36:13 -07:00
Martin Vierula
7a489bd07c
Multipart parsing fixes and new MULTIPART_PART_HEADERS collection 2022-09-07 11:09:47 -07:00
Martin Vierula
d9df7f529e
Limit rsub null termination to where necessary 2022-09-06 05:29:38 -07:00
Erki Aring
45acae4330 Add APLOG_USE_MODULE to correctly mark log messages 2022-08-04 12:44:29 +03:00
Martin Vierula
dfbdaf8f31
XML parser cleanup: NULL duplicate pointer 2022-06-08 15:36:36 -07:00
martinhsv
fc8e5586e7
Merge pull request #2239 from microsoft/fix_malformed_xml_memory_leak 
Properly cleanup XML parser contexts upon completion
 2022-06-08 17:45:53 -04:00
martinhsv
08c051987c
Merge branch 'v2/master' into memory-leak-fix-2208 2022-06-07 17:09:40 -04:00
Martin Vierula
b5b4e2fdd1
Fix: negative usec on log line when data type long is 32b 2022-06-01 07:19:10 -07:00
Vincent Loup
bc8662b0d5 Fix memory leak in streams 2022-05-30 16:16:39 +02:00
Martin Vierula
4a98032b7f
Allow no-key, single-value JSON body 2022-05-03 12:34:03 -07:00
Martin Vierula
c6582df2e5
Fix memory leak that occurs on JSON parsing error 2021-12-29 06:46:25 -08:00
Martin Vierula
065dbe7e76
Multipart names may include single quote if double-quote enclosed 2021-12-22 10:37:03 -08:00
Martin Vierula
860299971d
Version 2.9.5 2021-11-22 11:22:12 -08:00
Martin Vierula
41918335fa
Support configurable limit on depth of JSON parsing 2021-11-18 17:35:40 -08:00
Felipe Zimmerle
b32cc1680c Version 2.9.4 
Increasing version to 2.9.4
 2021-06-21 09:36:18 -03:00
Rainer Jung
f80114a906
Add microsec timestamp resolution to the formatted log timestamp. 2021-01-15 15:11:14 -03:00
John Lightsey
039b35029c
Fix other usage of the global pool for request temporaries in re_operators.c 2021-01-14 14:23:39 -03:00
John Lightsey
e419b50fe7
Store temporaries in the request pool for regexes compiled per-request. 
The code for testing regexes with embedded Apache variables
(rule->re_precomp == 1) during request processing was utilizing the global
engine pool for the storage of temporary values. This approach is not
threadsafe, retains the temporary variables longer than they are usable,
and causes corruption of the global pool's "cleanups" linked-lists when
Apache is configured with a threaded MPM.
 2021-01-14 14:23:39 -03:00
Vladimir Krivopalov
6a5ec1ff7b Properly cleanup XML parser contexts upon completion 
It is currently possible that the XML parsing context is not properly
cleaned up if a parsed XML document is malformed.

This fix makes sure that the context is taken care of.

Signed-off-by: Vladimir Krivopalov <vlkrivop@microsoft.com>
 2020-01-14 11:15:33 -08:00
studersi
12cefbd70f Adds a sanity check before use ctl:ruleRemove(TargetById|TargetByMsg) 
This commit closes the issue #2033.
 2019-11-20 09:49:17 -03:00
Felipe Zimmerle
176276a931
Fix the order of error_msg validation 
Reported by @marcstern at #2128
 2019-07-10 14:52:46 -03:00
emphazer
f7e4d01b01
added missing Geo Countries 2019-06-26 13:02:25 -03:00
Rainer Jung
32e185c2ca
When the input filter finishes, check whether we returned data during the last read and if not, delegate to the remaining filter chain. 
Without that, ProcessPartial for the request body breaks forwarding
of uploaded files using mod_proxy_ajp and mod_wl.

See issue #2091.
 2019-05-27 14:45:44 -03:00
Nao YONASHIRO
774ff40c96
fix: care non-null terminated chunk data 2019-05-27 10:29:01 -03:00
Armin Abfalterer
46c6cb2759 use uid if user name is not available 2019-03-13 13:11:24 +01:00
Felipe Zimmerle
52532a1bce Fix curl callback function 2018-12-15 00:08:31 -03:00
Martin.Blapp
b90fa2d063
Use tempfiles for apr_global_mutex_create() to fix segfaults with Apache 2.2. 
Call modsecurity_init() for the first invocation too.
 2018-12-10 16:24:48 -03:00
Ervin Hegedus
0dcbb8b087
Fix inet addr handling on 64 bit big endian systems 
Back port from v3. @zimmerle.
 2018-12-10 15:39:58 -03:00
Felipe Zimmerle
2c400951a5
Version 2.9.3 
Increasing version to 2.9.3
 2018-12-04 14:50:34 -03:00
Allan Boll
f15976f68f
Allow 0 length JSON requests. 0 len XML and multipart already allowed. 2018-11-27 09:01:05 -03:00
Felipe Zimmerle
25e5543c7f Allow empty arrays in JSON parser 
Issue #1576
 2018-11-26 10:40:46 -03:00
Allan Boll
7af8363fd4 Less strict multipart parsing 2018-11-21 12:47:56 -05:00
Victor Hora
b600669d02 Fix buffer size for utf8toUnicode transformation 2018-11-16 15:05:47 -03:00
Victor Hora
1adea9f1e8
Merge pull request #1714 from p0pr0ck5/sanitize-json 2018-11-12 19:45:38 -05:00
Victor Hora
9be0a407eb Add sanity check for a couple malloc() and make code more resilient 2018-11-04 22:04:34 -05:00
Victor Hora
b3fa87dc7c Fix NetBSD build by renaming the hmac function to avoid conflicts 2018-11-04 21:20:10 -05:00
Victor Hora
a3dc602128 ju5t patch to fix mpm-itk mod_ruid2 compatibility 2018-10-12 21:20:40 -04:00
Victor Hora
96756533ba Code cosmetics: Minor change to match commit 2a42cc 2018-09-22 20:40:30 -04:00
Victor Hora
aab128f810 Code cosmetics: checks if actionset is not null before use it 2018-09-22 20:21:23 -04:00
Daniel Muey
a677456078 Issue #1671: Only generate SecHashKey when SecHashEngine is On 2018-09-20 17:46:55 -04:00
Felipe Zimmerle
8dd40709ee
good practices: Initialize variables before use it 
Original author: Marc Stern (#1889)
 2018-09-05 23:35:52 -03:00
Allan Boll
6bb4461911
AppGw WAF version that doesn't block failed body parsing in detect-only mode 2018-09-05 16:08:21 -03:00