github_mirrors/ModSecurity
3
0
Fork 1
mirror of https://github.com/owasp-modsecurity/ModSecurity.git synced 2025-08-15 23:55:03 +03:00
Code Issues Packages Projects Releases Wiki Activity
1,938 Commits 55 Branches 109 Tags
Commit Graph

1123 Commits

Author SHA1 Message Date
Marc Stern
b354c71403
Merge pull request #2960 from marcstern/v2/mst/mem_leak1 
Fixed 2 memory leaks
 2024-02-01 10:53:58 +01:00
Marc Stern
8f3ef37ed8
Merge pull request #2963 from marcstern/v2/mst/debug_conf 
Fix for DEBUG_CONF compile flag
 2024-02-01 10:53:09 +01:00
Marc Stern
7dae977e88
Merge pull request #2969 from marcstern/v2/mst/optim3 
Double memory allocation
 2024-02-01 10:52:08 +01:00
Marc Stern
c62e3a4ffc
Merge pull request #2987 from marcstern/v2/mst/jit_not_init 
'jit' variable not initialized when WITH_PCRE2 is defined
 2024-02-01 10:51:09 +01:00
Ervin Hegedus
b687f51840
Set the minimum security protocol version for SecRemoteRules 2024-01-27 17:09:43 +01:00
Martin Vierula
e4acb3c391
Allow lua version 5.4 2023-10-16 12:45:36 -07:00
Marc Stern
1d9ad64a56 if WITH_PCRE2 id defined, jit was not initialized 2023-09-25 16:15:19 +02:00
Marc Stern
077d1bd0b7 if WITH_PCRE2 id defined, jit was not initialized 2023-09-25 16:00:17 +02:00
Marc Stern
18efc80bdd Double memory allocation: 
'current_targets' is allocated in ruleset->mp.
'rule->p1' is a copy of current_targets, but we strdup it in the same memory pool as 'current_targets'.
So, simply assign 'current_targets' to 'rule->p1'.
 2023-08-21 10:30:36 +02:00
Marc Stern
eab780e992
typo 2023-08-21 10:01:46 +02:00
Marc Stern
82c69ccf49 Fix for DEBUG_CONF compile flag 2023-08-16 08:50:09 +02:00
Marc Stern
541707c0aa removed useless code 2023-08-16 08:28:12 +02:00
Marc Stern
25a60e259a Fixed 2 memory leaks 2023-08-16 08:25:50 +02:00
Marc Stern
7575eae3f5 Check return code of apr_procattr_io_set() 2023-08-14 16:57:21 +02:00
Marc Stern
b3b33c9ff1 Revert "Centralized function compatible with Linux & Windows (also with mpm-itk & mod_ruid2) to get username" 
This reverts commit c7b28f0e13fa18d8503877e026744f76607cfbae.
 2023-08-11 17:19:08 +02:00
Marc Stern
c7b28f0e13 Centralized function compatible with Linux & Windows (also with mpm-itk & mod_ruid2) to get username 2023-08-11 17:17:59 +02:00
Martin Vierula
2105ed0639 Do not escape special chars in regex pattern with macro 2023-07-27 06:21:45 -07:00
Martin Vierula
053965529c
Version 2.9.7 2023-01-04 13:15:13 -08:00
Martin Vierula
4324f0ac59
Fix: FILES_TMP_CONTENT may sometimes lack complete content 2023-01-04 11:34:11 -08:00
Martin Vierula
8b3b7a0e23
Add ostensibly unnecessary null check 2023-01-04 06:56:54 -08:00
Martin Vierula
8038a529c0
Copyright line updates 2022-12-21 07:07:14 -08:00
Martin Vierula
1cba2d4758
PCRE2 fix: correct length arg in calls to match functions 2022-12-16 08:37:56 -08:00
Martin Vierula
0981b325a7
Support configurable limit on number of arguments processed 2022-12-14 07:01:23 -08:00
Martin Vierula
ac52086b44
Distinguish PCRE vs. PCRE2 in startup version message 2022-12-12 02:41:16 -08:00
Martin Vierula
583b465fdb
Silence compiler warning about discarded const 2022-12-12 02:26:13 -08:00
Martin Vierula
a17cbc8f5e
Support for JIT option for PCRE2 2022-12-07 07:47:42 -08:00
martinhsv
8f04f44b09
Merge pull request #2046 from arminabf/segfault-with-assigned-user 
segfault with assigned user id on OpenShift
 2022-11-23 14:20:25 -08:00
Martin Vierula
f7fa00aadf
Fix: handle error with SecConnReadStateLimit configuration 2022-11-20 10:39:04 -08:00
Erki Aring
b5130acb45 Move APLOG_USE_MODULE out of modsecurity.h 2022-11-15 17:31:18 +02:00
martinhsv
c2b47ea1bb
Merge pull request #2781 from erkia/fix/add-aplog-use-module 
Fix logging for Apache 2.4 (again)
 2022-11-14 14:26:54 -05:00
Martin Vierula
8fc0b519b7
Support for PCRE2 2022-11-08 08:06:39 -08:00
Martin Vierula
dfba4fd24a
Version 2.9.6 2022-09-07 13:36:13 -07:00
Martin Vierula
7a489bd07c
Multipart parsing fixes and new MULTIPART_PART_HEADERS collection 2022-09-07 11:09:47 -07:00
Martin Vierula
d9df7f529e
Limit rsub null termination to where necessary 2022-09-06 05:29:38 -07:00
Erki Aring
45acae4330 Add APLOG_USE_MODULE to correctly mark log messages 2022-08-04 12:44:29 +03:00
Martin Vierula
dfbdaf8f31
XML parser cleanup: NULL duplicate pointer 2022-06-08 15:36:36 -07:00
martinhsv
fc8e5586e7
Merge pull request #2239 from microsoft/fix_malformed_xml_memory_leak 
Properly cleanup XML parser contexts upon completion
 2022-06-08 17:45:53 -04:00
martinhsv
08c051987c
Merge branch 'v2/master' into memory-leak-fix-2208 2022-06-07 17:09:40 -04:00
Martin Vierula
b5b4e2fdd1
Fix: negative usec on log line when data type long is 32b 2022-06-01 07:19:10 -07:00
Vincent Loup
bc8662b0d5 Fix memory leak in streams 2022-05-30 16:16:39 +02:00
Martin Vierula
4a98032b7f
Allow no-key, single-value JSON body 2022-05-03 12:34:03 -07:00
Martin Vierula
c6582df2e5
Fix memory leak that occurs on JSON parsing error 2021-12-29 06:46:25 -08:00
Martin Vierula
065dbe7e76
Multipart names may include single quote if double-quote enclosed 2021-12-22 10:37:03 -08:00
Martin Vierula
860299971d
Version 2.9.5 2021-11-22 11:22:12 -08:00
Martin Vierula
41918335fa
Support configurable limit on depth of JSON parsing 2021-11-18 17:35:40 -08:00
Felipe Zimmerle
b32cc1680c Version 2.9.4 
Increasing version to 2.9.4
 2021-06-21 09:36:18 -03:00
Rainer Jung
f80114a906
Add microsec timestamp resolution to the formatted log timestamp. 2021-01-15 15:11:14 -03:00
John Lightsey
039b35029c
Fix other usage of the global pool for request temporaries in re_operators.c 2021-01-14 14:23:39 -03:00
John Lightsey
e419b50fe7
Store temporaries in the request pool for regexes compiled per-request. 
The code for testing regexes with embedded Apache variables
(rule->re_precomp == 1) during request processing was utilizing the global
engine pool for the storage of temporary values. This approach is not
threadsafe, retains the temporary variables longer than they are usable,
and causes corruption of the global pool's "cleanups" linked-lists when
Apache is configured with a threaded MPM.
 2021-01-14 14:23:39 -03:00
Vladimir Krivopalov
6a5ec1ff7b Properly cleanup XML parser contexts upon completion 
It is currently possible that the XML parsing context is not properly
cleaned up if a parsed XML document is malformed.

This fix makes sure that the context is taken care of.

Signed-off-by: Vladimir Krivopalov <vlkrivop@microsoft.com>
 2020-01-14 11:15:33 -08:00