github_mirrors/ModSecurity
3
0
Fork 1
mirror of https://github.com/owasp-modsecurity/ModSecurity.git synced 2025-08-14 13:56:01 +03:00
Code Issues Packages Projects Releases Wiki Activity
2,158 Commits 55 Branches 109 Tags
Commit Graph

89 Commits

Author SHA1 Message Date
Marc Stern
b52201010d msr_global_mutex_lock: Handle errors from apr_global_mutex_lock 2024-09-12 12:18:25 +02:00
Marc Stern
6be2ee534a Fixed ap_log_perror() usage 
Replaces  #3236
 2024-08-26 17:17:36 +02:00
Marc Stern
cb11716af7 Merge branch 'v2/master' of https://github.com/marcstern/ModSecurity into v2/pr/assert 2024-08-02 17:52:01 +02:00
Marc Stern
7c379c8d59 Fixed assert() usage: 
- added some missing
 - removed some invalid
 - removed some that were not relevant in the context of the current function, when done in a called function
 2024-07-31 11:17:36 +02:00
Marc Stern
ca593a4a40 Passing address of lock instead of lock in acquire_global_lock() 2024-07-20 18:53:30 +02:00
Felipe Zipitria
93aa06bc1f
feat: consolidate into acquire_global_lock and export prototype 
Signed-off-by: Felipe Zipitria <felipe.zipitria@owasp.org>
 2024-05-30 09:32:50 -03:00
Felipe Zipitria
54f531efd7
fix: add error logging 
Signed-off-by: Felipe Zipitria <felipe.zipitria@owasp.org>
 2024-05-29 15:18:54 -03:00
Felipe Zipitria
e9d0150102
refactor: add acquire mutex function 
Signed-off-by: Felipe Zipitria <felipe.zipitria@owasp.org>
 2024-05-29 15:18:54 -03:00
Felipe Zipitria
d4d71b4f28
fix: remove unsafe tmpnam usage 
Signed-off-by: Felipe Zipitria <felipe.zipitria@owasp.org>
 2024-05-29 15:18:54 -03:00
Marc Stern
f08897003b msr->msc_full_request_buffer is freed but not assigned to NULL. It could be freed again later 2024-05-28 16:25:26 +02:00
Marc Stern
91da5872c1 Many null pointer checks 2024-02-20 13:15:52 +01:00
Erki Aring
b5130acb45 Move APLOG_USE_MODULE out of modsecurity.h 2022-11-15 17:31:18 +02:00
Martin Vierula
8fc0b519b7
Support for PCRE2 2022-11-08 08:06:39 -08:00
Vincent Loup
bc8662b0d5 Fix memory leak in streams 2022-05-30 16:16:39 +02:00
Martin.Blapp
b90fa2d063
Use tempfiles for apr_global_mutex_create() to fix segfaults with Apache 2.2. 
Call modsecurity_init() for the first invocation too.
 2018-12-10 16:24:48 -03:00
Felipe Zimmerle
112ba45e7a
Makes global mutex for collections optional 2017-05-21 08:53:11 -03:00
Mladen Turk
84d2f30cc8
Use global mutex instead sdbm file lock to fix issues with threaded mpm's 2017-05-19 17:16:08 -03:00
Felipe Zimmerle
a5bbb8345f
Fix compilation for 2.2.x and standalone after #1289 2017-05-11 09:14:49 -03:00
Robert Bost
4f55b5d1a7
Change from using rand() to thread-safe ap_random_pick. 2017-05-08 21:19:23 -03:00
Michael Bunk
f0112604a6 Remove misguided call to srand() 
A random number generator needs to be initialized once per process after a fork, but not after each request, more so with an argument that changes only once per second.

This fixes SpiderLabs#778

This is a copy of my commit deec149ca363dd14213afd1f9d7f71a71959ef31.
 2015-10-16 11:14:54 -03:00
Felipe Zimmerle
87a401af05 Fix remote resources download while hosting SSL site on Apache 
As reported by Christian Folin and Walter Hop on our dev mailing list, Apache
mod_ssl was failing if a remote resource was utilized. That was happening
because Curl clean up was also cleaning up the OpenSSL data used by mod_ssl.
This patch moves Curl initialization to happens while ModSecurity is
initialized.
 2014-12-11 12:39:27 -08:00
Felipe Zimmerle
9b836b652a Initial support to load rules from a remote server 
New directive `SecRemoteRules' was added. It allows the user to load a
set of rules from a given HTTP server.
 2014-11-14 11:53:40 -08:00
Felipe Zimmerle
8d4c3e4f5c Makes the build system to look for yajl using a macro file 
Now searching for yajl using find_yajl.m4 macro file instead
of using pkg-config directly. If YAJL was not found or if it
was disabled in the configure phase, the code will be compiled
without JSON support.
 2014-03-31 16:22:09 -07:00
Ulisses Albuquerque
c23097ce18 Added support for JSON body processor 2014-03-31 16:22:09 -07:00
Felipe Zimmerle
d93ce9ceee Adds REQUEST_FULL and REQUEST_FULL_LENGTH variables 
This variable is a combination from REQUEST_LINE, REQUEST_HEADERS and
REQUEST_BODY (if any). Expects for \n\n in between each of those values.
 2014-03-31 07:14:55 -07:00
Breno Silva
f8d441cd25 Fix Chunked string case sensitive issue - CVE-2013-5705 2013-09-04 08:57:07 -03:00
Breno Silva
3901128f17 Revert "Fix Chuncked string case sensitive issue" 
This reverts commit 16a815a3c2735f62238ef99af26090a2b8430d3d.
 2013-09-04 08:53:40 -03:00
Breno Silva
16a815a3c2 Fix Chuncked string case sensitive issue 2013-09-04 08:43:34 -03:00
Breno Silva
eb95384577 Fixed: SecPerfRuleTimes storing unwanted rules 2013-04-23 18:52:20 -04:00
Breno Silva
aa18ec7f45 Updated copyright dates 2013-04-19 03:20:46 -04:00
Breno Silva
213cd1e840 Fixed: detect comma plus white space as a cookie separator - change variable names 2013-01-05 12:11:18 -04:00
Breno Silva
80146b2c74 Fixed: detect comma plus white space as a cookie separator 2013-01-05 09:48:49 -04:00
brenosilva
dc83528526 MODSEC-261 2012-10-04 15:53:40 +00:00
brenosilva
919e3f5e29 Reverted SecCookiev0Separator 2012-10-03 17:33:37 +00:00
brenosilva
aee22ea461 MODSEC-261 2012-10-03 13:49:00 +00:00
brenosilva
592ec392d1 Remove ctl:ruleUpdateTarget* and add ctl:ruleRemovetarget* 2012-08-02 18:04:53 +00:00
brenosilva
f0fab2a803 Fix apache 2.4 compilation issue during make test 2012-05-14 23:08:11 +00:00
brenosilva
866cb6d6b4 Update trunk for 2.7 2012-05-10 23:18:39 +00:00
brenosilva
d4079971c6 MODSEC-160 2011-10-14 13:32:30 +00:00
brenosilva
3d69126de0 Build and code fixes 2011-06-14 18:16:55 +00:00
brenosilva
e1025d0f0c Change apr version macro by apache one 2011-05-18 18:33:20 +00:00
brenosilva
104f0de46e New License 2011-03-30 14:12:44 +00:00
brenosilva
1a2d377e34 MODSEC-178 2011-03-28 18:47:58 +00:00
brenosilva
49732256f6 Improvements, fixes and new features 2011-03-25 13:51:13 +00:00
brenosilva
c04a4edb4b MODSEC-144 2011-03-11 18:48:58 +00:00
brenosilva
7f52d86e4b Include data edition, sanitizematched and few fixes 2011-02-14 12:49:55 +00:00
brenosilva
549f059480 move 2.5.13 into trunk 2010-12-08 18:58:18 +00:00
b1v1r
058283fb5a Add the ability to build custom request body parser extensions. 
Add an example for a request body parser extension.
 2010-05-05 23:01:11 +00:00
b1v1r
08edc0c26f Merge 2.5.x (2.5.12) changes into trunk. 2010-02-05 19:05:20 +00:00
ivanr
ed11e27e0f Moving performance logging from level 3 to level 4 to prevent it from polluting the error log 2010-02-04 08:39:26 +00:00