github_mirrors/ModSecurity
3
0
Fork 1
mirror of https://github.com/owasp-modsecurity/ModSecurity.git synced 2025-08-14 13:56:01 +03:00
Code Issues Packages Projects Releases Wiki Activity
2,279 Commits 55 Branches 109 Tags
Commit Graph

95 Commits

Author SHA1 Message Date
Ervin Hegedus
dfbde557ac
Fix invalid request handling 2025-07-30 10:55:33 +02:00
Marc Stern
cd65a44d64 Removed useless code 2024-07-22 16:53:58 +02:00
Marc Stern
62302c2474
Update apache2/apache2_io.c 
Co-authored-by: Felipe Zipitría <3012076+fzipi@users.noreply.github.com>
 2024-04-16 17:59:43 +02:00
Marc Stern
91da5872c1 Many null pointer checks 2024-02-20 13:15:52 +01:00
Erki Aring
b5130acb45 Move APLOG_USE_MODULE out of modsecurity.h 2022-11-15 17:31:18 +02:00
Rainer Jung
32e185c2ca
When the input filter finishes, check whether we returned data during the last read and if not, delegate to the remaining filter chain. 
Without that, ProcessPartial for the request body breaks forwarding
of uploaded files using mod_proxy_ajp and mod_wl.

See issue #2091.
 2019-05-27 14:45:44 -03:00
Allan Boll
2ae357be88
Let body parsers observe SecRequestBodyNoFilesLimit 
Previously, modsecurity_request_body_store would keep feeding the body parsers (JSON/XML/Multipart) even after the SecRequestBodyNoFilesLimit limit was met. This change prevents this. Also, modsecurity_request_body_end now returns an error code when the limit is met, so that a message can be logged for this event.
 2018-09-05 16:08:21 -03:00
Felipe Zimmerle
6406e2108d
Makes `large stream optimization' optional 2017-10-06 16:43:45 +00:00
Allan Boll
7fff8938ba
Check return value of modsecurity_request_body_store 2017-10-05 17:20:41 +00:00
Allan Boll
afae690655
Preallocate memory when SecStreamInBodyInspection is on. 20x speed improvement for 10mb upload. Also simplified modsecurity_request_body_to_stream. 2017-10-05 17:20:40 +00:00
Felipe Zimmerle
934a9fcc02
Verify if chunk exists before access it 2017-10-05 13:28:28 +00:00
Guido Ravagli
b8636a70d1
added "empy chunk" check 2017-10-05 13:24:59 +00:00
root
f9c253952c This is fix for reborn of https://github.com/SpiderLabs/ModSecurity/issues/334 This bug has been reborn, because Apache (at least in RedHat/CentOS) since version 2.2.15-47 returns in same case APR_INCOMPLETE (not APR_EOF). Based on same patch I have added handler for APR_INCOMPLETE. 2016-03-16 10:35:22 -03:00
Chaim Sanders
d434a6c043 Fixing missing return value check for hashing response injection failure 2016-01-25 14:54:56 -03:00
Justin Gerace
3f9e2ccc7c Stop buffering when the request is larger than SecRequestBodyLimit and in ProcessPartial mode 2016-01-25 10:37:40 -03:00
Breno Silva
0fc4142a31 Change strncpy to memcpy 2013-07-05 02:45:05 -07:00
Breno Silva
aa18ec7f45 Updated copyright dates 2013-04-19 03:20:46 -04:00
Breno Silva
451041cd8c Change names of HMAC feature to HASH 2012-10-30 18:19:11 -04:00
Breno Silva
53d422e9de Change names of HMAC feature to HASH 2012-10-30 18:02:22 -04:00
brenosilva
bdcecf50fa MODSEC-328 2012-08-09 17:20:21 +00:00
brenosilva
866cb6d6b4 Update trunk for 2.7 2012-05-10 23:18:39 +00:00
brenosilva
f92f8219d4 fix stream vars memory leak 2011-12-05 17:01:51 +00:00
brenosilva
de02ea5e4f Add new unicode map settings and fix requet body truncate bug 2011-06-30 13:22:39 +00:00
brenosilva
b2a486e4bd Only reinject stream if data is changed by rsub 2011-06-15 17:33:14 +00:00
brenosilva
ad168c801d Only reinject stream if data is changed by rsub 2011-06-15 14:38:42 +00:00
brenosilva
c78903e988 Fix problem when buffering in input filter 2011-05-04 21:12:48 +00:00
brenosilva
241f222a18 Wrong lenght information in input filter when forward stream variable 2011-05-04 18:59:01 +00:00
brenosilva
1bfbe0c14a Fix issue counting requet body len 2011-05-04 16:49:11 +00:00
brenosilva
21c81331c6 Uncomment input stream 2011-05-04 15:06:09 +00:00
brenosilva
0cc30904b9 Fix issue in input stream 2011-04-28 16:32:41 +00:00
brenosilva
1aa4cace65 Fix compiler warnings 2011-04-27 21:54:16 +00:00
brenosilva
9ca34a3224 Change apr_cpystr to strncpy 2011-04-11 14:56:05 +00:00
brenosilva
6047658d07 Cleaning stream out buf 2011-04-11 14:44:29 +00:00
brenosilva
d98231e114 Cleaning stream out buf 2011-04-11 13:28:05 +00:00
brenosilva
3b4c46f27b Improvements in detection only 2011-04-05 21:16:58 +00:00
brenosilva
9c5e0a4f98 Improvements in detection only 2011-04-05 17:41:52 +00:00
brenosilva
b8828ad3f1 Improvements in detection only 2011-04-05 17:22:02 +00:00
brenosilva
cb3353f13d Improvements in detection only 2011-04-05 00:18:37 +00:00
brenosilva
50205ebf62 Improvements in detection only 2011-04-04 21:02:13 +00:00
brenosilva
0d32c17c30 Memory pool fixes and code cleanup 2011-04-03 03:57:02 +00:00
brenosilva
104f0de46e New License 2011-03-30 14:12:44 +00:00
brenosilva
a2f01d31a4 Experimental reallocation memory for rsub 2011-03-26 14:53:04 +00:00
brenosilva
3c5eae03bd fix free function because of double free 2011-03-25 23:58:26 +00:00
brenosilva
117cc13525 revert free operation 2011-03-25 23:54:25 +00:00
brenosilva
c0a097304e Remove free function because of double free 2011-03-25 23:50:57 +00:00
brenosilva
49732256f6 Improvements, fixes and new features 2011-03-25 13:51:13 +00:00
brenosilva
69551d2d09 Add Google safe browsing lookup 2011-03-15 20:49:10 +00:00
brenosilva
caa6d89f85 revert MODSEC-171 2011-03-14 13:11:46 +00:00
brenosilva
fa8c45e7cb MODSEC-171 2011-03-11 17:24:44 +00:00
brenosilva
74666fe2ca MODSEC-181 2011-03-02 17:41:36 +00:00