github_mirrors/ModSecurity
3
0
Fork 1
mirror of https://github.com/owasp-modsecurity/ModSecurity.git synced 2025-08-15 23:55:03 +03:00
Code Issues Packages Projects Releases Wiki Activity
2,259 Commits 55 Branches 109 Tags
Commit Graph

1308 Commits

Author SHA1 Message Date
Marc Stern
ecab91a74e Add problematic pattern when DEBUG_CONF is defined 2024-10-17 14:43:03 +02:00
Marc Stern
89ff91dae3 Fixed PCRE2 error message 2024-10-17 14:10:56 +02:00
Marc Stern
23e3cb491a Fix for #3255 
We don't have to generate a temp name ourselves, it'll be done in apr_global_mutex_create().
We don't have to provide a filename, apr_global_mutex_create() generates one automatically.
Moreover, under Unix & Windows, the preferred mechanism won't use a file at all.
apr_file_mktemp() cannot be used as it creates the file (at least on FreeBSD).
Discussion in Apache mailing list: https://lists.apache.org/thread/ykb26kg4lgcqnldvxwd9p6hv16fy4z9l
 2024-10-03 12:42:23 +02:00
Marc Stern
090e4d3baa
Merge pull request #3257 from marcstern/v2/pr/msr_global_mutex_lock 
msr_global_mutex_lock: handle errors from apr_global_mutex_lock
 2024-10-02 17:09:51 +02:00
Rainer Jung
149376377e Move id_log() to msc_util to fix unit tests; it is declared on msc_util.h already 2024-10-01 13:58:22 +02:00
Marc Stern
c99d931f3c Initialize filename to NULL 2024-09-30 13:53:31 +02:00
Marc Stern
b8e8e30730 Fixed parameters/functions names 2024-09-30 13:12:38 +02:00
Marc Stern
9ba1caa2fa Missing #include <time.h> 2024-09-25 13:57:05 +02:00
Marc Stern
b850c74b12 We should have get the warning at lock time, so ignore it at unlock time 2024-09-12 14:07:55 +02:00
Marc Stern
449c080e63 Same for global_mutex_unlock 2024-09-12 13:01:44 +02:00
Marc Stern
b52201010d msr_global_mutex_lock: Handle errors from apr_global_mutex_lock 2024-09-12 12:18:25 +02:00
Ervin Hegedus
cddd9a7eb5
Fix build error if -Werror=format-security is presented 2024-09-03 21:49:43 +02:00
Ervin Hegedus
ad0161118d
Change release version to v2.9.8 2024-09-03 14:40:55 +02:00
Marc Stern
6be2ee534a Fixed ap_log_perror() usage 
Replaces  #3236
 2024-08-26 17:17:36 +02:00
Ervin Hegedus
f65415ae8a
Merge pull request #3191 from marcstern/v2/pr/mem_leak_re 
Memory leaks + enhanced logging
 2024-08-26 16:37:01 +02:00
Marc Stern
046d3eb3ec Fixed two error messages 2024-08-19 14:19:05 +02:00
Ervin Hegedus
e7e11d972f
Merge pull request #3202 from marcstern/v2/pr/assert 
Fixed assert() usage
 2024-08-18 22:58:06 +02:00
Marc Stern
60d07a5547 added one more NULL check at run-time 2024-08-16 09:23:11 +02:00
Marc Stern
4b391834ec added more NULL checks at run-time 2024-08-14 19:09:15 +02:00
Marc Stern
0066a67911 added more NULL checks at run-time 2024-08-14 19:00:25 +02:00
Marc Stern
22a6829690 added more NULL checks at run-time 2024-08-14 18:44:45 +02:00
Marc Stern
e5bbd89399 re-added some NULL check at run-time, with an error message on stderr 2024-08-14 13:53:52 +02:00
Ervin Hegedus
277e7e2bf6
Merge pull request #3193 from marcstern/v2/pr/useless 
Removed useless code
 2024-08-14 10:59:03 +02:00
Ervin Hegedus
e6e3417e9d
Remove unnecessary assert() 2024-08-13 11:07:44 +02:00
Ervin Hegedus
f27c85cf47
Check if the MP header contains invalid character 2024-08-13 11:07:18 +02:00
Ervin Hegedus
935e68c816
Merge pull request #3192 from marcstern/v2/pr/errorlog 
Use standard httpd logging format in error log
 2024-08-12 17:17:15 +02:00
Marc Stern
d32c8f1ad8 Fixed invalid logging 2024-08-12 17:06:35 +02:00
Ervin Hegedus
914c1a1cb2
Merge pull request #3194 from marcstern/v2/pr/PCRE_ERROR_NOMATCH 
msc_regexec() != PCRE_ERROR_NOMATCH
 2024-08-12 16:40:40 +02:00
Marc Stern
692710cab7 Replaced 0 by '\0' for char 2024-08-07 13:45:09 +02:00
Marc Stern
8dd5d5f46b re_operators.c: removed invalid check (done correctly on line 1067) 
copy_rules(): only one return code => void
 2024-08-07 09:42:40 +02:00
Marc Stern
cb11716af7 Merge branch 'v2/master' of https://github.com/marcstern/ModSecurity into v2/pr/assert 2024-08-02 17:52:01 +02:00
Ervin Hegedus
e4245986bf
Merge pull request #3198 from marcstern/v2/pr/collection_store_log 
Add collection size in log in case of writing error
 2024-07-31 18:20:46 +02:00
Marc Stern
7c379c8d59 Fixed assert() usage: 
- added some missing
 - removed some invalid
 - removed some that were not relevant in the context of the current function, when done in a called function
 2024-07-31 11:17:36 +02:00
Marc Stern
0be1f1566a
Remove redundant entry 
[client %s] is added by the standard httpd log function => remove it
 2024-07-31 09:38:20 +02:00
Ervin Hegedus
df79bf6843
Merge pull request #3187 from marcstern/v2/pr/logidptr 
Invalid pointer access in case rule id == NOT_SET_P
 2024-07-30 16:25:54 +02:00
Ervin Hegedus
223ce91aee
Move xmlFree() call to the right place 2024-07-25 20:52:55 +02:00
Marc Stern
f143663cf0 Add collection in log in case of writing error 2024-07-25 09:30:48 +02:00
Marc Stern
73a79af593 Fixed duplicate log entry 
use ap_log_error() if msr is NULL
Fixed indentation
 2024-07-25 08:55:26 +02:00
Marc Stern
b53c2277d7 removed duplicate log entry 2024-07-25 08:39:44 +02:00
Marc Stern
9b987cc3f9 Return of msc_regexec() compared with PCRE_ERROR_NOMATCH (!=) to check if match. 
Other errors may happen that would return -2, -3, ...
Matching would be incorrectly set in this case.
We must check if >= 0
 2024-07-22 17:08:16 +02:00
Marc Stern
cd65a44d64 Removed useless code 2024-07-22 16:53:58 +02:00
Marc Stern
f32be70793 Use standard httpd logging format in error log 2024-07-22 16:24:56 +02:00
Marc Stern
a32b512a7f Systematically log problems in update_rule_target_ex(). 
Fix some memory leaks in update_rule_target_ex().
 2024-07-22 15:59:28 +02:00
Marc Stern
243d9c978a Log audit lock name in case of problem 2024-07-22 15:57:15 +02:00
Marc Stern
ca593a4a40 Passing address of lock instead of lock in acquire_global_lock() 2024-07-20 18:53:30 +02:00
Marc Stern
9fb773c1ce Invalid pointer access in case rule id == NOT_SET_P 2024-07-20 18:45:14 +02:00
Marc Stern
b89c447782
Merge pull request #3149 from fzipi/fix-tmpnam 
fix: remove usage of insecure tmpnam
 2024-05-31 10:07:47 +02:00
Ervin Hegedus
3f4c02fdb3
Merge pull request #3154 from marcstern/v2/pcre 
Use PCRE_STUDY_EXTRA_NEEDED flag
 2024-05-31 00:14:07 +02:00
Felipe Zipitria
93aa06bc1f
feat: consolidate into acquire_global_lock and export prototype 
Signed-off-by: Felipe Zipitria <felipe.zipitria@owasp.org>
 2024-05-30 09:32:50 -03:00
Felipe Zipitria
54f531efd7
fix: add error logging 
Signed-off-by: Felipe Zipitria <felipe.zipitria@owasp.org>
 2024-05-29 15:18:54 -03:00