github_mirrors/ModSecurity
3
0
Fork 1
mirror of https://github.com/owasp-modsecurity/ModSecurity.git synced 2025-08-14 13:56:01 +03:00
Code Issues Packages Projects Releases Wiki Activity
2,121 Commits 55 Branches 109 Tags
Commit Graph

2121 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Ervin Hegedus
e7e11d972f
Merge pull request #3202 from marcstern/v2/pr/assert 
Fixed assert() usage
 2024-08-18 22:58:06 +02:00
Marc Stern
60d07a5547 added one more NULL check at run-time 2024-08-16 09:23:11 +02:00
Marc Stern
4b391834ec added more NULL checks at run-time 2024-08-14 19:09:15 +02:00
Marc Stern
0066a67911 added more NULL checks at run-time 2024-08-14 19:00:25 +02:00
Marc Stern
22a6829690 added more NULL checks at run-time 2024-08-14 18:44:45 +02:00
Marc Stern
e5bbd89399 re-added some NULL check at run-time, with an error message on stderr 2024-08-14 13:53:52 +02:00
Ervin Hegedus
277e7e2bf6
Merge pull request #3193 from marcstern/v2/pr/useless 
Removed useless code
 2024-08-14 10:59:03 +02:00
Ervin Hegedus
8cfb9112fb
Merge pull request #3226 from airween/v2/mpinvcharreqbody 
feat: Check if the MP header contains invalid character
 2024-08-14 09:31:20 +02:00
Ervin Hegedus
e6e3417e9d
Remove unnecessary assert() 2024-08-13 11:07:44 +02:00
Ervin Hegedus
f27c85cf47
Check if the MP header contains invalid character 2024-08-13 11:07:18 +02:00
Ervin Hegedus
935e68c816
Merge pull request #3192 from marcstern/v2/pr/errorlog 
Use standard httpd logging format in error log
 2024-08-12 17:17:15 +02:00
Ervin Hegedus
914c1a1cb2
Merge pull request #3194 from marcstern/v2/pr/PCRE_ERROR_NOMATCH 
msc_regexec() != PCRE_ERROR_NOMATCH
 2024-08-12 16:40:40 +02:00
Marc Stern
d704af657c Define _FORTIFY_SOURCE=3 & _GLIBCXX_ASSERTIONS that add glibc/libstdc++ assertions. 
See https://www.gnu.org/software/libc/manual/html_node/Source-Fortification.html & https://gcc.gnu.org/wiki/LibstdcxxDebugMode

_GLIBCXX_ASSERTIONS is probably useless as we have pure C here, but let's define it in case some checks are included (or will be in a future version).
As we handle some requests here, that may help to trap a problem.
 2024-08-08 16:16:14 +02:00
Marc Stern
7126574bb2 Merge branch 'v2/pr/errorlog' of https://github.com/marcstern/ModSecurity into v2/pr/errorlog 2024-08-07 17:01:32 +02:00
Marc Stern
686a74173f # Send some requests & check log format 2024-08-07 17:01:20 +02:00
Marc Stern
692710cab7 Replaced 0 by '\0' for char 2024-08-07 13:45:09 +02:00
Marc Stern
8dd5d5f46b re_operators.c: removed invalid check (done correctly on line 1067) 
copy_rules(): only one return code => void
 2024-08-07 09:42:40 +02:00
Marc Stern
cb11716af7 Merge branch 'v2/master' of https://github.com/marcstern/ModSecurity into v2/pr/assert 2024-08-02 17:52:01 +02:00
Ervin Hegedus
e4245986bf
Merge pull request #3198 from marcstern/v2/pr/collection_store_log 
Add collection size in log in case of writing error
 2024-07-31 18:20:46 +02:00
Marc Stern
7c379c8d59 Fixed assert() usage: 
- added some missing
 - removed some invalid
 - removed some that were not relevant in the context of the current function, when done in a called function
 2024-07-31 11:17:36 +02:00
Marc Stern
0be1f1566a
Remove redundant entry 
[client %s] is added by the standard httpd log function => remove it
 2024-07-31 09:38:20 +02:00
Ervin Hegedus
df79bf6843
Merge pull request #3187 from marcstern/v2/pr/logidptr 
Invalid pointer access in case rule id == NOT_SET_P
 2024-07-30 16:25:54 +02:00
Ervin Hegedus
36601843b2
Merge pull request #3199 from airween/v2/xmlfreefix 
Move xmlFree() call to the right place
 2024-07-26 09:14:04 +02:00
Ervin Hegedus
223ce91aee
Move xmlFree() call to the right place 2024-07-25 20:52:55 +02:00
Ervin Hegedus
824e523a48
Merge pull request #3188 from marcstern/v2/pr/acquire_global_lock 
Passing address of lock instead of lock in acquire_global_lock()
 2024-07-25 14:20:00 +02:00
Marc Stern
f143663cf0 Add collection in log in case of writing error 2024-07-25 09:30:48 +02:00
Marc Stern
9b987cc3f9 Return of msc_regexec() compared with PCRE_ERROR_NOMATCH (!=) to check if match. 
Other errors may happen that would return -2, -3, ...
Matching would be incorrectly set in this case.
We must check if >= 0
 2024-07-22 17:08:16 +02:00
Marc Stern
cd65a44d64 Removed useless code 2024-07-22 16:53:58 +02:00
Marc Stern
f32be70793 Use standard httpd logging format in error log 2024-07-22 16:24:56 +02:00
Marc Stern
ca593a4a40 Passing address of lock instead of lock in acquire_global_lock() 2024-07-20 18:53:30 +02:00
Marc Stern
9fb773c1ce Invalid pointer access in case rule id == NOT_SET_P 2024-07-20 18:45:14 +02:00
Ervin Hegedus
28b6e1d7d0
Merge pull request #3171 from marcstern/v2/ci_errorlog 
Show error.log after httpd start in CI
 2024-06-12 15:08:47 +02:00
Marc Stern
bcd50bec84 Show error.log after httpd start 2024-06-12 14:51:51 +02:00
Marc Stern
b89c447782
Merge pull request #3149 from fzipi/fix-tmpnam 
fix: remove usage of insecure tmpnam
 2024-05-31 10:07:47 +02:00
Ervin Hegedus
3f4c02fdb3
Merge pull request #3154 from marcstern/v2/pcre 
Use PCRE_STUDY_EXTRA_NEEDED flag
 2024-05-31 00:14:07 +02:00
Ervin Hegedus
e7a6420fca
Merge pull request #3159 from fzipi/add-pull-request-template 
chore: add pull request template
 2024-05-30 14:49:16 +02:00
Felipe Zipitria
bf6bf64cf3
chore: add PR template 
Signed-off-by: Felipe Zipitria <felipe.zipitria@owasp.org>
 2024-05-30 09:45:02 -03:00
Felipe Zipitria
93aa06bc1f
feat: consolidate into acquire_global_lock and export prototype 
Signed-off-by: Felipe Zipitria <felipe.zipitria@owasp.org>
 2024-05-30 09:32:50 -03:00
Felipe Zipitria
54f531efd7
fix: add error logging 
Signed-off-by: Felipe Zipitria <felipe.zipitria@owasp.org>
 2024-05-29 15:18:54 -03:00
Felipe Zipitria
e9d0150102
refactor: add acquire mutex function 
Signed-off-by: Felipe Zipitria <felipe.zipitria@owasp.org>
 2024-05-29 15:18:54 -03:00
Felipe Zipitria
d4d71b4f28
fix: remove unsafe tmpnam usage 
Signed-off-by: Felipe Zipitria <felipe.zipitria@owasp.org>
 2024-05-29 15:18:54 -03:00
Ervin Hegedus
6e82895afc
Merge pull request #3158 from fzipi/add-gitignore 
chore: add gitignore file
 2024-05-29 20:15:22 +02:00
Felipe Zipitria
7f40b4071b
chore: add gitignore file 
Signed-off-by: Felipe Zipitria <felipe.zipitria@owasp.org>
 2024-05-29 14:26:27 -03:00
Marc Stern
bc682d5b4a Revert pcre_study() creating the extra data, as it's done afterwards anyway. 2024-05-29 11:38:10 +02:00
Ervin Hegedus
8a3b62021e
Merge pull request #3153 from marcstern/v2/LARGE_STREAM_INPUT_nullend 
Missing null byte + optimization
 2024-05-28 22:33:26 +02:00
Ervin Hegedus
719744efdd
Merge pull request #3155 from marcstern/v2/tx_cleanup_null 
Possible double free
 2024-05-28 22:05:23 +02:00
Marc Stern
f08897003b msr->msc_full_request_buffer is freed but not assigned to NULL. It could be freed again later 2024-05-28 16:25:26 +02:00
Marc Stern
84ad094ff6 Use PCRE_STUDY_EXTRA_NEEDED flag 2024-05-28 16:19:29 +02:00
Marc Stern
4a992b5a16 Replace a memset to 0 by a single assignment and fixing the 0 byte missing at the end when MSC_LARGE_STREAM_INPUT is not defined 2024-05-28 15:41:38 +02:00
Marc Stern
e803cdd802 Merge branch 'v2/master' of https://github.com/marcstern/ModSecurity into v2/master 2024-05-24 10:13:00 +02:00