github_mirrors/ModSecurity
3
0
Fork 1
mirror of https://github.com/owasp-modsecurity/ModSecurity.git synced 2025-08-14 13:56:01 +03:00
Code Issues Packages Projects Releases Wiki Activity
2,107 Commits 55 Branches 109 Tags
Commit Graph

2107 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Ervin Hegedus
f27c85cf47
Check if the MP header contains invalid character 2024-08-13 11:07:18 +02:00
Ervin Hegedus
935e68c816
Merge pull request #3192 from marcstern/v2/pr/errorlog 
Use standard httpd logging format in error log
 2024-08-12 17:17:15 +02:00
Ervin Hegedus
914c1a1cb2
Merge pull request #3194 from marcstern/v2/pr/PCRE_ERROR_NOMATCH 
msc_regexec() != PCRE_ERROR_NOMATCH
 2024-08-12 16:40:40 +02:00
Marc Stern
d704af657c Define _FORTIFY_SOURCE=3 & _GLIBCXX_ASSERTIONS that add glibc/libstdc++ assertions. 
See https://www.gnu.org/software/libc/manual/html_node/Source-Fortification.html & https://gcc.gnu.org/wiki/LibstdcxxDebugMode

_GLIBCXX_ASSERTIONS is probably useless as we have pure C here, but let's define it in case some checks are included (or will be in a future version).
As we handle some requests here, that may help to trap a problem.
 2024-08-08 16:16:14 +02:00
Marc Stern
7126574bb2 Merge branch 'v2/pr/errorlog' of https://github.com/marcstern/ModSecurity into v2/pr/errorlog 2024-08-07 17:01:32 +02:00
Marc Stern
686a74173f # Send some requests & check log format 2024-08-07 17:01:20 +02:00
Ervin Hegedus
e4245986bf
Merge pull request #3198 from marcstern/v2/pr/collection_store_log 
Add collection size in log in case of writing error
 2024-07-31 18:20:46 +02:00
Marc Stern
0be1f1566a
Remove redundant entry 
[client %s] is added by the standard httpd log function => remove it
 2024-07-31 09:38:20 +02:00
Ervin Hegedus
df79bf6843
Merge pull request #3187 from marcstern/v2/pr/logidptr 
Invalid pointer access in case rule id == NOT_SET_P
 2024-07-30 16:25:54 +02:00
Ervin Hegedus
36601843b2
Merge pull request #3199 from airween/v2/xmlfreefix 
Move xmlFree() call to the right place
 2024-07-26 09:14:04 +02:00
Ervin Hegedus
223ce91aee
Move xmlFree() call to the right place 2024-07-25 20:52:55 +02:00
Ervin Hegedus
824e523a48
Merge pull request #3188 from marcstern/v2/pr/acquire_global_lock 
Passing address of lock instead of lock in acquire_global_lock()
 2024-07-25 14:20:00 +02:00
Marc Stern
f143663cf0 Add collection in log in case of writing error 2024-07-25 09:30:48 +02:00
Marc Stern
9b987cc3f9 Return of msc_regexec() compared with PCRE_ERROR_NOMATCH (!=) to check if match. 
Other errors may happen that would return -2, -3, ...
Matching would be incorrectly set in this case.
We must check if >= 0
 2024-07-22 17:08:16 +02:00
Marc Stern
f32be70793 Use standard httpd logging format in error log 2024-07-22 16:24:56 +02:00
Marc Stern
ca593a4a40 Passing address of lock instead of lock in acquire_global_lock() 2024-07-20 18:53:30 +02:00
Marc Stern
9fb773c1ce Invalid pointer access in case rule id == NOT_SET_P 2024-07-20 18:45:14 +02:00
Ervin Hegedus
28b6e1d7d0
Merge pull request #3171 from marcstern/v2/ci_errorlog 
Show error.log after httpd start in CI
 2024-06-12 15:08:47 +02:00
Marc Stern
bcd50bec84 Show error.log after httpd start 2024-06-12 14:51:51 +02:00
Marc Stern
b89c447782
Merge pull request #3149 from fzipi/fix-tmpnam 
fix: remove usage of insecure tmpnam
 2024-05-31 10:07:47 +02:00
Ervin Hegedus
3f4c02fdb3
Merge pull request #3154 from marcstern/v2/pcre 
Use PCRE_STUDY_EXTRA_NEEDED flag
 2024-05-31 00:14:07 +02:00
Ervin Hegedus
e7a6420fca
Merge pull request #3159 from fzipi/add-pull-request-template 
chore: add pull request template
 2024-05-30 14:49:16 +02:00
Felipe Zipitria
bf6bf64cf3
chore: add PR template 
Signed-off-by: Felipe Zipitria <felipe.zipitria@owasp.org>
 2024-05-30 09:45:02 -03:00
Felipe Zipitria
93aa06bc1f
feat: consolidate into acquire_global_lock and export prototype 
Signed-off-by: Felipe Zipitria <felipe.zipitria@owasp.org>
 2024-05-30 09:32:50 -03:00
Felipe Zipitria
54f531efd7
fix: add error logging 
Signed-off-by: Felipe Zipitria <felipe.zipitria@owasp.org>
 2024-05-29 15:18:54 -03:00
Felipe Zipitria
e9d0150102
refactor: add acquire mutex function 
Signed-off-by: Felipe Zipitria <felipe.zipitria@owasp.org>
 2024-05-29 15:18:54 -03:00
Felipe Zipitria
d4d71b4f28
fix: remove unsafe tmpnam usage 
Signed-off-by: Felipe Zipitria <felipe.zipitria@owasp.org>
 2024-05-29 15:18:54 -03:00
Ervin Hegedus
6e82895afc
Merge pull request #3158 from fzipi/add-gitignore 
chore: add gitignore file
 2024-05-29 20:15:22 +02:00
Felipe Zipitria
7f40b4071b
chore: add gitignore file 
Signed-off-by: Felipe Zipitria <felipe.zipitria@owasp.org>
 2024-05-29 14:26:27 -03:00
Marc Stern
bc682d5b4a Revert pcre_study() creating the extra data, as it's done afterwards anyway. 2024-05-29 11:38:10 +02:00
Ervin Hegedus
8a3b62021e
Merge pull request #3153 from marcstern/v2/LARGE_STREAM_INPUT_nullend 
Missing null byte + optimization
 2024-05-28 22:33:26 +02:00
Ervin Hegedus
719744efdd
Merge pull request #3155 from marcstern/v2/tx_cleanup_null 
Possible double free
 2024-05-28 22:05:23 +02:00
Marc Stern
f08897003b msr->msc_full_request_buffer is freed but not assigned to NULL. It could be freed again later 2024-05-28 16:25:26 +02:00
Marc Stern
84ad094ff6 Use PCRE_STUDY_EXTRA_NEEDED flag 2024-05-28 16:19:29 +02:00
Marc Stern
4a992b5a16 Replace a memset to 0 by a single assignment and fixing the 0 byte missing at the end when MSC_LARGE_STREAM_INPUT is not defined 2024-05-28 15:41:38 +02:00
Marc Stern
e803cdd802 Merge branch 'v2/master' of https://github.com/marcstern/ModSecurity into v2/master 2024-05-24 10:13:00 +02:00
Ervin Hegedus
30c909c9d2
Merge pull request #3148 from fzipi/update-copyright 
docs: update copyright
 2024-05-23 14:49:24 +02:00
Felipe Zipitria
98dba00231
docs: update README 
Signed-off-by: Felipe Zipitria <felipe.zipitria@owasp.org>
 2024-05-23 09:44:22 -03:00
Ervin Hegedus
2b3d092a29
Merge pull request #3139 from marcstern/v2/mst/SecArgumentsLimit_log 
Enhanced logging [Issue #3107]
 2024-05-16 21:02:19 +02:00
Marc Stern
c7c7881c22 space 2024-05-16 16:56:46 +02:00
Marc Stern
d45c4baa83 spaces 2024-05-16 16:55:31 +02:00
Marc Stern
ca7b4b49bf Merge branch 'v2/master' of https://github.com/marcstern/ModSecurity into v2/master 2024-05-16 16:51:48 +02:00
Marc Stern
746f57f963 Changed indentation 2024-05-16 15:52:31 +02:00
Marc Stern
a61820fe2c Enhanced logging [Issue #3107] 2024-05-10 17:26:23 +02:00
Ervin Hegedus
d9016e21f2
Merge pull request #3120 from marcstern/v2/mst/nullcheck2 
Check for null pointer dereference (almost) everywhere
 2024-05-06 22:21:36 +02:00
Marc Stern
dd400f7fa3 Added --enable-assertions in CI 
Removed useless line
 2024-04-26 17:22:16 +02:00
Marc Stern
4961f46a6f (re)fixed const type 2024-04-16 18:09:00 +02:00
Marc Stern
243ac0563a Merge branch 'v2/mst/nullcheck2' of https://github.com/marcstern/ModSecurity into v2/mst/nullcheck2 2024-04-16 18:02:16 +02:00
Marc Stern
d35018ef3f another null check 2024-04-16 18:02:06 +02:00
Marc Stern
62302c2474
Update apache2/apache2_io.c 
Co-authored-by: Felipe Zipitría <3012076+fzipi@users.noreply.github.com>
 2024-04-16 17:59:43 +02:00