"Fossies" - the Fresh Open Source Software Archive  

Source code changes of the file "apache2/re_variables.c" between
modsecurity-2.9.6.tar.gz and modsecurity-2.9.7.tar.gz

About: ModSecurity is an intrusion detection and prevention module (web application firewall) for the Apache (and Nginx) Web servers.

re_variables.c  (modsecurity-2.9.6):re_variables.c  (modsecurity-2.9.7)
/* /*
* ModSecurity for Apache 2.x, http://www.modsecurity.org/ * ModSecurity for Apache 2.x, http://www.modsecurity.org/
* Copyright (c) 2004-2013 Trustwave Holdings, Inc. (http://www.trustwave.com/) * Copyright (c) 2004-2022 Trustwave Holdings, Inc. (http://www.trustwave.com/)
* *
* You may not use this file except in compliance with * You may not use this file except in compliance with
* the License.  You may obtain a copy of the License at * the License.  You may obtain a copy of the License at
* *
*     http://www.apache.org/licenses/LICENSE-2.0 *     http://www.apache.org/licenses/LICENSE-2.0
* *
* If any of the files related to licensing are missing or if you have any * If any of the files related to licensing are missing or if you have any
* other questions related to licensing please contact Trustwave Holdings, Inc. * other questions related to licensing please contact Trustwave Holdings, Inc.
* directly using the email address security@modsecurity.org. * directly using the email address security@modsecurity.org.
*/ */
#include "http_core.h" #include "http_core.h"
#include "modsecurity.h" #include "modsecurity.h"
#include "apache2.h" #include "apache2.h"
#include "re.h" #include "re.h"
#include "msc_util.h" #include "msc_util.h"
#include "libxml/xpathInternals.h" #include "libxml/xpathInternals.h"
#ifdef WITH_PCRE2
#define PCRE_ERROR_NOMATCH PCRE2_ERROR_NOMATCH
#endif
/** /**
* Generates a variable from a string and a length. * Generates a variable from a string and a length.
*/ */
static int var_simple_generate_ex(msre_var *var, apr_table_t *vartab, apr_pool_t *mptmp, static int var_simple_generate_ex(msre_var *var, apr_table_t *vartab, apr_pool_t *mptmp,
const char *value, int value_len) const char *value, int value_len)
{ {
msre_var *rvar = NULL; msre_var *rvar = NULL;
if (value == NULL) return 0; if (value == NULL) return 0;
skipping to change at line 67 skipping to change at line 70
/* It's OK if there's no parameter. */ /* It's OK if there's no parameter. */
if (var->param == NULL) return NULL; if (var->param == NULL) return NULL;
/* Is it a regular expression? */ /* Is it a regular expression? */
if ((strlen(var->param) > 2)&&(var->param[0] == '/') if ((strlen(var->param) > 2)&&(var->param[0] == '/')
&&(var->param[strlen(var->param) - 1] == '/')) &&(var->param[strlen(var->param) - 1] == '/'))
{ /* Regex. */ { /* Regex. */
msc_regex_t *regex = NULL; msc_regex_t *regex = NULL;
const char *errptr = NULL; const char *errptr = NULL;
const char *pattern = NULL; const char *pattern = NULL;
int options = 0;
int erroffset; int erroffset;
pattern = apr_pstrmemdup(ruleset->mp, var->param + 1, strlen(var->param + 1) - 1); pattern = apr_pstrmemdup(ruleset->mp, var->param + 1, strlen(var->param + 1) - 1);
if (pattern == NULL) return FATAL_ERROR; if (pattern == NULL) return FATAL_ERROR;
regex = msc_pregcomp(ruleset->mp, pattern, PCRE_DOTALL | PCRE_CASELESS | #ifdef WITH_PCRE2
PCRE_DOLLAR_ENDONLY, &errptr, &erroffset); options = PCRE2_DOTALL | PCRE2_CASELESS | PCRE2_DOLLAR_ENDONLY;
#else
options = PCRE_DOTALL | PCRE_CASELESS | PCRE_DOLLAR_ENDONLY;
#endif
regex = msc_pregcomp(ruleset->mp, pattern, options, &errptr, &erroffset)
;
if (regex == NULL) { if (regex == NULL) {
return apr_psprintf(ruleset->mp, "Error compiling pattern (offset %d ): %s", return apr_psprintf(ruleset->mp, "Error compiling pattern (offset %d ): %s",
erroffset, errptr); erroffset, errptr);
} }
/* Store the compiled regex for later. */ /* Store the compiled regex for later. */
var->param_data = regex; var->param_data = regex;
} }
/* Simple string */ /* Simple string */
skipping to change at line 1165 skipping to change at line 1174
match = 1; match = 1;
} }
} }
} }
/* If we had a match add this argument to the collection. */ /* If we had a match add this argument to the collection. */
if (match) { if (match) {
char buf[1024]; char buf[1024];
FILE *file; FILE *file;
size_t nread; size_t nread;
char *full_content = NULL; char *full_content = NULL;
char *full_content_tmp_ptr = NULL;
size_t total_lenght = 0; size_t total_lenght = 0;
msre_var *rvar = NULL; msre_var *rvar = NULL;
file = fopen(parts[i]->tmp_file_name, "r"); file = fopen(parts[i]->tmp_file_name, "r");
if (file == NULL) if (file == NULL)
{ {
continue; continue;
} }
full_content = (char *)apr_pcalloc(mptmp, (sizeof(char)*parts[i]
->length) + 1);
if (full_content == NULL) {
if (msr->txcfg->debuglog_level >= 3) {
msr_log(msr, 3, "Variable FILES_TMP_CONTENT will not be
created, not " \
"enough memory available.");
}
goto files_tmp_content_not_enough_mem;
}
full_content_tmp_ptr = full_content;
while ((nread = fread(buf, 1, 1023, file)) > 0) while ((nread = fread(buf, 1, 1023, file)) > 0)
{ {
total_lenght += nread; full_content_tmp_ptr = memcpy(full_content_tmp_ptr, buf, nre
buf[nread] = '\0'; ad);
if (full_content == NULL) full_content_tmp_ptr += nread;
{ total_lenght += nread;
full_content = apr_psprintf(mptmp, "%s", buf);
}
else
{
full_content = apr_psprintf(mptmp, "%s%s", full_content,
buf);
}
} }
full_content_tmp_ptr[total_lenght] = '\0';
fclose(file); fclose(file);
rvar = apr_pmemdup(mptmp, var, sizeof(msre_var)); rvar = apr_pmemdup(mptmp, var, sizeof(msre_var));
rvar->value = full_content; rvar->value = full_content;
rvar->value_len = total_lenght; rvar->value_len = total_lenght;
rvar->name = apr_psprintf(mptmp, "FILES_TMP_CONTENT:%s", rvar->name = apr_psprintf(mptmp, "FILES_TMP_CONTENT:%s",
log_escape_nq(mptmp, parts[i]->name)); log_escape_nq(mptmp, parts[i]->name));
apr_table_addn(vartab, rvar->name, (void *)rvar); apr_table_addn(vartab, rvar->name, (void *)rvar);
count++; count++;
} }
} }
} }
files_tmp_content_not_enough_mem:
return count; return count;
} }
/* FILES_TMPNAMES */ /* FILES_TMPNAMES */
static int var_files_tmpnames_generate(modsec_rec *msr, msre_var *var, msre_rule *rule, static int var_files_tmpnames_generate(modsec_rec *msr, msre_var *var, msre_rule *rule,
apr_table_t *vartab, apr_pool_t *mptmp) apr_table_t *vartab, apr_pool_t *mptmp)
{ {
multipart_part **parts = NULL; multipart_part **parts = NULL;
int i, count = 0; int i, count = 0;
skipping to change at line 1422 skipping to change at line 1437
char *my_error_msg = NULL; char *my_error_msg = NULL;
if (!(msc_regexec((msc_regex_t *)var->param_data, parts[i]->name , if (!(msc_regexec((msc_regex_t *)var->param_data, parts[i]->name ,
strlen(parts[i]->name), &my_error_msg) == PCRE_ERROR_NOMATCH )) match = 1; strlen(parts[i]->name), &my_error_msg) == PCRE_ERROR_NOMATCH )) match = 1;
} else { /* Simple comparison. */ } else { /* Simple comparison. */
if (strcasecmp(parts[i]->name, var->param) == 0) match = 1; if (strcasecmp(parts[i]->name, var->param) == 0) match = 1;
} }
} }
/* If we had a match add this argument to the collection. */ /* If we had a match add this argument to the collection. */
if (match) { if (match) {
for (j = 0; j < parts[i]->header_lines->nelts; j++) { if (parts[i]->header_lines) { /* this NULL check shouldn't be necess
char *header_line = ((char **)parts[i]->header_lines->elts)[j]; ary */
msre_var *rvar = apr_pmemdup(mptmp, var, sizeof(msre_var)); for (j = 0; j < parts[i]->header_lines->nelts; j++) {
char *header_line = ((char **)parts[i]->header_lines->elts)[
rvar->value = header_line; j];
rvar->value_len = strlen(rvar->value); msre_var *rvar = apr_pmemdup(mptmp, var, sizeof(msre_var));
rvar->name = apr_psprintf(mptmp, "MULTIPART_PART_HEADERS:%s",
log_escape_nq(mptmp, parts[i]->name)); rvar->value = header_line;
apr_table_addn(vartab, rvar->name, (void *)rvar); rvar->value_len = strlen(rvar->value);
rvar->name = apr_psprintf(mptmp, "MULTIPART_PART_HEADERS:%s"
,
log_escape_nq(mptmp, parts[i]->name));
apr_table_addn(vartab, rvar->name, (void *)rvar);
count++; count++;
} }
}
} }
} }
return count; return count;
} }
/* MODSEC_BUILD */ /* MODSEC_BUILD */
static int var_modsec_build_generate(modsec_rec *msr, msre_var *var, msre_rule * rule, static int var_modsec_build_generate(modsec_rec *msr, msre_var *var, msre_rule * rule,
apr_table_t *vartab, apr_pool_t *mptmp) apr_table_t *vartab, apr_pool_t *mptmp)
 End of changes. 11 change blocks. 
25 lines changed or deleted 47 lines changed or added

Home  |  About  |  Features  |  All  |  Newest  |  Dox  |  Diffs  |  RSS Feeds  |  Screenshots  |  Comments  |  Imprint  |  Privacy  |  HTTP(S)