Skip to content

Commit 07f4076

Browse files
author
Marc Stern
committed
Check for NULL pointers
1 parent e406bca commit 07f4076

File tree

3 files changed

+151
-151
lines changed

3 files changed

+151
-151
lines changed

apache2/apache2_config.c

Lines changed: 7 additions & 9 deletions
Original file line numberDiff line numberDiff line change
@@ -906,16 +906,16 @@ static const char *add_rule(cmd_parms *cmd, directory_config *dcfg, int type,
906906
*/
907907
rule->actionset = msre_actionset_merge(modsecurity->msre, cmd->pool, dcfg->tmp_default_actionset,
908908
rule->actionset, 1);
909+
if (rule->actionset == NULL) {
910+
return apr_psprintf(cmd->pool, "ModSecurity: cannot merge actionset (memory full?).");
911+
}
909912

910913
/* Keep track of the parent action for "block" */
911-
if (rule->actionset) {
912-
rule->actionset->parent_intercept_action_rec = dcfg->tmp_default_actionset->intercept_action_rec;
913-
rule->actionset->parent_intercept_action = dcfg->tmp_default_actionset->intercept_action;
914-
}
914+
rule->actionset->parent_intercept_action_rec = dcfg->tmp_default_actionset->intercept_action_rec;
915+
rule->actionset->parent_intercept_action = dcfg->tmp_default_actionset->intercept_action;
915916

916917
/* Must NOT specify a disruptive action in logging phase. */
917-
if ((rule->actionset != NULL)
918-
&& (rule->actionset->phase == PHASE_LOGGING)
918+
if ( (rule->actionset->phase == PHASE_LOGGING)
919919
&& (rule->actionset->intercept_action != ACTION_ALLOW)
920920
&& (rule->actionset->intercept_action != ACTION_ALLOW_REQUEST)
921921
&& (rule->actionset->intercept_action != ACTION_NONE)
@@ -926,9 +926,7 @@ static const char *add_rule(cmd_parms *cmd, directory_config *dcfg, int type,
926926

927927
if (dcfg->tmp_chain_starter != NULL) {
928928
rule->chain_starter = dcfg->tmp_chain_starter;
929-
if (rule->actionset) {
930-
rule->actionset->phase = rule->chain_starter->actionset->phase;
931-
}
929+
rule->actionset->phase = rule->chain_starter->actionset->phase;
932930
}
933931

934932
if (rule->actionset->is_chained != 1) {

apache2/msc_tree.c

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -656,6 +656,7 @@ TreeNode *CPTFindElementIPNetblock(modsec_rec *msr, unsigned char *ipdata, unsig
656656
}
657657

658658
node = CPTRetriveNode(msr, ipdata, ip_bitmask, node);
659+
if (node == NULL) return NULL;
659660

660661
if (node && node->bit != ip_bitmask) {
661662
if (msr && msr->txcfg->debuglog_level >= 9) {

apache2/re_operators.c

Lines changed: 143 additions & 142 deletions
Original file line numberDiff line numberDiff line change
@@ -1098,26 +1098,28 @@ static int msre_op_rx_execute(modsec_rec *msr, msre_rule *rule, msre_var *var, c
10981098
}
10991099

11001100
/* Are we supposed to capture subexpressions? */
1101-
capture = apr_table_get(rule->actionset->actions, "capture") ? 1 : 0;
1102-
matched_bytes = apr_table_get(rule->actionset->actions, "sanitizeMatchedBytes") ? 1 : 0;
1103-
if(!matched_bytes)
1104-
matched_bytes = apr_table_get(rule->actionset->actions, "sanitiseMatchedBytes") ? 1 : 0;
1101+
if (rule->actionset) {
1102+
capture = apr_table_get(rule->actionset->actions, "capture") ? 1 : 0;
1103+
matched_bytes = apr_table_get(rule->actionset->actions, "sanitizeMatchedBytes") ? 1 : 0;
1104+
if(!matched_bytes)
1105+
matched_bytes = apr_table_get(rule->actionset->actions, "sanitiseMatchedBytes") ? 1 : 0;
11051106

1106-
matched = apr_table_get(rule->actionset->actions, "sanitizeMatched") ? 1 : 0;
1107-
if(!matched)
1108-
matched = apr_table_get(rule->actionset->actions, "sanitiseMatched") ? 1 : 0;
1107+
matched = apr_table_get(rule->actionset->actions, "sanitizeMatched") ? 1 : 0;
1108+
if(!matched)
1109+
matched = apr_table_get(rule->actionset->actions, "sanitiseMatched") ? 1 : 0;
11091110

1110-
/* Show when the regex captures but "capture" is not set */
1111-
if (msr->txcfg->debuglog_level >= 6) {
1112-
int capcount = 0;
1111+
/* Show when the regex captures but "capture" is not set */
1112+
if (msr->txcfg->debuglog_level >= 6) {
1113+
int capcount = 0;
11131114
#ifdef WITH_PCRE2
1114-
rc = msc_fullinfo(regex, PCRE2_INFO_CAPTURECOUNT, &capcount);
1115+
rc = msc_fullinfo(regex, PCRE2_INFO_CAPTURECOUNT, &capcount);
11151116
#else
1116-
rc = msc_fullinfo(regex, PCRE_INFO_CAPTURECOUNT, &capcount);
1117+
rc = msc_fullinfo(regex, PCRE_INFO_CAPTURECOUNT, &capcount);
11171118
#endif
1118-
if (msr->txcfg->debuglog_level >= 6) {
1119-
if ((capture == 0) && (capcount > 0)) {
1120-
msr_log(msr, 6, "Ignoring regex captures since \"capture\" action is not enabled.");
1119+
if (msr->txcfg->debuglog_level >= 6) {
1120+
if ((capture == 0) && (capcount > 0)) {
1121+
msr_log(msr, 6, "Ignoring regex captures since \"capture\" action is not enabled.");
1122+
}
11211123
}
11221124
}
11231125
}
@@ -2934,52 +2936,51 @@ static int msre_op_verifyCC_execute(modsec_rec *msr, msre_rule *rule, msre_var *
29342936

29352937
if (rule->actionset) {
29362938
matched_bytes = apr_table_get(rule->actionset->actions, "sanitizeMatchedBytes") ? 1 : 0;
2937-
}
2938-
if(!matched_bytes)
2939-
matched_bytes = apr_table_get(rule->actionset->actions, "sanitiseMatchedBytes") ? 1 : 0;
2940-
2941-
2942-
if (apr_table_get(rule->actionset->actions, "capture")) {
2943-
for(; i < rc; i++) {
2944-
msc_string *s = (msc_string *)apr_pcalloc(msr->mp, sizeof(msc_string));
2945-
if (s == NULL) return -1;
2946-
s->name = apr_psprintf(msr->mp, "%d", i);
2947-
if (s->name == NULL) return -1;
2948-
s->name_len = strlen(s->name);
2949-
s->value = apr_pstrmemdup(msr->mp, match, length);
2950-
if (s->value == NULL) return -1;
2951-
s->value_len = length;
2952-
2953-
apr_table_setn(msr->tx_vars, s->name, (void *)s);
2954-
2955-
if (msr->txcfg->debuglog_level >= 9) {
2956-
msr_log(msr, 9, "Added regex subexpression to TX.%d: %s", i,
2957-
log_escape_nq_ex(msr->mp, s->value, s->value_len));
2958-
}
2939+
if(!matched_bytes)
2940+
matched_bytes = apr_table_get(rule->actionset->actions, "sanitiseMatchedBytes") ? 1 : 0;
2941+
2942+
if (apr_table_get(rule->actionset->actions, "capture")) {
2943+
for(; i < rc; i++) {
2944+
msc_string *s = (msc_string *)apr_pcalloc(msr->mp, sizeof(msc_string));
2945+
if (s == NULL) return -1;
2946+
s->name = apr_psprintf(msr->mp, "%d", i);
2947+
if (s->name == NULL) return -1;
2948+
s->name_len = strlen(s->name);
2949+
s->value = apr_pstrmemdup(msr->mp, match, length);
2950+
if (s->value == NULL) return -1;
2951+
s->value_len = length;
2952+
2953+
apr_table_setn(msr->tx_vars, s->name, (void *)s);
2954+
2955+
if (msr->txcfg->debuglog_level >= 9) {
2956+
msr_log(msr, 9, "Added regex subexpression to TX.%d: %s", i,
2957+
log_escape_nq_ex(msr->mp, s->value, s->value_len));
2958+
}
29592959

2960-
if((matched_bytes == 1) && (var != NULL) && (var->name != NULL)) {
2961-
qspos = apr_psprintf(msr->mp, "%s", var->name);
2962-
parm = strstr(qspos, ":");
2963-
if (parm != NULL) {
2964-
parm++;
2965-
mparm = apr_palloc(msr->mp, sizeof(msc_parm));
2966-
if (mparm == NULL)
2967-
continue;
2968-
2969-
mparm->value = apr_pstrmemdup(msr->mp,s->value,s->value_len);
2970-
mparm->pad_1 = rule->actionset->arg_min;
2971-
mparm->pad_2 = rule->actionset->arg_max;
2972-
apr_table_addn(msr->pattern_to_sanitize, parm, (void *)mparm);
2973-
} else {
2974-
mparm = apr_palloc(msr->mp, sizeof(msc_parm));
2975-
if (mparm == NULL)
2976-
continue;
2977-
2978-
mparm->value = apr_pstrmemdup(msr->mp,s->value,s->value_len);
2979-
apr_table_addn(msr->pattern_to_sanitize, qspos, (void *)mparm);
2960+
if((matched_bytes == 1) && (var != NULL) && (var->name != NULL)) {
2961+
qspos = apr_psprintf(msr->mp, "%s", var->name);
2962+
parm = strstr(qspos, ":");
2963+
if (parm != NULL) {
2964+
parm++;
2965+
mparm = apr_palloc(msr->mp, sizeof(msc_parm));
2966+
if (mparm == NULL)
2967+
continue;
2968+
2969+
mparm->value = apr_pstrmemdup(msr->mp,s->value,s->value_len);
2970+
mparm->pad_1 = rule->actionset->arg_min;
2971+
mparm->pad_2 = rule->actionset->arg_max;
2972+
apr_table_addn(msr->pattern_to_sanitize, parm, (void *)mparm);
2973+
} else {
2974+
mparm = apr_palloc(msr->mp, sizeof(msc_parm));
2975+
if (mparm == NULL)
2976+
continue;
2977+
2978+
mparm->value = apr_pstrmemdup(msr->mp,s->value,s->value_len);
2979+
apr_table_addn(msr->pattern_to_sanitize, qspos, (void *)mparm);
2980+
}
29802981
}
2981-
}
29822982

2983+
}
29832984
}
29842985
}
29852986

@@ -3264,51 +3265,51 @@ static int msre_op_verifyCPF_execute(modsec_rec *msr, msre_rule *rule, msre_var
32643265

32653266
if (rule->actionset) {
32663267
matched_bytes = apr_table_get(rule->actionset->actions, "sanitizeMatchedBytes") ? 1 : 0;
3267-
}
3268-
if(!matched_bytes)
3269-
matched_bytes = apr_table_get(rule->actionset->actions, "sanitiseMatchedBytes") ? 1 : 0;
3270-
3271-
if (apr_table_get(rule->actionset->actions, "capture")) {
3272-
for(; i < rc; i++) {
3273-
msc_string *s = (msc_string *)apr_pcalloc(msr->mp, sizeof(msc_string));
3274-
if (s == NULL) return -1;
3275-
s->name = apr_psprintf(msr->mp, "%d", i);
3276-
if (s->name == NULL) return -1;
3277-
s->name_len = strlen(s->name);
3278-
s->value = apr_pstrmemdup(msr->mp, match, length);
3279-
if (s->value == NULL) return -1;
3280-
s->value_len = length;
3281-
3282-
apr_table_setn(msr->tx_vars, s->name, (void *)s);
3283-
3284-
if (msr->txcfg->debuglog_level >= 9) {
3285-
msr_log(msr, 9, "Added regex subexpression to TX.%d: %s", i,
3286-
log_escape_nq_ex(msr->mp, s->value, s->value_len));
3287-
}
3268+
if(!matched_bytes)
3269+
matched_bytes = apr_table_get(rule->actionset->actions, "sanitiseMatchedBytes") ? 1 : 0;
3270+
3271+
if (apr_table_get(rule->actionset->actions, "capture")) {
3272+
for(; i < rc; i++) {
3273+
msc_string *s = (msc_string *)apr_pcalloc(msr->mp, sizeof(msc_string));
3274+
if (s == NULL) return -1;
3275+
s->name = apr_psprintf(msr->mp, "%d", i);
3276+
if (s->name == NULL) return -1;
3277+
s->name_len = strlen(s->name);
3278+
s->value = apr_pstrmemdup(msr->mp, match, length);
3279+
if (s->value == NULL) return -1;
3280+
s->value_len = length;
3281+
3282+
apr_table_setn(msr->tx_vars, s->name, (void *)s);
3283+
3284+
if (msr->txcfg->debuglog_level >= 9) {
3285+
msr_log(msr, 9, "Added regex subexpression to TX.%d: %s", i,
3286+
log_escape_nq_ex(msr->mp, s->value, s->value_len));
3287+
}
32883288

3289-
if((matched_bytes == 1) && (var != NULL) && (var->name != NULL)) {
3290-
qspos = apr_psprintf(msr->mp, "%s", var->name);
3291-
parm = strstr(qspos, ":");
3292-
if (parm != NULL) {
3293-
parm++;
3294-
mparm = apr_palloc(msr->mp, sizeof(msc_parm));
3295-
if (mparm == NULL)
3296-
continue;
3297-
3298-
mparm->value = apr_pstrmemdup(msr->mp,s->value,s->value_len);
3299-
mparm->pad_1 = rule->actionset->arg_min;
3300-
mparm->pad_2 = rule->actionset->arg_max;
3301-
apr_table_addn(msr->pattern_to_sanitize, parm, (void *)mparm);
3302-
} else {
3303-
mparm = apr_palloc(msr->mp, sizeof(msc_parm));
3304-
if (mparm == NULL)
3305-
continue;
3306-
3307-
mparm->value = apr_pstrmemdup(msr->mp,s->value,s->value_len);
3308-
apr_table_addn(msr->pattern_to_sanitize, qspos, (void *)mparm);
3289+
if((matched_bytes == 1) && (var != NULL) && (var->name != NULL)) {
3290+
qspos = apr_psprintf(msr->mp, "%s", var->name);
3291+
parm = strstr(qspos, ":");
3292+
if (parm != NULL) {
3293+
parm++;
3294+
mparm = apr_palloc(msr->mp, sizeof(msc_parm));
3295+
if (mparm == NULL)
3296+
continue;
3297+
3298+
mparm->value = apr_pstrmemdup(msr->mp,s->value,s->value_len);
3299+
mparm->pad_1 = rule->actionset->arg_min;
3300+
mparm->pad_2 = rule->actionset->arg_max;
3301+
apr_table_addn(msr->pattern_to_sanitize, parm, (void *)mparm);
3302+
} else {
3303+
mparm = apr_palloc(msr->mp, sizeof(msc_parm));
3304+
if (mparm == NULL)
3305+
continue;
3306+
3307+
mparm->value = apr_pstrmemdup(msr->mp,s->value,s->value_len);
3308+
apr_table_addn(msr->pattern_to_sanitize, qspos, (void *)mparm);
3309+
}
33093310
}
3310-
}
33113311

3312+
}
33123313
}
33133314
}
33143315

@@ -3578,51 +3579,51 @@ static int msre_op_verifySSN_execute(modsec_rec *msr, msre_rule *rule, msre_var
35783579

35793580
if (rule->actionset) {
35803581
matched_bytes = apr_table_get(rule->actionset->actions, "sanitizeMatchedBytes") ? 1 : 0;
3581-
}
3582-
if(!matched_bytes)
3583-
matched_bytes = apr_table_get(rule->actionset->actions, "sanitiseMatchedBytes") ? 1 : 0;
3584-
3585-
if (apr_table_get(rule->actionset->actions, "capture")) {
3586-
for(; i < rc; i++) {
3587-
msc_string *s = (msc_string *)apr_pcalloc(msr->mp, sizeof(msc_string));
3588-
if (s == NULL) return -1;
3589-
s->name = apr_psprintf(msr->mp, "%d", i);
3590-
if (s->name == NULL) return -1;
3591-
s->name_len = strlen(s->name);
3592-
s->value = apr_pstrmemdup(msr->mp, match, length);
3593-
if (s->value == NULL) return -1;
3594-
s->value_len = length;
3595-
3596-
apr_table_setn(msr->tx_vars, s->name, (void *)s);
3597-
3598-
if (msr->txcfg->debuglog_level >= 9) {
3599-
msr_log(msr, 9, "Added regex subexpression to TX.%d: %s", i,
3600-
log_escape_nq_ex(msr->mp, s->value, s->value_len));
3601-
}
3582+
if(!matched_bytes)
3583+
matched_bytes = apr_table_get(rule->actionset->actions, "sanitiseMatchedBytes") ? 1 : 0;
3584+
3585+
if (apr_table_get(rule->actionset->actions, "capture")) {
3586+
for(; i < rc; i++) {
3587+
msc_string *s = (msc_string *)apr_pcalloc(msr->mp, sizeof(msc_string));
3588+
if (s == NULL) return -1;
3589+
s->name = apr_psprintf(msr->mp, "%d", i);
3590+
if (s->name == NULL) return -1;
3591+
s->name_len = strlen(s->name);
3592+
s->value = apr_pstrmemdup(msr->mp, match, length);
3593+
if (s->value == NULL) return -1;
3594+
s->value_len = length;
3595+
3596+
apr_table_setn(msr->tx_vars, s->name, (void *)s);
3597+
3598+
if (msr->txcfg->debuglog_level >= 9) {
3599+
msr_log(msr, 9, "Added regex subexpression to TX.%d: %s", i,
3600+
log_escape_nq_ex(msr->mp, s->value, s->value_len));
3601+
}
36023602

3603-
if((matched_bytes == 1) && (var != NULL) && (var->name != NULL)) {
3604-
qspos = apr_psprintf(msr->mp, "%s", var->name);
3605-
parm = strstr(qspos, ":");
3606-
if (parm != NULL) {
3607-
parm++;
3608-
mparm = apr_palloc(msr->mp, sizeof(msc_parm));
3609-
if (mparm == NULL)
3610-
continue;
3611-
3612-
mparm->value = apr_pstrmemdup(msr->mp,s->value,s->value_len);
3613-
mparm->pad_1 = rule->actionset->arg_min;
3614-
mparm->pad_2 = rule->actionset->arg_max;
3615-
apr_table_addn(msr->pattern_to_sanitize, parm, (void *)mparm);
3616-
} else {
3617-
mparm = apr_palloc(msr->mp, sizeof(msc_parm));
3618-
if (mparm == NULL)
3619-
continue;
3620-
3621-
mparm->value = apr_pstrmemdup(msr->mp,s->value,s->value_len);
3622-
apr_table_addn(msr->pattern_to_sanitize, qspos, (void *)mparm);
3603+
if((matched_bytes == 1) && (var != NULL) && (var->name != NULL)) {
3604+
qspos = apr_psprintf(msr->mp, "%s", var->name);
3605+
parm = strstr(qspos, ":");
3606+
if (parm != NULL) {
3607+
parm++;
3608+
mparm = apr_palloc(msr->mp, sizeof(msc_parm));
3609+
if (mparm == NULL)
3610+
continue;
3611+
3612+
mparm->value = apr_pstrmemdup(msr->mp,s->value,s->value_len);
3613+
mparm->pad_1 = rule->actionset->arg_min;
3614+
mparm->pad_2 = rule->actionset->arg_max;
3615+
apr_table_addn(msr->pattern_to_sanitize, parm, (void *)mparm);
3616+
} else {
3617+
mparm = apr_palloc(msr->mp, sizeof(msc_parm));
3618+
if (mparm == NULL)
3619+
continue;
3620+
3621+
mparm->value = apr_pstrmemdup(msr->mp,s->value,s->value_len);
3622+
apr_table_addn(msr->pattern_to_sanitize, qspos, (void *)mparm);
3623+
}
36233624
}
3624-
}
36253625

3626+
}
36263627
}
36273628
}
36283629

0 commit comments

Comments
 (0)