Movatterモバイル変換

[0]ホーム
URL:

Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly

 Sign up
Appearance settings

Commit2de5175

Browse files
author
Felipe Zimmerle
committed
Fix collection naming problem
As reported onowasp-modsecurity#1274 we had a problem while merging the collections.Turns out that the collection name was wrong while passing theinformation to setvar.
1 parent6346266 commit2de5175

File tree

2 files changed

+27
-8
lines changed

2 files changed

+27
-8
lines changed

‎CHANGES‎

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -1,6 +1,8 @@
11
DD MMM YYYY - 2.9.2 - To be released
22
------------------------------------
33

4+
* Fix collection naming problem while merging collections.
5+
[Issue #1274 - Coty Sutherland and @zimmerle]
46
* Fix --enable-docs adding missing Makefile, modifying autoconf and filenames
57
[Issue #1322 - @victorhora]
68
* Change from using rand() to thread-safe ap_random_pick.

‎apache2/re_actions.c‎

Lines changed: 25 additions & 8 deletions
Original file line numberDiff line numberDiff line change
@@ -1519,6 +1519,7 @@ apr_status_t msre_action_setvar_execute(modsec_rec *msr, apr_pool_t *mptmp,
15191519
char*s=NULL;
15201520
apr_table_t*target_col=NULL;
15211521
intis_negated=0;
1522+
char*real_col_name=NULL;
15221523
msc_string*var=NULL;
15231524

15241525
if (msr->txcfg->debuglog_level >=9) {
@@ -1561,19 +1562,26 @@ apr_status_t msre_action_setvar_execute(modsec_rec *msr, apr_pool_t *mptmp,
15611562
var_name=s+1;
15621563
*s='\0';
15631564

1565+
if (strcasecmp(col_name,"USER")==0||strcasecmp(col_name,"SESSION")==0
1566+
||strcasecmp(col_name,"RESOURCE")==0) {
1567+
real_col_name=apr_psprintf(mptmp,"%s_%s",msr->txcfg->webappid,col_name);
1568+
}
1569+
15641570
/* Locate the collection. */
15651571
if (strcasecmp(col_name,"tx")==0) {/* Special case for TX variables. */
15661572
target_col=msr->tx_vars;
15671573
}else {
15681574
target_col= (apr_table_t*)apr_table_get(msr->collections,col_name);
1569-
if (target_col==NULL) {
1570-
if (msr->txcfg->debuglog_level >=3) {
1571-
msr_log(msr,3,"Could not set variable \"%s.%s\" as the collection does not exist.",
1572-
log_escape(msr->mp,col_name),log_escape(msr->mp,var_name));
1573-
}
1575+
}
15741576

1575-
return0;
1577+
1578+
if (target_col==NULL) {
1579+
if (msr->txcfg->debuglog_level >=3) {
1580+
msr_log(msr,3,"Could not set variable \"%s.%s\" as the collection does not exist.",
1581+
log_escape(msr->mp,col_name),log_escape(msr->mp,var_name));
15761582
}
1583+
1584+
return0;
15771585
}
15781586

15791587
if (is_negated) {
@@ -1616,7 +1624,11 @@ apr_status_t msre_action_setvar_execute(modsec_rec *msr, apr_pool_t *mptmp,
16161624
}
16171625

16181626
/* Record the original value before we change it */
1619-
collection_original_setvar(msr,col_name,rec);
1627+
if (real_col_name==NULL) {
1628+
collection_original_setvar(msr,col_name,rec);
1629+
}else {
1630+
collection_original_setvar(msr,real_col_name,rec);
1631+
}
16201632

16211633
/* Expand values in value */
16221634
val->value=var_value;
@@ -1651,6 +1663,7 @@ apr_status_t msre_action_setvar_execute(modsec_rec *msr, apr_pool_t *mptmp,
16511663
var->value=apr_pstrdup(msr->mp,var_value);
16521664
var->value_len=strlen(var->value);
16531665
expand_macros(msr,var,rule,mptmp);
1666+
16541667
apr_table_setn(target_col,var->name, (void*)var);
16551668

16561669
if (msr->txcfg->debuglog_level >=9) {
@@ -2048,7 +2061,11 @@ static apr_status_t init_collection(modsec_rec *msr, const char *real_col_name,
20482061
/* Record the original counter value before we change it */
20492062
var= (msc_string*)apr_table_get(table,"UPDATE_COUNTER");
20502063
if (var!=NULL) {
2051-
collection_original_setvar(msr,col_name,var);
2064+
if (real_col_name==NULL) {
2065+
collection_original_setvar(msr,col_name,var);
2066+
}else {
2067+
collection_original_setvar(msr,real_col_name,var);
2068+
}
20522069
}
20532070

20542071
/* Add the collection to the list. */

0 commit comments

Comments
 (0)
[8]ページ先頭
©2009-2025 Movatter.jp