Commit6473cf6

hideaki

authored and

Felipe Zimmerle

committed

Make url path absolute for SecHashEngine only when it is relative in the first place.Fixowasp-modsecurity#752

1 parent6f49bad commit6473cf6Copy full SHA for 6473cf6

File tree

1 file changed

+17

-11

lines changed

apache2
- msc_crypt.c

1 file changed

+17

-11

lines changed

`‎apache2/msc_crypt.c‎`

Lines changed: 17 additions & 11 deletions

Original file line number	Diff line number	Diff line change
`@@ -68,24 +68,30 @@ char normalize_path(modsec_rec msr, char *input) {`
`68`	`68`	`char*Uri=NULL;`
`69`	`69`	`intbytes=0;`
`70`	`70`	`/int i;/`
`71`		`-char*relative_link=NULL;`
	`71`	`+char*abs_link=NULL;`
`72`	`72`	`char*filename=NULL;`
`73`		`-char*relative_path=NULL;`
`74`		`-char*relative_uri=NULL;`
	`73`	`+char*abs_path=NULL;`
	`74`	`+char*abs_uri=NULL;`
`75`	`75`
`76`		`-filename=file_basename(msr->mp,msr->r->parsed_uri.path);`
	`76`	`+if (uri->path[0]!='/') {`
	`77`	`+/* uri->path is relative. make it absolute */`
	`78`	`+filename=file_basename(msr->mp,msr->r->parsed_uri.path);`
`77`	`79`
`78`		`-if(filename==NULL\|\| (strlen(msr->r->parsed_uri.path)-strlen(filename)<0))`
`79`		`-returnNULL;`
	`80`	`+if(filename==NULL\|\| (strlen(msr->r->parsed_uri.path)-strlen(filename)<0))`
	`81`	`+returnNULL;`
`80`	`82`
`81`		`-relative_path=apr_pstrndup(msr->mp,msr->r->parsed_uri.path,strlen(msr->r->parsed_uri.path)-strlen(filename));`
`82`		`-relative_uri=apr_pstrcat(msr->mp,relative_path,uri->path,NULL);`
	`83`	`+abs_path=apr_pstrndup(msr->mp,msr->r->parsed_uri.path,strlen(msr->r->parsed_uri.path)-strlen(filename));`
	`84`	`+abs_uri=apr_pstrcat(msr->mp,abs_path,uri->path,NULL);`
`83`	`85`
`84`		`-relative_link=apr_pstrdup(msr->mp,relative_uri);`
	`86`	`+abs_link=apr_pstrdup(msr->mp,abs_uri);`
	`87`	`+ }`
	`88`	`+else {`
	`89`	`+abs_link=apr_pstrdup(msr->mp,uri->path);`
	`90`	`+ }`
`85`	`91`
`86`		`-xmlNormalizeURIPath(relative_link);`
	`92`	`+xmlNormalizeURIPath(abs_link);`
`87`	`93`
`88`		`-Uri=apr_pstrdup(msr->mp,relative_link);`
	`94`	`+Uri=apr_pstrdup(msr->mp,abs_link);`
`89`	`95`
`90`	`96`	`/*`
`91`	`97`	`for(i = 0; i < (int)strlen(Uri); i++) {`

0 commit comments

Comments

(0)

Movatterモバイル変換

Navigation Menu

Search code, repositories, users, issues, pull requests...

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Commit6473cf6

File tree

1 file changed

1 file changed

`‎apache2/msc_crypt.c‎`

0 commit comments