Movatterモバイル変換

[0]ホーム
URL:

Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly

 Sign up
Appearance settings

Commit876d4f5

Browse files
committed
Merge pull requestmicrosoft#136 from SpiderLabs/remotes/trunk
Remotes/trunk
2 parentsdafd9ae +2c2adc2 commit876d4f5

25 files changed

+12851
-4913
lines changed

‎CHANGES‎

Lines changed: 24 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -1,3 +1,27 @@
1+
23 Jul 2013 - 2.7.5
2+
-------------------
3+
Improvements:
4+
5+
* SecUnicodeCodePage is deprecated. SecUnicodeMapFile now accepts the code page as a second parameter.
6+
7+
* Updated Libinjection to version 3.4.1. Many improvements were made.
8+
9+
* Severity action now supports strings (emergency, alert, critical, error, warning, notice, info, debug).
10+
11+
Bug Fixes:
12+
13+
* Fixed utf8toUnicode tfn null byte conversion.
14+
15+
* Fixed NGINX crash when issue reload command.
16+
17+
* Fixed flush output buffer before inject modified hashed response body.
18+
19+
* Fixed url normalization for Hash Engine.
20+
21+
* Fixed NGINX ap_unixd_set_global_perms_mutex compilation error with apache 2.4 devel files.
22+
23+
Security Issues:
24+
125
10 May 2013 - 2.7.4
226
-------------------
327
Improvements:

‎apache2/Makefile.am‎

Lines changed: 3 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -11,7 +11,8 @@ mod_security2_la_SOURCES = mod_security2.c \
1111
re_variables.c msc_logging.c msc_xml.c\
1212
msc_multipart.c modsecurity.c msc_parsers.c\
1313
msc_util.c msc_pcre.c persist_dbm.c msc_reqbody.c\
14-
msc_geo.c msc_gsb.c msc_crypt.c msc_tree.c msc_unicode.c acmp.c msc_lua.c msc_release.c libinjection/sqlparse.c
14+
msc_geo.c msc_gsb.c msc_crypt.c msc_tree.c msc_unicode.c acmp.c msc_lua.c msc_release.c\
15+
libinjection/libinjection_sqli.c
1516

1617
mod_security2_la_CFLAGS = @APXS_CFLAGS@ @APR_CFLAGS@ @APU_CFLAGS@\
1718
@PCRE_CFLAGS@ @LIBXML2_CFLAGS@ @LUA_CFLAGS@ @MODSEC_EXTRA_CFLAGS@ @CURL_CFLAGS@
@@ -72,7 +73,7 @@ install-exec-hook: $(pkglib_LTLIBRARIES)
7273
formin$(pkglib_LTLIBRARIES);do \
7374
base=`echo$$m| sed's/\..*//'`;\
7475
rm -f$(DESTDIR)$(pkglibdir)/$$base.*a;\
75-
install -D -m444$(DESTDIR)$(pkglibdir)/$$base.so$(DESTDIR)$(APXS_MODULES);\
76+
install -D -m444$(DESTDIR)$(pkglibdir)/$$base.so$(DESTDIR)$(APXS_MODULES)/$$base.so;\
7677
done
7778
else
7879
install-exec-hook:$(pkglib_LTLIBRARIES)

‎apache2/Makefile.win‎

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -46,7 +46,7 @@ OBJS = mod_security2.obj apache2_config.obj apache2_io.obj apache2_util.obj \
4646
msc_logging.obj msc_xml.obj msc_multipart.obj modsecurity.obj \
4747
msc_parsers.obj msc_util.obj msc_pcre.obj persist_dbm.obj \
4848
msc_reqbody.obj msc_geo.obj msc_gsb.obj msc_crypt.obj msc_tree.obj msc_unicode.obj acmp.obj msc_lua.obj \
49-
msc_release.obj libinjection\sqlparse.obj
49+
msc_release.obj libinjection\libinjection_sqli.obj
5050

5151
all: $(DLL)
5252

‎apache2/apache2_config.c‎

Lines changed: 15 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -2656,6 +2656,8 @@ static const char *cmd_geo_lookup_db(cmd_parms *cmd, void *_dcfg,
26562656
/**
26572657
* \brief Add SecUnicodeCodePage configuration option
26582658
*
2659+
* Depcrecated
2660+
*
26592661
* \param cmd Pointer to configuration data
26602662
* \param _dcfg Pointer to directory configuration
26612663
* \param p1 Pointer to configuration option
@@ -2688,13 +2690,24 @@ static const char *cmd_unicode_codepage(cmd_parms *cmd,
26882690
* \retval NULL On success
26892691
*/
26902692
staticconstchar*cmd_unicode_map(cmd_parms*cmd,void*_dcfg,
2691-
constchar*p1)
2693+
constchar*p1,constchar*p2)
26922694
{
26932695
constchar*filename=resolve_relative_path(cmd->pool,cmd->directive->filename,p1);
26942696
char*error_msg;
2697+
longval=0;
26952698
directory_config*dcfg= (directory_config*)_dcfg;
26962699
if (dcfg==NULL)returnNULL;
26972700

2701+
if(p2!=NULL) {
2702+
val=atol(p2);
2703+
if (val <=0) {
2704+
returnapr_psprintf(cmd->pool,"ModSecurity: Invalid setting for "
2705+
"SecUnicodeMapFile: %s",p2);
2706+
}
2707+
2708+
unicode_codepage= (unsigned longint)val;
2709+
}
2710+
26982711
if (unicode_map_init(dcfg,filename,&error_msg) <=0) {
26992712
returnerror_msg;
27002713
}
@@ -3069,7 +3082,7 @@ const command_rec module_directives[] = {
30693082
"Unicode CodePage"
30703083
),
30713084

3072-
AP_INIT_TAKE1 (
3085+
AP_INIT_TAKE12 (
30733086
"SecUnicodeMapFile",
30743087
cmd_unicode_map,
30753088
NULL,

‎apache2/apache2_io.c‎

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -588,7 +588,7 @@ static int flatten_response_body(modsec_rec *msr) {
588588
}
589589

590590
memset(msr->stream_output_data,0,msr->stream_output_length+1);
591-
strncpy(msr->stream_output_data,msr->resbody_data,msr->stream_output_length);
591+
memcpy(msr->stream_output_data,msr->resbody_data,msr->stream_output_length);
592592
msr->stream_output_data[msr->stream_output_length]='\0';
593593
}elseif (msr->txcfg->stream_outbody_inspection&&msr->txcfg->hash_is_enabled==HASH_ENABLED) {
594594
intretval=0;
@@ -617,7 +617,7 @@ static int flatten_response_body(modsec_rec *msr) {
617617
}
618618

619619
memset(msr->stream_output_data,0,msr->stream_output_length+1);
620-
strncpy(msr->stream_output_data,msr->resbody_data,msr->stream_output_length);
620+
memcpy(msr->stream_output_data,msr->resbody_data,msr->stream_output_length);
621621
msr->stream_output_data[msr->stream_output_length]='\0';
622622
}
623623
}

0 commit comments

Comments
 (0)
[8]ページ先頭
©2009-2025 Movatter.jp