Skip to content

Commit 9b987cc

Browse files
author
Marc Stern
committed
Return of msc_regexec() compared with PCRE_ERROR_NOMATCH (!=) to check if match.
Other errors may happen that would return -2, -3, ... Matching would be incorrectly set in this case. We must check if >= 0
1 parent 28b6e1d commit 9b987cc

File tree

1 file changed

+35
-81
lines changed

1 file changed

+35
-81
lines changed

apache2/re_variables.c

+35-81
Original file line numberDiff line numberDiff line change
@@ -120,8 +120,7 @@ static int var_args_generate(modsec_rec *msr, msre_var *var, msre_rule *rule,
120120
if (var->param_data != NULL) { /* Regex. */
121121
char *my_error_msg = NULL;
122122
/* Run the regex against the argument name. */
123-
if (!(msc_regexec((msc_regex_t *)var->param_data, arg->name,
124-
arg->name_len, &my_error_msg) == PCRE_ERROR_NOMATCH)) match = 1;
123+
if (msc_regexec((msc_regex_t *)var->param_data, arg->name, arg->name_len, &my_error_msg) >= 0) match = 1;
125124
} else { /* Simple comparison. */
126125
if (strcasecmp(arg->name, var->param) == 0) match = 1;
127126
}
@@ -198,8 +197,7 @@ static int var_args_names_generate(modsec_rec *msr, msre_var *var, msre_rule *ru
198197
else {
199198
if (var->param_data != NULL) { /* Regex. */
200199
char *my_error_msg = NULL;
201-
if (!(msc_regexec((msc_regex_t *)var->param_data, arg->name,
202-
arg->name_len, &my_error_msg) == PCRE_ERROR_NOMATCH)) match = 1;
200+
if (msc_regexec((msc_regex_t *)var->param_data, arg->name, arg->name_len, &my_error_msg) >= 0) match = 1;
203201
} else { /* Simple comparison. */
204202
if (strcasecmp(arg->name, var->param) == 0) match = 1;
205203
}
@@ -250,8 +248,7 @@ static int var_args_get_generate(modsec_rec *msr, msre_var *var, msre_rule *rule
250248
if (var->param_data != NULL) { /* Regex. */
251249
char *my_error_msg = NULL;
252250
/* Run the regex against the argument name. */
253-
if (!(msc_regexec((msc_regex_t *)var->param_data, arg->name,
254-
arg->name_len, &my_error_msg) == PCRE_ERROR_NOMATCH)) match = 1;
251+
if (msc_regexec((msc_regex_t *)var->param_data, arg->name, arg->name_len, &my_error_msg) >= 0) match = 1;
255252
} else { /* Simple comparison. */
256253
if (strcasecmp(arg->name, var->param) == 0) match = 1;
257254
}
@@ -300,8 +297,7 @@ static int var_args_get_names_generate(modsec_rec *msr, msre_var *var, msre_rule
300297
else {
301298
if (var->param_data != NULL) { /* Regex. */
302299
char *my_error_msg = NULL;
303-
if (!(msc_regexec((msc_regex_t *)var->param_data, arg->name,
304-
arg->name_len, &my_error_msg) == PCRE_ERROR_NOMATCH)) match = 1;
300+
if (msc_regexec((msc_regex_t *)var->param_data, arg->name, arg->name_len, &my_error_msg) >= 0) match = 1;
305301
} else { /* Simple comparison. */
306302
if (strcasecmp(arg->name, var->param) == 0) match = 1;
307303
}
@@ -352,8 +348,7 @@ static int var_args_post_generate(modsec_rec *msr, msre_var *var, msre_rule *rul
352348
if (var->param_data != NULL) { /* Regex. */
353349
char *my_error_msg = NULL;
354350
/* Run the regex against the argument name. */
355-
if (!(msc_regexec((msc_regex_t *)var->param_data, arg->name,
356-
arg->name_len, &my_error_msg) == PCRE_ERROR_NOMATCH)) match = 1;
351+
if (msc_regexec((msc_regex_t *)var->param_data, arg->name, arg->name_len, &my_error_msg) >= 0) match = 1;
357352
} else { /* Simple comparison. */
358353
if (strcasecmp(arg->name, var->param) == 0) match = 1;
359354
}
@@ -402,8 +397,7 @@ static int var_args_post_names_generate(modsec_rec *msr, msre_var *var, msre_rul
402397
else {
403398
if (var->param_data != NULL) { /* Regex. */
404399
char *my_error_msg = NULL;
405-
if (!(msc_regexec((msc_regex_t *)var->param_data, arg->name,
406-
arg->name_len, &my_error_msg) == PCRE_ERROR_NOMATCH)) match = 1;
400+
if (msc_regexec((msc_regex_t *)var->param_data, arg->name, arg->name_len, &my_error_msg) >= 0) match = 1;
407401
} else { /* Simple comparison. */
408402
if (strcasecmp(arg->name, var->param) == 0) match = 1;
409403
}
@@ -899,8 +893,7 @@ static int var_tx_generate(modsec_rec *msr, msre_var *var, msre_rule *rule,
899893
else {
900894
if (var->param_data != NULL) { /* Regex. */
901895
char *my_error_msg = NULL;
902-
if (!(msc_regexec((msc_regex_t *)var->param_data, str->name,
903-
str->name_len, &my_error_msg) == PCRE_ERROR_NOMATCH)) match = 1;
896+
if (msc_regexec((msc_regex_t *)var->param_data, str->name, str->name_len, &my_error_msg) >= 0) match = 1;
904897
} else { /* Simple comparison. */
905898
if (strcasecmp(str->name, var->param) == 0) match = 1;
906899
}
@@ -955,8 +948,7 @@ static int var_geo_generate(modsec_rec *msr, msre_var *var, msre_rule *rule,
955948
else {
956949
if (var->param_data != NULL) { /* Regex. */
957950
char *my_error_msg = NULL;
958-
if (!(msc_regexec((msc_regex_t *)var->param_data, str->name,
959-
str->name_len, &my_error_msg) == PCRE_ERROR_NOMATCH)) match = 1;
951+
if (msc_regexec((msc_regex_t *)var->param_data, str->name, str->name_len, &my_error_msg) >= 0) match = 1;
960952
} else { /* Simple comparison. */
961953
if (strcasecmp(str->name, var->param) == 0) match = 1;
962954
}
@@ -1016,8 +1008,7 @@ static int var_ip_generate(modsec_rec *msr, msre_var *var, msre_rule *rule,
10161008
else {
10171009
if (var->param_data != NULL) { /* Regex. */
10181010
char *my_error_msg = NULL;
1019-
if (!(msc_regexec((msc_regex_t *)var->param_data, str->name,
1020-
str->name_len, &my_error_msg) == PCRE_ERROR_NOMATCH)) match = 1;
1011+
if (msc_regexec((msc_regex_t *)var->param_data, str->name, str->name_len, &my_error_msg) >= 0) match = 1;
10211012
} else { /* Simple comparison. */
10221013
if (strcasecmp(str->name, var->param) == 0) match = 1;
10231014
}
@@ -1096,8 +1087,7 @@ static int var_session_generate(modsec_rec *msr, msre_var *var, msre_rule *rule,
10961087
else {
10971088
if (var->param_data != NULL) { /* Regex. */
10981089
char *my_error_msg = NULL;
1099-
if (!(msc_regexec((msc_regex_t *)var->param_data, str->name,
1100-
str->name_len, &my_error_msg) == PCRE_ERROR_NOMATCH)) match = 1;
1090+
if (msc_regexec((msc_regex_t *)var->param_data, str->name, str->name_len, &my_error_msg) >= 0) match = 1;
11011091
} else { /* Simple comparison. */
11021092
if (strcasecmp(str->name, var->param) == 0) match = 1;
11031093
}
@@ -1152,8 +1142,7 @@ static int var_user_generate(modsec_rec *msr, msre_var *var, msre_rule *rule,
11521142
else {
11531143
if (var->param_data != NULL) { /* Regex. */
11541144
char *my_error_msg = NULL;
1155-
if (!(msc_regexec((msc_regex_t *)var->param_data, str->name,
1156-
str->name_len, &my_error_msg) == PCRE_ERROR_NOMATCH)) match = 1;
1145+
if (msc_regexec((msc_regex_t *)var->param_data, str->name, str->name_len, &my_error_msg) >= 0) match = 1;
11571146
} else { /* Simple comparison. */
11581147
if (strcasecmp(str->name, var->param) == 0) match = 1;
11591148
}
@@ -1212,8 +1201,7 @@ static int var_global_generate(modsec_rec *msr, msre_var *var, msre_rule *rule,
12121201
else {
12131202
if (var->param_data != NULL) { /* Regex. */
12141203
char *my_error_msg = NULL;
1215-
if (!(msc_regexec((msc_regex_t *)var->param_data, str->name,
1216-
str->name_len, &my_error_msg) == PCRE_ERROR_NOMATCH)) match = 1;
1204+
if (msc_regexec((msc_regex_t *)var->param_data, str->name, str->name_len, &my_error_msg) >= 0) match = 1;
12171205
} else { /* Simple comparison. */
12181206
if (strcasecmp(str->name, var->param) == 0) match = 1;
12191207
}
@@ -1264,8 +1252,7 @@ static int var_resource_generate(modsec_rec *msr, msre_var *var, msre_rule *rule
12641252
else {
12651253
if (var->param_data != NULL) { /* Regex. */
12661254
char *my_error_msg = NULL;
1267-
if (!(msc_regexec((msc_regex_t *)var->param_data, str->name,
1268-
str->name_len, &my_error_msg) == PCRE_ERROR_NOMATCH)) match = 1;
1255+
if (msc_regexec((msc_regex_t *)var->param_data, str->name, str->name_len, &my_error_msg) >= 0) match = 1;
12691256
} else { /* Simple comparison. */
12701257
if (strcasecmp(str->name, var->param) == 0) match = 1;
12711258
}
@@ -1306,38 +1293,21 @@ static int var_files_tmp_contents_generate(modsec_rec *msr, msre_var *var,
13061293
if (msr->mpd == NULL) return 0;
13071294

13081295
parts = (multipart_part **)msr->mpd->parts->elts;
1309-
for (i = 0; i < msr->mpd->parts->nelts; i++)
1310-
{
1311-
if ((parts[i]->type == MULTIPART_FILE) &&
1312-
(parts[i]->tmp_file_name != NULL))
1313-
{
1296+
for (i = 0; i < msr->mpd->parts->nelts; i++) {
1297+
if ((parts[i]->type == MULTIPART_FILE) && (parts[i]->tmp_file_name != NULL)) {
13141298
int match = 0;
13151299

13161300
/* Figure out if we want to include this variable. */
1317-
if (var->param == NULL)
1318-
{
1319-
match = 1;
1320-
}
1321-
else
1322-
{
1323-
if (var->param_data != NULL)
1324-
{
1301+
if (var->param == NULL)match = 1;
1302+
else {
1303+
if (var->param_data != NULL) {
13251304
/* Regex. */
13261305
char *my_error_msg = NULL;
1327-
if (!(msc_regexec((msc_regex_t *)var->param_data,
1328-
parts[i]->name, strlen(parts[i]->name),
1329-
&my_error_msg) == PCRE_ERROR_NOMATCH))
1330-
{
1331-
match = 1;
1332-
}
1306+
if (msc_regexec((msc_regex_t*)var->param_data, parts[i]->name, strlen(parts[i]->name), &my_error_msg) >= 0) match = 1;
13331307
}
1334-
else
1335-
{
1308+
else {
13361309
/* Simple comparison. */
1337-
if (strcasecmp(parts[i]->name, var->param) == 0)
1338-
{
1339-
match = 1;
1340-
}
1310+
if (strcasecmp(parts[i]->name, var->param) == 0)match = 1;
13411311
}
13421312
}
13431313
/* If we had a match add this argument to the collection. */
@@ -1351,10 +1321,7 @@ static int var_files_tmp_contents_generate(modsec_rec *msr, msre_var *var,
13511321
msre_var *rvar = NULL;
13521322

13531323
file = fopen(parts[i]->tmp_file_name, "r");
1354-
if (file == NULL)
1355-
{
1356-
continue;
1357-
}
1324+
if (file == NULL) continue;
13581325

13591326
full_content = (char *)apr_pcalloc(mptmp, (sizeof(char)*parts[i]->length) + 1);
13601327
if (full_content == NULL) {
@@ -1416,8 +1383,7 @@ static int var_files_tmpnames_generate(modsec_rec *msr, msre_var *var, msre_rule
14161383
else {
14171384
if (var->param_data != NULL) { /* Regex. */
14181385
char *my_error_msg = NULL;
1419-
if (!(msc_regexec((msc_regex_t *)var->param_data, parts[i]->name,
1420-
strlen(parts[i]->name), &my_error_msg) == PCRE_ERROR_NOMATCH)) match = 1;
1386+
if (msc_regexec((msc_regex_t *)var->param_data, parts[i]->name, strlen(parts[i]->name), &my_error_msg) >= 0) match = 1;
14211387
} else { /* Simple comparison. */
14221388
if (strcasecmp(parts[i]->name, var->param) == 0) match = 1;
14231389
}
@@ -1465,8 +1431,7 @@ static int var_files_generate(modsec_rec *msr, msre_var *var, msre_rule *rule,
14651431
else {
14661432
if (var->param_data != NULL) { /* Regex. */
14671433
char *my_error_msg = NULL;
1468-
if (!(msc_regexec((msc_regex_t *)var->param_data, parts[i]->name,
1469-
strlen(parts[i]->name), &my_error_msg) == PCRE_ERROR_NOMATCH)) match = 1;
1434+
if (msc_regexec((msc_regex_t *)var->param_data, parts[i]->name, strlen(parts[i]->name), &my_error_msg) >= 0) match = 1;
14701435
} else { /* Simple comparison. */
14711436
if (strcasecmp(parts[i]->name, var->param) == 0) match = 1;
14721437
}
@@ -1514,8 +1479,7 @@ static int var_files_sizes_generate(modsec_rec *msr, msre_var *var, msre_rule *r
15141479
else {
15151480
if (var->param_data != NULL) { /* Regex. */
15161481
char *my_error_msg = NULL;
1517-
if (!(msc_regexec((msc_regex_t *)var->param_data, parts[i]->name,
1518-
strlen(parts[i]->name), &my_error_msg) == PCRE_ERROR_NOMATCH)) match = 1;
1482+
if (msc_regexec((msc_regex_t *)var->param_data, parts[i]->name, strlen(parts[i]->name), &my_error_msg) >= 0) match = 1;
15191483
} else { /* Simple comparison. */
15201484
if (strcasecmp(parts[i]->name, var->param) == 0) match = 1;
15211485
}
@@ -1632,8 +1596,7 @@ static int var_multipart_part_headers_generate(modsec_rec *msr, msre_var *var, m
16321596
else {
16331597
if (var->param_data != NULL) { /* Regex. */
16341598
char *my_error_msg = NULL;
1635-
if (!(msc_regexec((msc_regex_t *)var->param_data, parts[i]->name,
1636-
strlen(parts[i]->name), &my_error_msg) == PCRE_ERROR_NOMATCH)) match = 1;
1599+
if (msc_regexec((msc_regex_t *)var->param_data, parts[i]->name, strlen(parts[i]->name), &my_error_msg) >= 0) match = 1;
16371600
} else { /* Simple comparison. */
16381601
if (strcasecmp(parts[i]->name, var->param) == 0) match = 1;
16391602
}
@@ -2105,8 +2068,7 @@ static int var_perf_rules_generate(modsec_rec *msr, msre_var *var, msre_rule *ru
21052068
else {
21062069
if (var->param_data != NULL) { /* Regex. */
21072070
char *my_error_msg = NULL;
2108-
if (!(msc_regexec((msc_regex_t *)var->param_data, te[i].key,
2109-
strlen(te[i].key), &my_error_msg) == PCRE_ERROR_NOMATCH)) match = 1;
2071+
if (msc_regexec((msc_regex_t *)var->param_data, te[i].key, strlen(te[i].key), &my_error_msg) >= 0) match = 1;
21102072
} else { /* Simple comparison. */
21112073
if (strcasecmp(te[i].key, var->param) == 0) match = 1;
21122074
}
@@ -2591,8 +2553,7 @@ static int var_matched_vars_names_generate(modsec_rec *msr, msre_var *var, msre_
25912553
else {
25922554
if (var->param_data != NULL) { /* Regex. */
25932555
char *my_error_msg = NULL;
2594-
if (!(msc_regexec((msc_regex_t *)var->param_data, str->name,
2595-
strlen(str->name), &my_error_msg) == PCRE_ERROR_NOMATCH)) match = 1;
2556+
if (msc_regexec((msc_regex_t *)var->param_data, str->name, strlen(str->name), &my_error_msg) >= 0) match = 1;
25962557
} else { /* Simple comparison. */
25972558
if (strcasecmp(str->name, var->param) == 0) match = 1;
25982559
}
@@ -2660,8 +2621,7 @@ static int var_matched_vars_generate(modsec_rec *msr, msre_var *var, msre_rule *
26602621
else {
26612622
if (var->param_data != NULL) { /* Regex. */
26622623
char *my_error_msg = NULL;
2663-
if (!(msc_regexec((msc_regex_t *)var->param_data, str->name,
2664-
strlen(str->name), &my_error_msg) == PCRE_ERROR_NOMATCH)) match = 1;
2624+
if (msc_regexec((msc_regex_t *)var->param_data, str->name, strlen(str->name), &my_error_msg) >= 0) match = 1;
26652625
} else { /* Simple comparison. */
26662626
if (strcasecmp(str->name, var->param) == 0) match = 1;
26672627
}
@@ -2728,8 +2688,7 @@ static int var_request_cookies_generate(modsec_rec *msr, msre_var *var, msre_rul
27282688
else {
27292689
if (var->param_data != NULL) { /* Regex. */
27302690
char *my_error_msg = NULL;
2731-
if (!(msc_regexec((msc_regex_t *)var->param_data, te[i].key,
2732-
strlen(te[i].key), &my_error_msg) == PCRE_ERROR_NOMATCH)) match = 1;
2691+
if (msc_regexec((msc_regex_t *)var->param_data, te[i].key, strlen(te[i].key), &my_error_msg) >= 0) match = 1;
27332692
} else { /* Simple comparison. */
27342693
if (strcasecmp(te[i].key, var->param) == 0) match = 1;
27352694
}
@@ -2783,8 +2742,7 @@ static int var_request_cookies_names_generate(modsec_rec *msr, msre_var *var, ms
27832742
else {
27842743
if (var->param_data != NULL) { /* Regex. */
27852744
char *my_error_msg = NULL;
2786-
if (!(msc_regexec((msc_regex_t *)var->param_data, te[i].key,
2787-
strlen(te[i].key), &my_error_msg) == PCRE_ERROR_NOMATCH)) match = 1;
2745+
if (msc_regexec((msc_regex_t *)var->param_data, te[i].key, strlen(te[i].key), &my_error_msg) >= 0) match = 1;
27882746
} else { /* Simple comparison. */
27892747
if (strcasecmp(te[i].key, var->param) == 0) match = 1;
27902748
}
@@ -2838,8 +2796,7 @@ static int var_request_headers_generate(modsec_rec *msr, msre_var *var, msre_rul
28382796
else {
28392797
if (var->param_data != NULL) { /* Regex. */
28402798
char *my_error_msg = NULL;
2841-
if (!(msc_regexec((msc_regex_t *)var->param_data, te[i].key,
2842-
strlen(te[i].key), &my_error_msg) == PCRE_ERROR_NOMATCH)) match = 1;
2799+
if (msc_regexec((msc_regex_t *)var->param_data, te[i].key, strlen(te[i].key), &my_error_msg) >= 0) match = 1;
28432800
} else { /* Simple comparison. */
28442801
if (strcasecmp(te[i].key, var->param) == 0) match = 1;
28452802
}
@@ -2893,8 +2850,7 @@ static int var_request_headers_names_generate(modsec_rec *msr, msre_var *var, ms
28932850
else {
28942851
if (var->param_data != NULL) { /* Regex. */
28952852
char *my_error_msg = NULL;
2896-
if (!(msc_regexec((msc_regex_t *)var->param_data, te[i].key,
2897-
strlen(te[i].key), &my_error_msg) == PCRE_ERROR_NOMATCH)) match = 1;
2853+
if (msc_regexec((msc_regex_t *)var->param_data, te[i].key, strlen(te[i].key), &my_error_msg) >= 0) match = 1;
28982854
} else { /* Simple comparison. */
28992855
if (strcasecmp(te[i].key, var->param) == 0) match = 1;
29002856
}
@@ -3171,8 +3127,7 @@ static int var_response_headers_generate(modsec_rec *msr, msre_var *var, msre_ru
31713127
else {
31723128
if (var->param_data != NULL) { /* Regex. */
31733129
char *my_error_msg = NULL;
3174-
if (!(msc_regexec((msc_regex_t *)var->param_data, te[i].key,
3175-
strlen(te[i].key), &my_error_msg) == PCRE_ERROR_NOMATCH)) match = 1;
3130+
if (msc_regexec((msc_regex_t *)var->param_data, te[i].key, strlen(te[i].key), &my_error_msg) >= 0) match = 1;
31763131
} else { /* Simple comparison. */
31773132
if (strcasecmp(te[i].key, var->param) == 0) match = 1;
31783133
}
@@ -3226,8 +3181,7 @@ static int var_response_headers_names_generate(modsec_rec *msr, msre_var *var, m
32263181
else {
32273182
if (var->param_data != NULL) { /* Regex. */
32283183
char *my_error_msg = NULL;
3229-
if (!(msc_regexec((msc_regex_t *)var->param_data, te[i].key,
3230-
strlen(te[i].key), &my_error_msg) == PCRE_ERROR_NOMATCH)) match = 1;
3184+
if (msc_regexec((msc_regex_t *)var->param_data, te[i].key, strlen(te[i].key), &my_error_msg) >= 0) match = 1;
32313185
} else { /* Simple comparison. */
32323186
if (strcasecmp(te[i].key, var->param) == 0) match = 1;
32333187
}

0 commit comments

Comments
 (0)