Skip to content

Commit 0d52c0c

Browse files
ppomesppomes
committed
fix review: add SWIG declarations, input validation, 32-bit safe decoding
1 parent e9bd453 commit 0d52c0c

2 files changed

Lines changed: 17 additions & 4 deletions

File tree

coraza.i

Lines changed: 7 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -401,3 +401,10 @@ extern int coraza_free_waf(coraza_waf_t t);
401401
extern coraza_severity_t coraza_matched_rule_get_severity(
402402
coraza_matched_rule_t r);
403403
extern char *coraza_matched_rule_get_error_log(coraza_matched_rule_t r);
404+
extern int coraza_add_request_headers(coraza_transaction_t t,
405+
const char *packed, int packed_len,
406+
int count);
407+
extern int coraza_add_response_headers(coraza_transaction_t t,
408+
const char *packed, int packed_len,
409+
int count);
410+
extern void coraza_free_string(char *s);

libcoraza/coraza.go

Lines changed: 10 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -286,14 +286,17 @@ func coraza_add_request_header(t C.coraza_transaction_t, name *C.char, name_len
286286
//
287287
//export coraza_add_request_headers
288288
func coraza_add_request_headers(t C.coraza_transaction_t, packed *C.char, packed_len C.int, count C.int) C.int {
289+
if packed_len < 0 || count < 0 {
290+
return -1
291+
}
289292
tx := fromRaw[types.Transaction](t)
290293
buf := C.GoBytes(unsafe.Pointer(packed), packed_len)
291294
off := 0
292295
for i := 0; i < int(count); i++ {
293296
if off+2 > len(buf) {
294297
return -1
295298
}
296-
nameLen := int(buf[off])<<8 | int(buf[off+1])
299+
nameLen := int(uint16(buf[off])<<8 | uint16(buf[off+1]))
297300
off += 2
298301
if off+nameLen > len(buf) {
299302
return -1
@@ -303,7 +306,7 @@ func coraza_add_request_headers(t C.coraza_transaction_t, packed *C.char, packed
303306
if off+4 > len(buf) {
304307
return -1
305308
}
306-
valueLen := int(buf[off])<<24 | int(buf[off+1])<<16 | int(buf[off+2])<<8 | int(buf[off+3])
309+
valueLen := int(uint32(buf[off])<<24 | uint32(buf[off+1])<<16 | uint32(buf[off+2])<<8 | uint32(buf[off+3]))
307310
off += 4
308311
if off+valueLen > len(buf) {
309312
return -1
@@ -359,14 +362,17 @@ func coraza_add_response_header(t C.coraza_transaction_t, name *C.char, name_len
359362
//
360363
//export coraza_add_response_headers
361364
func coraza_add_response_headers(t C.coraza_transaction_t, packed *C.char, packed_len C.int, count C.int) C.int {
365+
if packed_len < 0 || count < 0 {
366+
return -1
367+
}
362368
tx := fromRaw[types.Transaction](t)
363369
buf := C.GoBytes(unsafe.Pointer(packed), packed_len)
364370
off := 0
365371
for i := 0; i < int(count); i++ {
366372
if off+2 > len(buf) {
367373
return -1
368374
}
369-
nameLen := int(buf[off])<<8 | int(buf[off+1])
375+
nameLen := int(uint16(buf[off])<<8 | uint16(buf[off+1]))
370376
off += 2
371377
if off+nameLen > len(buf) {
372378
return -1
@@ -376,7 +382,7 @@ func coraza_add_response_headers(t C.coraza_transaction_t, packed *C.char, packe
376382
if off+4 > len(buf) {
377383
return -1
378384
}
379-
valueLen := int(buf[off])<<24 | int(buf[off+1])<<16 | int(buf[off+2])<<8 | int(buf[off+3])
385+
valueLen := int(uint32(buf[off])<<24 | uint32(buf[off+1])<<16 | uint32(buf[off+2])<<8 | uint32(buf[off+3]))
380386
off += 4
381387
if off+valueLen > len(buf) {
382388
return -1

0 commit comments

Comments
 (0)