PageRenderTime 93ms CodeModel.GetById 17ms RepoModel.GetById 0ms app.codeStats 1ms

/lib/modsecurity-apache_2.6.1/apache2/re_operators.c

http://vulture.googlecode.com/
C | 3908 lines | 2693 code | 706 blank | 509 comment | 915 complexity | 05d1cb24dc3e8fcd1044bde4468344d8 MD5 | raw file
Possible License(s): Apache-2.0

Large files files are truncated, but you can click here to view the full file

    

  1. /*
    2. 

  2. * ModSecurity for Apache 2.x, http://www.modsecurity.org/
    3. 

  3. * Copyright (c) 2004-2011 Trustwave Holdings, Inc. (http://www.trustwave.com/)
    4. 

  4. *
    5. 

  5. * You may not use this file except in compliance with
    6. 

  6. * the License.  You may obtain a copy of the License at
    7. 

  7. *
    8. 

  8. *     http://www.apache.org/licenses/LICENSE-2.0
    9. 

  9. *
    10. 

  10. * If any of the files related to licensing are missing or if you have any
    11. 

  11. * other questions related to licensing please contact Trustwave Holdings, Inc.
    12. 

  12. * directly using the email address security@modsecurity.org.
    13. 

  13. */
    14. 

  14. 

  15. #include "re.h"
    16. 

  16. #include "msc_pcre.h"
    17. 

  17. #include "msc_geo.h"
    18. 

  18. #include "msc_gsb.h"
    19. 

  19. #include "apr_lib.h"
    20. 

  20. #include "apr_strmatch.h"
    21. 

  21. #include "acmp.h"
    22. 

  22. #include "msc_util.h"
    23. 

  23. #if !defined(WIN32) || !defined(WINNT)
    24. 

  24. #include <regex.h>
    25. 

  25. #include <arpa/inet.h>
    26. 

  26. #endif
    27. 

  27. 

  28. /**
    29. 

  29.  *
    30. 

  30.  */
    31. 

  31. void msre_engine_op_register(msre_engine *engine, const char *name,
    32. 

  32.     fn_op_param_init_t fn1, fn_op_execute_t fn2)
    33. 

  33. {
    34. 

  34.     msre_op_metadata *metadata = (msre_op_metadata *)apr_pcalloc(engine->mp,
    35. 

  35.         sizeof(msre_op_metadata));
    36. 

  36.     if (metadata == NULL) return;
    37. 

  37. 

  38.     metadata->name = name;
    39. 

  39.     metadata->param_init = fn1;
    40. 

  40.     metadata->execute = fn2;
    41. 

  41.     apr_table_setn(engine->operators, name, (void *)metadata);
    42. 

  42. }
    43. 

  43. 

  44. /**
    45. 

  45.  *
    46. 

  46.  */
    47. 

  47. msre_op_metadata *msre_engine_op_resolve(msre_engine *engine, const char *name) {
    48. 

  48.     return (msre_op_metadata *)apr_table_get(engine->operators, name);
    49. 

  49. }
    50. 

  50. 

  51. 

  52. 

  53. /* -- Operators -- */
    54. 

  54. 

  55. /* unconditionalMatch */
    56. 

  56. 

  57. static int msre_op_unconditionalmatch_execute(modsec_rec *msr, msre_rule *rule,
    58. 

  58.     msre_var *var, char **error_msg)
    59. 

  59. {
    60. 

  60.     *error_msg = "Unconditional match in SecAction.";
    61. 

  61. 

  62.     /* Always match. */
    63. 

  63.     return 1;
    64. 

  64. }
    65. 

  65. 

  66. /* noMatch */
    67. 

  67. 

  68. static int msre_op_nomatch_execute(modsec_rec *msr, msre_rule *rule,
    69. 

  69.     msre_var *var, char **error_msg)
    70. 

  70. {
    71. 

  71.     *error_msg = "No match.";
    72. 

  72. 

  73.     /* Never match. */
    74. 

  74.     return 0;
    75. 

  75. }
    76. 

  76. 

  77. /* ipmatch */
    78. 

  78. 

  79. /*
    80. 

  80. * \brief Init function to ipmatch operator
    81. 

  81. *
    82. 

  82. * \param rule Pointer to the rule
    83. 

  83. * \param error_msg Pointer to error msg
    84. 

  84. *
    85. 

  85. * \retval 1 On Success
    86. 

  86. * \retval 0 On Fail
    87. 

  87. */
    88. 

  88. static int msre_op_ipmatch_param_init(msre_rule *rule, char **error_msg) {
    89. 

  89.     apr_status_t rv;
    90. 

  90.     char *str = NULL;
    91. 

  91.     char *saved = NULL;
    92. 

  92.     char *param = NULL;
    93. 

  93.     msre_ipmatch *current;
    94. 

  94.     msre_ipmatch **last = &rule->ip_op;
    95. 

  95. 

  96.     if (error_msg == NULL)
    97. 

  97.         return -1;
    98. 

  98.     else
    99. 

  99.         *error_msg = NULL;
    100. 

  100. 

  101.     param = apr_pstrdup(rule->ruleset->mp, rule->op_param);
    102. 

  102. 

  103.     str = apr_strtok(param, ",", &saved);
    104. 

  104.     while( str != NULL)  {
    105. 

  105.         const char *ipstr, *mask, *sep;
    106. 

  106. 

  107.         /* get the IP address and mask strings */
    108. 

  108.         sep = strchr(str, '/');
    109. 

  109.         if (sep) {
    110. 

  110.             ipstr = apr_pstrndup(rule->ruleset->mp, str, (sep - str) );
    111. 

  111.             mask  = apr_pstrdup(rule->ruleset->mp, (sep + 1) );
    112. 

  112.         }
    113. 

  113.         else {
    114. 

  114.             ipstr = apr_pstrdup(rule->ruleset->mp, str);
    115. 

  115.             mask = NULL;
    116. 

  116.         }
    117. 

  117.         /* create a new msre_ipmatch containing a new apr_ipsubnet_t*, and add it to the linked list */
    118. 

  118.         current = apr_pcalloc(rule->ruleset->mp, sizeof(msre_ipmatch));
    119. 

  119.         rv = apr_ipsubnet_create(&current->ipsubnet, ipstr, mask, rule->ruleset->mp);
    120. 

  120.         if ( rv != APR_SUCCESS ) {
    121. 

  121.             char msgbuf[120];
    122. 

  122.             apr_strerror(rv, msgbuf, sizeof msgbuf);
    123. 

  123.             *error_msg = apr_pstrcat(rule->ruleset->mp, "Error: ", msgbuf, NULL);
    124. 

  124.             return -1;
    125. 

  125.         }
    126. 

  126.         current->address = str;
    127. 

  127.         current->next = NULL;
    128. 

  128.         *last = current;
    129. 

  129.         last = &current->next;
    130. 

  130. 

  131.         str = apr_strtok(NULL, ",",&saved);
    132. 

  132.     }
    133. 

  133. 

  134.     return 1;
    135. 

  135. }
    136. 

  136. 

  137. /*
    138. 

  138. * \brief Execution function to ipmatch operator
    139. 

  139. *
    140. 

  140. * \param msr Pointer internal modsec request structure
    141. 

  141. * \param rule Pointer to the rule
    142. 

  142. * \param var Pointer to variable structure
    143. 

  143. * \param error_msg Pointer to error msg
    144. 

  144. *
    145. 

  145. * \retval -1 On Failure
    146. 

  146. * \retval 1 On Match
    147. 

  147. * \retval 0 On No Match
    148. 

  148. */
    149. 

  149. static int msre_op_ipmatch_execute(modsec_rec *msr, msre_rule *rule, msre_var *var, char **error_msg) {
    150. 

  150.     msre_ipmatch *current = rule->ip_op;
    151. 

  151.     apr_sockaddr_t *sa;
    152. 

  152. 

  153.     if (error_msg == NULL)
    154. 

  154.         return -1;
    155. 

  155.     else
    156. 

  156.         *error_msg = NULL;
    157. 

  157. 

  158.     if(current == NULL) {
    159. 

  159.         msr_log(msr, 1, "ipMatch Internal Error: ipmatch value is null.");
    160. 

  160.         return 0;
    161. 

  161.     }
    162. 

  162. 

  163.     /* create an apr_sockaddr_t for the value string */
    164. 

  164.     if ( apr_sockaddr_info_get(&sa, var->value, APR_UNSPEC, 0, 0, msr->mp) != APR_SUCCESS ) {
    165. 

  165.         msr_log(msr, 1, "ipMatch Internal Error: Invalid ip address.");
    166. 

  166.         return 0;
    167. 

  167.     }
    168. 

  168. 

  169.     /* look through the linked list for a match */
    170. 

  170.     while (current) {
    171. 

  171.         if (apr_ipsubnet_test(current->ipsubnet, sa)) {
    172. 

  172.             *error_msg = apr_psprintf(msr->mp, "IPmatch \"%s\" matched \"%s\" at %s.", var->value, current->address, var->name);
    173. 

  173.             return 1;
    174. 

  174.         }
    175. 

  175.         current = current->next;
    176. 

  176.     }
    177. 

  177. 

  178.    return 0;
    179. 

  179. }
    180. 

  180. 

  181. /* rsub */
    182. 

  182. 

  183. static char *param_remove_escape(msre_rule *rule, char *str, int len)  {
    184. 

  184.     char *parm = apr_palloc(rule->ruleset->mp, len);
    185. 

  185.     char *ret = parm;
    186. 

  186. 

  187.     for(;*str!='\0';str++)    {
    188. 

  188.         if(*str != '\\')    {
    189. 

  189.             *parm++ = *str;
    190. 

  190.         } else {
    191. 

  191.             str++;
    192. 

  192.             if(*str != '/') {
    193. 

  193.                 str--;
    194. 

  194.                 *parm++ = *str;
    195. 

  195.             } else {
    196. 

  196.                 *parm++ = *str;
    197. 

  197.             }
    198. 

  198.         }
    199. 

  199.     }
    200. 

  200. 

  201.     *parm = '\0';
    202. 

  202.     return ret;
    203. 

  203. }
    204. 

  204. 

  205. /*
    206. 

  206.  * \brief Init function to rsub operator
    207. 

  207.  *
    208. 

  208.  * \param rule Pointer to the rule
    209. 

  209.  * \param error_msg Pointer to error msg
    210. 

  210.  *
    211. 

  211.  * \retval 1 On Success
    212. 

  212.  * \retval 0 On Fail
    213. 

  213.  */
    214. 

  214. #if !defined(MSC_TEST)
    215. 

  215. static int msre_op_rsub_param_init(msre_rule *rule, char **error_msg) {
    216. 

  216.     ap_regex_t *regex;
    217. 

  217.     const char *pattern = NULL;
    218. 

  218.     const char *line = NULL;
    219. 

  219.     char *reg_pattern = NULL;
    220. 

  220.     char *replace = NULL;
    221. 

  221.     char *e_pattern = NULL;
    222. 

  222.     char *e_replace = NULL;
    223. 

  223.     char *flags = NULL;
    224. 

  224.     char *data = NULL;
    225. 

  225.     char delim;
    226. 

  226.     int ignore_case = 0;
    227. 

  227. 

  228.     if (error_msg == NULL) return -1;
    229. 

  229.     *error_msg = NULL;
    230. 

  230. 

  231.     line = rule->op_param;
    232. 

  232. 

  233.     if (apr_tolower(*line) != 's') {
    234. 

  234.         *error_msg = apr_psprintf(rule->ruleset->mp, "Error rsub operator format, must be s/ pattern");
    235. 

  235.         return 0;
    236. 

  236.     }
    237. 

  237. 

  238.     data = apr_pstrdup(rule->ruleset->mp, line);
    239. 

  239.     delim = *++data;
    240. 

  240.     if (delim)
    241. 

  241.         reg_pattern = ++data;
    242. 

  242.     if (reg_pattern) {
    243. 

  243. 

  244.         if (*data != delim) {
    245. 

  245.             for(;*data != '\0' ;data++)  {
    246. 

  246.                 if(*data == delim)   {
    247. 

  247.                     data--;
    248. 

  248.                     if(*data == '\\')   {
    249. 

  249.                         data++;
    250. 

  250.                         continue;
    251. 

  251.                     }
    252. 

  252.                     break;
    253. 

  253.                 }
    254. 

  254.             }
    255. 

  255.         }
    256. 

  256. 

  257.         if (*data) {
    258. 

  258.             *++data = '\0';
    259. 

  259.             ++data;
    260. 

  260.             replace = data;
    261. 

  261.         }
    262. 

  262. 

  263.     }
    264. 

  264. 

  265.     if (replace) {
    266. 

  266. 

  267.         if (*data != delim) {
    268. 

  268.             for(;*data != '\0' ;data++)  {
    269. 

  269.                 if(*data == delim)   {
    270. 

  270.                     data--;
    271. 

  271.                     if(*data == '\\')   {
    272. 

  272.                         data++;
    273. 

  273.                         continue;
    274. 

  274.                     }
    275. 

  275.                     break;
    276. 

  276.                 }
    277. 

  277.             }
    278. 

  278.         }
    279. 

  279. 

  280.         if (*data) {
    281. 

  281.             *++data = '\0';
    282. 

  282.             flags = ++data;
    283. 

  283.         }
    284. 

  284. 

  285.     }
    286. 

  286. 

  287.     if (!delim || !reg_pattern || !replace) {
    288. 

  288.         *error_msg = apr_psprintf(rule->ruleset->mp, "Error rsub operator format - must be s/regex/str/[flags]");
    289. 

  289.         return -1;
    290. 

  290.     }
    291. 

  291. 

  292.     e_replace = param_remove_escape(rule, replace, strlen(replace));
    293. 

  293.     rule->sub_str = apr_pstrmemdup(rule->ruleset->mp, e_replace, strlen(e_replace));
    294. 

  294. 

  295.     if (flags) {
    296. 

  296.         while (*flags) {
    297. 

  297.             delim = apr_tolower(*flags);
    298. 

  298.             if (delim == 'i')
    299. 

  299.                 ignore_case = 1;
    300. 

  300.             else if (delim == 'd')
    301. 

  301.                 rule->escape_re = 1;
    302. 

  302.             else
    303. 

  303.                 *error_msg = apr_psprintf(rule->ruleset->mp, "Regex flag not supported");
    304. 

  304.             flags++;
    305. 

  305.         }
    306. 

  306.     }
    307. 

  307. 

  308.     e_pattern = param_remove_escape(rule, reg_pattern, strlen(reg_pattern));
    309. 

  309.     pattern = apr_pstrndup(rule->ruleset->mp, e_pattern, strlen(e_pattern));
    310. 

  310. 

  311.     if(strstr(pattern,"%{") == NULL)    {
    312. 

  312.         regex = ap_pregcomp(rule->ruleset->mp, pattern, AP_REG_EXTENDED |
    313. 

  313.                 (ignore_case ? AP_REG_ICASE : 0));
    314. 

  314.         rule->sub_regex = regex;
    315. 

  315.     } else {
    316. 

  316.         rule->re_precomp = 1;
    317. 

  317.         rule->re_str = apr_pstrndup(rule->ruleset->mp, pattern, strlen(pattern));
    318. 

  318.         rule->sub_regex = NULL;
    319. 

  319.     }
    320. 

  320. 

  321.     return 1; /* OK */
    322. 

  322. }
    323. 

  323. 

  324. /*
    325. 

  325. * \brief Execution function to rsub operator
    326. 

  326. *
    327. 

  327. * \param msr Pointer internal modsec request structure
    328. 

  328. * \param rule Pointer to the rule
    329. 

  329. * \param var Pointer to variable structure
    330. 

  330. * \param error_msg Pointer to error msg
    331. 

  331. *
    332. 

  332. * \retval -1 On Failure
    333. 

  333. * \retval 1 On Match
    334. 

  334. * \retval 0 On No Match
    335. 

  335. */
    336. 

  336. static int msre_op_rsub_execute(modsec_rec *msr, msre_rule *rule, msre_var *var, char **error_msg) {
    337. 

  337.     msc_string *str = (msc_string *)apr_pcalloc(msr->mp, sizeof(msc_string));
    338. 

  338.     msc_string *re_pattern = (msc_string *)apr_pcalloc(msr->mp, sizeof(msc_string));
    339. 

  339.     char *offset = NULL;
    340. 

  340.     int sub = 0, so = 0, p_len = 0;
    341. 

  341.     char *replace = NULL;
    342. 

  342.     char *data = NULL, *pattern = NULL;
    343. 

  343.     unsigned int size = var->value_len;
    344. 

  344.     int output_body = 0, input_body = 0, count = 0;
    345. 

  345.     ap_regmatch_t pmatch[AP_MAX_REG_MATCH];
    346. 

  346. 

  347.     if (error_msg == NULL) return -1;
    348. 

  348.     *error_msg = NULL;
    349. 

  349. 

  350.     if(strcmp(var->name,"STREAM_OUTPUT_BODY") == 0 )  {
    351. 

  351.         output_body = 1;
    352. 

  352.     } else if(strcmp(var->name,"STREAM_INPUT_BODY") == 0 )  {
    353. 

  353.         input_body = 1;
    354. 

  354.     } else  {
    355. 

  355.         msr_log(msr,9,"Operator rsub only works with STREAM_* variables");
    356. 

  356.         return -1;
    357. 

  357.     }
    358. 

  358.     if(rule->re_precomp == 1)    {
    359. 

  359.         re_pattern->value = apr_pstrndup(msr->mp, rule->re_str, strlen(rule->re_str));
    360. 

  360.         re_pattern->value_len = strlen(re_pattern->value);
    361. 

  361. 

  362.         expand_macros(msr, re_pattern, rule, msr->mp);
    363. 

  363. 

  364.         if(strlen(re_pattern->value) > 0)   {
    365. 

  365.             if(rule->escape_re == 1)    {
    366. 

  366.                 pattern = log_escape_re(msr->mp, re_pattern->value);
    367. 

  367.                 if (msr->txcfg->debuglog_level >= 6) {
    368. 

  368.                     msr_log(msr, 6, "Escaping pattern [%s]",pattern);
    369. 

  369.                 }
    370. 

  370.                 rule->sub_regex = ap_pregcomp(msr->mp, pattern, AP_REG_EXTENDED);
    371. 

  371.             } else  {
    372. 

  372.                 rule->sub_regex = ap_pregcomp(msr->mp, re_pattern->value, AP_REG_EXTENDED);
    373. 

  373.             }
    374. 

  374.         }
    375. 

  375.         else    {
    376. 

  376.             rule->sub_regex = NULL;
    377. 

  377.         }
    378. 

  378. 

  379.     }
    380. 

  380. 

  381.     if(rule->sub_regex == NULL)   {
    382. 

  382.         *error_msg = "Internal Error: regex data is null.";
    383. 

  383.         return 0;
    384. 

  384.     }
    385. 

  385. 

  386.     str->value = apr_pstrndup(msr->mp, rule->sub_str, strlen(rule->sub_str));
    387. 

  387.     str->value_len = strlen(str->value);
    388. 

  388. 

  389.     if(strstr(rule->sub_str,"%{") != NULL)
    390. 

  390.     expand_macros(msr, str, rule, msr->mp);
    391. 

  391. 

  392.     replace = apr_pstrndup(msr->mp, str->value, str->value_len);
    393. 

  393.     data = apr_pcalloc(msr->mp, var->value_len+(AP_MAX_REG_MATCH*strlen(replace))+1);
    394. 

  394. 

  395.     if(replace == NULL || data == NULL) {
    396. 

  396.         *error_msg = "Internal Error: cannot allocate memory";
    397. 

  397.         return -1;
    398. 

  398.     }
    399. 

  399. 

  400.     memcpy(data,var->value,var->value_len);
    401. 

  401. 

  402.     size += (AP_MAX_REG_MATCH*strlen(replace)+2);
    403. 

  403. 

  404.     if (ap_regexec(rule->sub_regex,  data ,AP_MAX_REG_MATCH, pmatch, 0)) return 0;
    405. 

  405. 

  406.     for (offset = replace; *offset; offset++)
    407. 

  407.         if (*offset == '\\' && *(offset + 1) > '0' && *(offset + 1) <= '9') {
    408. 

  408.             so = pmatch [*(offset + 1) - 48].rm_so;
    409. 

  409.             p_len = pmatch [*(offset + 1) - 48].rm_eo - so;
    410. 

  410.             if (so < 0 || strlen (replace) + p_len - 1 > size) return 0;
    411. 

  411.             memmove (offset + p_len, offset + 2, strlen (offset) - 1);
    412. 

  412.             memmove (offset, data + so, p_len);
    413. 

  413.             offset = offset + p_len - 2;
    414. 

  414.         }
    415. 

  415. 

  416.     sub = -1;
    417. 

  417. 

  418.     for (offset = data; !ap_regexec(rule->sub_regex,  offset, 1, pmatch, 0); ) {
    419. 

  419.         p_len = pmatch [0].rm_eo - pmatch [0].rm_so;
    420. 

  420.         count++;
    421. 

  421.         offset += pmatch [0].rm_so;
    422. 

  422.         if (var->value_len - p_len + strlen(replace) + 1 > size) return 0;
    423. 

  423.         memmove (offset + strlen (replace), offset + p_len, strlen (offset) - p_len + 1);
    424. 

  424.         memmove (offset, replace, strlen (replace));
    425. 

  425.         offset += strlen (replace);
    426. 

  426.         if (sub >= 0) break;
    427. 

  427.     }
    428. 

  428. 

  429.     size -= (((AP_MAX_REG_MATCH - count)*(strlen(replace))) + p_len+2);
    430. 

  430. 

  431.     if(msr->stream_output_data != NULL && output_body == 1) {
    432. 

  432. 

  433.         char *stream_output_data = NULL;
    434. 

  434. 

  435.         stream_output_data = (char *)realloc(msr->stream_output_data, size+1);
    436. 

  436.         msr->stream_output_length = size;
    437. 

  437. 

  438.         if(stream_output_data == NULL)  {
    439. 

  439.            free (msr->stream_output_data);
    440. 

  440.            msr->stream_output_data = NULL;
    441. 

  441.            return -1;
    442. 

  442.         }
    443. 

  443. 

  444.         var->value_len = size;
    445. 

  445.         msr->of_stream_changed = 1;
    446. 

  446.         msr->stream_output_data = (char *)stream_output_data;
    447. 

  447.         if(msr->stream_output_data != NULL)
    448. 

  448.         apr_cpystrn(msr->stream_output_data, data, size);
    449. 

  449. 

  450.     }
    451. 

  451. 

  452.     if(msr->stream_input_data != NULL && input_body == 1) {
    453. 

  453.         char *stream_input_data = NULL;
    454. 

  454. 

  455.         stream_input_data = (char *)realloc(msr->stream_input_data, size+1);
    456. 

  456.         msr->stream_input_length = size;
    457. 

  457. 

  458.         if(stream_input_data == NULL)  {
    459. 

  459.            free (msr->stream_input_data);
    460. 

  460.            msr->stream_input_data = NULL;
    461. 

  461.            return -1;
    462. 

  462.         }
    463. 

  463. 

  464.         var->value_len = size;
    465. 

  465.         msr->stream_input_data = (char *)stream_input_data;
    466. 

  466.         if(msr->stream_input_data != NULL)
    467. 

  467.         apr_cpystrn(msr->stream_input_data, data, size);
    468. 

  468.         msr->if_stream_changed = 1;
    469. 

  469.     }
    470. 

  470. 

  471.     if (! *error_msg) {
    472. 

  472.         *error_msg = apr_psprintf(msr->mp, "Operator rsub succeeded.");
    473. 

  473.     }
    474. 

  474. 

  475.     return 1;
    476. 

  476. }
    477. 

  477. #endif /* MSC_TEST */
    478. 

  478. 

  479. /* rx */
    480. 

  480. 

  481. static int msre_op_rx_param_init(msre_rule *rule, char **error_msg) {
    482. 

  482.     const char *errptr = NULL;
    483. 

  483.     int erroffset;
    484. 

  484.     msc_regex_t *regex;
    485. 

  485.     const char *pattern = rule->op_param;
    486. 

  486. 

  487.     if (error_msg == NULL) return -1;
    488. 

  488.     *error_msg = NULL;
    489. 

  489. 

  490.     /* Compile pattern */
    491. 

  491.     regex = msc_pregcomp_ex(rule->ruleset->mp, pattern, PCRE_DOTALL | PCRE_DOLLAR_ENDONLY, &errptr, &erroffset, msc_pcre_match_limit, msc_pcre_match_limit_recursion);
    492. 

  492.     if (regex == NULL) {
    493. 

  493.         *error_msg = apr_psprintf(rule->ruleset->mp, "Error compiling pattern (offset %d): %s",
    494. 

  494.                 erroffset, errptr);
    495. 

  495.         return 0;
    496. 

  496.     }
    497. 

  497. 

  498.     rule->op_param_data = regex;
    499. 

  499. 

  500.     return 1; /* OK */
    501. 

  501. }
    502. 

  502. 

  503. static int msre_op_rx_execute(modsec_rec *msr, msre_rule *rule, msre_var *var, char **error_msg) {
    504. 

  504.     msc_regex_t *regex = (msc_regex_t *)rule->op_param_data;
    505. 

  505.     const char *target;
    506. 

  506.     unsigned int target_length;
    507. 

  507.     char *my_error_msg = NULL;
    508. 

  508.     int ovector[33];
    509. 

  509.     int capture = 0;
    510. 

  510.     int matched_bytes = 0;
    511. 

  511.     int matched = 0;
    512. 

  512.     int rc;
    513. 

  513.     char *qspos = NULL;
    514. 

  514.     const char *parm = NULL;
    515. 

  515.     msc_parm *mparm = NULL;
    516. 

  516. 

  517.     if (error_msg == NULL) return -1;
    518. 

  518.     *error_msg = NULL;
    519. 

  519. 

  520.     if (regex == NULL) {
    521. 

  521.         *error_msg = "Internal Error: regex data is null.";
    522. 

  522.         return -1;
    523. 

  523.     }
    524. 

  524. 

  525.     /* If the given target is null run against an empty
    526. 

  526.      * string. This is a behaviour consistent with previous
    527. 

  527.      * releases.
    528. 

  528.      */
    529. 

  529.     if (var->value == NULL) {
    530. 

  530.         target = "";
    531. 

  531.         target_length = 0;
    532. 

  532.     } else {
    533. 

  533.         target = var->value;
    534. 

  534.         target_length = var->value_len;
    535. 

  535.     }
    536. 

  536. 

  537.     /* Are we supposed to capture subexpressions? */
    538. 

  538.     capture = apr_table_get(rule->actionset->actions, "capture") ? 1 : 0;
    539. 

  539.     matched_bytes = apr_table_get(rule->actionset->actions, "sanitizeMatchedBytes") ? 1 : 0;
    540. 

  540.     matched = apr_table_get(rule->actionset->actions, "sanitizeMatched") ? 1 : 0;
    541. 

  541. 

  542.     /* Show when the regex captures but "capture" is not set */
    543. 

  543.     if (msr->txcfg->debuglog_level >= 6) {
    544. 

  544.         int capcount = 0;
    545. 

  545.         rc = msc_fullinfo(regex, PCRE_INFO_CAPTURECOUNT, &capcount);
    546. 

  546.         if (msr->txcfg->debuglog_level >= 6) {
    547. 

  547.             if ((capture == 0) && (capcount > 0)) {
    548. 

  548.                 msr_log(msr, 6, "Ignoring regex captures since \"capture\" action is not enabled.");
    549. 

  549.             }
    550. 

  550.         }
    551. 

  551.     }
    552. 

  552. 

  553.     /* We always use capture so that ovector can be used as working space
    554. 

  554.      * and no memory has to be allocated for any backreferences.
    555. 

  555.      */
    556. 

  556.     rc = msc_regexec_capture(regex, target, target_length, ovector, 30, &my_error_msg);
    557. 

  557.     if ((rc == PCRE_ERROR_MATCHLIMIT) || (rc == PCRE_ERROR_RECURSIONLIMIT)) {
    558. 

  558.         msc_string *s = (msc_string *)apr_pcalloc(msr->mp, sizeof(msc_string));
    559. 

  559. 

  560.         if (s == NULL) return -1;
    561. 

  561.         s->name = apr_pstrdup(msr->mp, "MSC_PCRE_LIMITS_EXCEEDED");
    562. 

  562.         s->name_len = strlen(s->name);
    563. 

  563.         s->value = apr_pstrdup(msr->mp, "1");
    564. 

  564.         s->value_len = 1;
    565. 

  565.         if ((s->name == NULL)||(s->value == NULL)) return -1;
    566. 

  566.         apr_table_setn(msr->tx_vars, s->name, (void *)s);
    567. 

  567. 

  568.         *error_msg = apr_psprintf(msr->mp,
    569. 

  569.                 "Rule %pp [id \"%s\"][file \"%s\"][line \"%d\"] - "
    570. 

  570.                 "Execution error - "
    571. 

  571.                 "PCRE limits exceeded (%d): %s",
    572. 

  572.                 rule,((rule->actionset != NULL)&&(rule->actionset->id != NULL)) ? rule->actionset->id : "-",
    573. 

  573.                 rule->filename != NULL ? rule->filename : "-",
    574. 

  574.                 rule->line_num,rc, my_error_msg);
    575. 

  575. 

  576.         msr_log(msr, 3, "%s.", *error_msg);
    577. 

  577. 

  578.         return 0; /* No match. */
    579. 

  579.     }
    580. 

  580.     else if (rc < -1) {
    581. 

  581.         *error_msg = apr_psprintf(msr->mp, "Regex execution failed (%d): %s",
    582. 

  582.                 rc, my_error_msg);
    583. 

  583.         return -1;
    584. 

  584.     }
    585. 

  585. 

  586.     /* Handle captured subexpressions. */
    587. 

  587.     if (capture && rc > 0) {
    588. 

  588.         int i;
    589. 

  589. 

  590.         /* Unset any of the previously set capture variables. */
    591. 

  591.         apr_table_unset(msr->tx_vars, "0");
    592. 

  592.         apr_table_unset(msr->tx_vars, "1");
    593. 

  593.         apr_table_unset(msr->tx_vars, "2");
    594. 

  594.         apr_table_unset(msr->tx_vars, "3");
    595. 

  595.         apr_table_unset(msr->tx_vars, "4");
    596. 

  596.         apr_table_unset(msr->tx_vars, "5");
    597. 

  597.         apr_table_unset(msr->tx_vars, "6");
    598. 

  598.         apr_table_unset(msr->tx_vars, "7");
    599. 

  599.         apr_table_unset(msr->tx_vars, "8");
    600. 

  600.         apr_table_unset(msr->tx_vars, "9");
    601. 

  601. 

  602.         /* Use the available captures. */
    603. 

  603.         for(i = 0; i < rc; i++) {
    604. 

  604.             msc_string *s = (msc_string *)apr_pcalloc(msr->mp, sizeof(msc_string));
    605. 

  605.             if (s == NULL) return -1;
    606. 

  606.             s->name = apr_psprintf(msr->mp, "%d", i);
    607. 

  607.             s->name_len = strlen(s->name);
    608. 

  608.             s->value = apr_pstrmemdup(msr->mp,
    609. 

  609.                     target + ovector[2 * i], ovector[2 * i + 1] - ovector[2 * i]);
    610. 

  610. 

  611.             s->value_len = (ovector[2 * i + 1] - ovector[2 * i]);
    612. 

  612.             if ((s->name == NULL)||(s->value == NULL)) return -1;
    613. 

  613. 

  614.             apr_table_addn(msr->tx_vars, s->name, (void *)s);
    615. 

  615. 

  616.             if(((matched == 1) || (matched_bytes == 1)) && (var != NULL) && (var->name != NULL))    {
    617. 

  617.                 qspos = apr_psprintf(msr->mp, "%s", var->name);
    618. 

  618.                 parm = strstr(qspos, ":");
    619. 

  619.                 if (parm != NULL)   {
    620. 

  620.                     parm++;
    621. 

  621.                     mparm = apr_palloc(msr->mp, sizeof(msc_parm));
    622. 

  622.                     if (mparm == NULL)
    623. 

  623.                         continue;
    624. 

  624. 

  625.                     mparm->value = apr_pstrmemdup(msr->mp,s->value,s->value_len);
    626. 

  626.                     mparm->pad_1 = rule->actionset->arg_min;
    627. 

  627.                     mparm->pad_2 = rule->actionset->arg_max;
    628. 

  628.                     apr_table_addn(msr->pattern_to_sanitize, parm, (void *)mparm);
    629. 

  629.                 } else  {
    630. 

  630.                     mparm = apr_palloc(msr->mp, sizeof(msc_parm));
    631. 

  631.                     if (mparm == NULL)
    632. 

  632.                         continue;
    633. 

  633. 

  634.                     mparm->value = apr_pstrmemdup(msr->mp,s->value,s->value_len);
    635. 

  635.                     apr_table_addn(msr->pattern_to_sanitize, qspos, (void *)mparm);
    636. 

  636.                 }
    637. 

  637.             }
    638. 

  638. 

  639.             if (msr->txcfg->debuglog_level >= 9) {
    640. 

  640.                 msr_log(msr, 9, "Added regex subexpression to TX.%d: %s", i,
    641. 

  641.                         log_escape_nq_ex(msr->mp, s->value, s->value_len));
    642. 

  642.             }
    643. 

  643.         }
    644. 

  644.     }
    645. 

  645. 

  646.     if (rc != PCRE_ERROR_NOMATCH) { /* Match. */
    647. 

  647.         /* We no longer escape the pattern here as it is done when logging */
    648. 

  648.         char *pattern = apr_pstrdup(msr->mp, log_escape(msr->mp, regex->pattern ? regex->pattern : "<Unknown Match>"));
    649. 

  649. 

  650.         /* This message will be logged. */
    651. 

  651.         if (strlen(pattern) > 252) {
    652. 

  652.             *error_msg = apr_psprintf(msr->mp, "Pattern match \"%.252s ...\" at %s.",
    653. 

  653.                     pattern, var->name);
    654. 

  654.         } else {
    655. 

  655.             *error_msg = apr_psprintf(msr->mp, "Pattern match \"%s\" at %s.",
    656. 

  656.                     pattern, var->name);
    657. 

  657.         }
    658. 

  658. 

  659.         return 1;
    660. 

  660.     }
    661. 

  661. 

  662.     /* No match. */
    663. 

  663.     return 0;
    664. 

  664. }
    665. 

  665. 

  666. /* pm */
    667. 

  667. 

  668. static char *parse_pm_content(const char *op_parm, unsigned short int op_len, msre_rule *rule, char **error_msg)  {
    669. 

  669.     char *parm = NULL;
    670. 

  670.     char *content = NULL;
    671. 

  671.     unsigned short int offset = 0;
    672. 

  672.     char converted = 0;
    673. 

  673.     int i, x;
    674. 

  674.     unsigned char bin = 0, esc = 0, bin_offset = 0;
    675. 

  675.     unsigned char bin_parm[3], c = 0;
    676. 

  676.     char *processed = NULL;
    677. 

  677. 

  678.     content = apr_pstrdup(rule->ruleset->mp, op_parm);
    679. 

  679. 

  680.     if (content == NULL) {
    681. 

  681.         *error_msg = apr_psprintf(rule->ruleset->mp, "Error allocating memory for pattern matching content.");
    682. 

  682.         return NULL;
    683. 

  683.     }
    684. 

  684. 

  685.     while (offset < op_len && apr_isspace(content[offset])) {
    686. 

  686.         offset++;
    687. 

  687.     };
    688. 

  688. 

  689.     op_len = strlen(content);
    690. 

  690. 

  691.     if (content[offset] == '\"' && content[op_len-1] == '\"') {
    692. 

  692.         parm = apr_pstrdup(rule->ruleset->mp, content + offset + 1);
    693. 

  693.         if (parm  == NULL) {
    694. 

  694.             *error_msg = apr_psprintf(rule->ruleset->mp, "Error allocating memory for pattern matching content.");
    695. 

  695.             return NULL;
    696. 

  696.         }
    697. 

  697.         parm[op_len - offset - 2] = '\0';
    698. 

  698.     } else {
    699. 

  699.         parm = apr_pstrdup(rule->ruleset->mp, content + offset);
    700. 

  700.         if (parm == NULL) {
    701. 

  701.             *error_msg = apr_psprintf(rule->ruleset->mp, "Error allocating memory for pattern matching content.");
    702. 

  702.             return NULL;
    703. 

  703.         }
    704. 

  704.     }
    705. 

  705. 

  706.     op_len = strlen(parm);
    707. 

  707. 

  708.     if (op_len == 0)   {
    709. 

  709.         *error_msg = apr_psprintf(rule->ruleset->mp, "Content length is 0.");
    710. 

  710.         return NULL;
    711. 

  711.     }
    712. 

  712. 

  713. 

  714.     for (i = 0, x = 0; i < op_len; i++) {
    715. 

  715.         if (parm[i] == '|') {
    716. 

  716.             if (bin) {
    717. 

  717.                 bin = 0;
    718. 

  718.             } else {
    719. 

  719.                 bin = 1;
    720. 

  720.             }
    721. 

  721.         } else if(!esc && parm[i] == '\\') {
    722. 

  722.             esc = 1;
    723. 

  723.         } else {
    724. 

  724.             if (bin) {
    725. 

  725.                 if (apr_isdigit(parm[i]) ||
    726. 

  726.                         parm[i] == 'A' || parm[i] == 'a' ||
    727. 

  727.                         parm[i] == 'B' || parm[i] == 'b' ||
    728. 

  728.                         parm[i] == 'C' || parm[i] == 'c' ||
    729. 

  729.                         parm[i] == 'D' || parm[i] == 'd' ||
    730. 

  730.                         parm[i] == 'E' || parm[i] == 'e' ||
    731. 

  731.                         parm[i] == 'F' || parm[i] == 'f')
    732. 

  732.                 {
    733. 

  733.                     bin_parm[bin_offset] = (char)parm[i];
    734. 

  734.                     bin_offset++;
    735. 

  735.                     if (bin_offset == 2) {
    736. 

  736.                         c = strtol((char *)bin_parm, (char **) NULL, 16) & 0xFF;
    737. 

  737.                         bin_offset = 0;
    738. 

  738.                         parm[x] = c;
    739. 

  739.                         x++;
    740. 

  740.                         converted = 1;
    741. 

  741.                     }
    742. 

  742.                 } else if (parm[i] == ' ') {
    743. 

  743.                 }
    744. 

  744.             } else if (esc) {
    745. 

  745.                 if (parm[i] == ':' ||
    746. 

  746.                         parm[i] == ';' ||
    747. 

  747.                         parm[i] == '\\' ||
    748. 

  748.                         parm[i] == '\"')
    749. 

  749.                 {
    750. 

  750.                     parm[x] = parm[i];
    751. 

  751.                     x++;
    752. 

  752.                 } else {
    753. 

  753.                     *error_msg = apr_psprintf(rule->ruleset->mp, "Unsupported escape sequence.");
    754. 

  754.                     return NULL;
    755. 

  755.                 }
    756. 

  756.                 esc = 0;
    757. 

  757.                 converted = 1;
    758. 

  758.             } else {
    759. 

  759.                 parm[x] = parm[i];
    760. 

  760.                 x++;
    761. 

  761.             }
    762. 

  762.         }
    763. 

  763.     }
    764. 

  764. 

  765.     if (converted) {
    766. 

  766.         op_len = x;
    767. 

  767.     }
    768. 

  768. 

  769.     processed = apr_pstrmemdup(rule->ruleset->mp, parm, op_len);
    770. 

  770. 

  771.     if (processed == NULL) {
    772. 

  772.         *error_msg = apr_psprintf(rule->ruleset->mp, "Error allocating memory for pattern matching content.");
    773. 

  773.         return NULL;
    774. 

  774.     }
    775. 

  775. 

  776.     return processed;
    777. 

  777. }
    778. 

  778. 

  779. static int msre_op_pm_param_init(msre_rule *rule, char **error_msg) {
    780. 

  780.     ACMP *p;
    781. 

  781.     const char *phrase;
    782. 

  782.     const char *next;
    783. 

  783.     unsigned short int op_len;
    784. 

  784. 

  785.     if ((rule->op_param == NULL)||(strlen(rule->op_param) == 0)) {
    786. 

  786.         *error_msg = apr_psprintf(rule->ruleset->mp, "Missing parameter for operator 'pm'.");
    787. 

  787.         return 0; /* ERROR */
    788. 

  788.     }
    789. 

  789. 

  790.     op_len = strlen(rule->op_param);
    791. 

  791. 

  792.     p = acmp_create(0, rule->ruleset->mp);
    793. 

  793.     if (p == NULL) return 0;
    794. 

  794. 

  795.     phrase = apr_pstrdup(rule->ruleset->mp, parse_pm_content(rule->op_param, op_len, rule, error_msg));
    796. 

  796. 

  797.     if(phrase == NULL)
    798. 

  798.         phrase = apr_pstrdup(rule->ruleset->mp, rule->op_param);
    799. 

  799. 

  800.     /* Loop through phrases */
    801. 

  801.     /* ENH: Need to allow quoted phrases w/space */
    802. 

  802.     for (;;) {
    803. 

  803.         while((apr_isspace(*phrase) != 0) && (*phrase != '\0')) phrase++;
    804. 

  804.         if (*phrase == '\0') break;
    805. 

  805.         next = phrase;
    806. 

  806.         while((apr_isspace(*next) == 0) && (*next != 0)) next++;
    807. 

  807.         acmp_add_pattern(p, phrase, NULL, NULL, next - phrase);
    808. 

  808.         phrase = next;
    809. 

  809.     }
    810. 

  810.     acmp_prepare(p);
    811. 

  811.     rule->op_param_data = p;
    812. 

  812.     return 1;
    813. 

  813. }
    814. 

  814. 

  815. /* pmFromFile */
    816. 

  816. 

  817. static int msre_op_pmFromFile_param_init(msre_rule *rule, char **error_msg) {
    818. 

  818.     char errstr[1024];
    819. 

  819.     char buf[HUGE_STRING_LEN + 1];
    820. 

  820.     char *fn;
    821. 

  821.     char *next;
    822. 

  822.     char *start;
    823. 

  823.     char *end;
    824. 

  824.     const char *rulefile_path;
    825. 

  825.     char *processed = NULL;
    826. 

  826.     unsigned short int op_len;
    827. 

  827.     apr_status_t rc;
    828. 

  828.     apr_file_t *fd;
    829. 

  829.     ACMP *p;
    830. 

  830. 

  831.     if ((rule->op_param == NULL)||(strlen(rule->op_param) == 0)) {
    832. 

  832.         *error_msg = apr_psprintf(rule->ruleset->mp, "Missing parameter for operator 'pmFromFile'.");
    833. 

  833.         return 0; /* ERROR */
    834. 

  834.     }
    835. 

  835. 

  836.     p = acmp_create(0, rule->ruleset->mp);
    837. 

  837.     if (p == NULL) return 0;
    838. 

  838. 

  839.     fn = apr_pstrdup(rule->ruleset->mp, rule->op_param);
    840. 

  840. 

  841.     /* Get the path of the rule filename to use as a base */
    842. 

  842.     rulefile_path = apr_pstrndup(rule->ruleset->mp, rule->filename, strlen(rule->filename) - strlen(apr_filepath_name_get(rule->filename)));
    843. 

  843. 

  844. #ifdef DEBUG_CONF
    845. 

  845.     fprintf(stderr, "Rulefile path: \"%s\"\n", rulefile_path);
    846. 

  846. #endif
    847. 

  847. 

  848.     /* Loop through filenames */
    849. 

  849.     /* ENH: Need to allow quoted filenames w/space */
    850. 

  850.     for (;;) {
    851. 

  851.         const char *rootpath = NULL;
    852. 

  852.         const char *filepath = NULL;
    853. 

  853.         int line = 0;
    854. 

  854. 

  855.         /* Trim whitespace */
    856. 

  856.         while((apr_isspace(*fn) != 0) && (*fn != '\0')) fn++;
    857. 

  857.         if (*fn == '\0') break;
    858. 

  858.         next = fn;
    859. 

  859.         while((apr_isspace(*next) == 0) && (*next != '\0')) next++;
    860. 

  860.         while((apr_isspace(*next) != 0) && (*next != '\0')) *(next++) = '\0';
    861. 

  861. 

  862.         /* Add path of the rule filename for a relative phrase filename */
    863. 

  863.         filepath = fn;
    864. 

  864.         if (apr_filepath_root(&rootpath, &filepath, APR_FILEPATH_TRUENAME, rule->ruleset->mp) != APR_SUCCESS) {
    865. 

  865.             /* We are not an absolute path.  It could mean an error, but
    866. 

  866.              * let that pass through to the open call for a better error */
    867. 

  867.             apr_filepath_merge(&fn, rulefile_path, fn, APR_FILEPATH_TRUENAME, rule->ruleset->mp);
    868. 

  868.         }
    869. 

  869. 

  870.         /* Open file and read */
    871. 

  871.         rc = apr_file_open(&fd, fn, APR_READ | APR_BUFFERED | APR_FILE_NOCLEANUP, 0, rule->ruleset->mp);
    872. 

  872.         if (rc != APR_SUCCESS) {
    873. 

  873.             *error_msg = apr_psprintf(rule->ruleset->mp, "Could not open phrase file \"%s\": %s", fn, apr_strerror(rc, errstr, 1024));
    874. 

  874.             return 0;
    875. 

  875.         }
    876. 

  876. 

  877. #ifdef DEBUG_CONF
    878. 

  878.         fprintf(stderr, "Loading phrase file: \"%s\"\n", fn);
    879. 

  879. #endif
    880. 

  880. 

  881.         /* Read one pattern per line skipping empty/commented */
    882. 

  882.         for(;;) {
    883. 

  883.             line++;
    884. 

  884.             rc = apr_file_gets(buf, HUGE_STRING_LEN, fd);
    885. 

  885.             if (rc == APR_EOF) break;
    886. 

  886.             if (rc != APR_SUCCESS) {
    887. 

  887.                 *error_msg = apr_psprintf(rule->ruleset->mp, "Could not read \"%s\" line %d: %s", fn, line, apr_strerror(rc, errstr, 1024));
    888. 

  888.                 return 0;
    889. 

  889.             }
    890. 

  890. 

  891.             op_len = strlen(buf);
    892. 

  892.             processed = apr_pstrdup(rule->ruleset->mp, parse_pm_content(buf, op_len, rule, error_msg));
    893. 

  893. 

  894.             /* Trim Whitespace */
    895. 

  895.             if(processed != NULL)
    896. 

  896.                 start = processed;
    897. 

  897.             else
    898. 

  898.                 start = buf;
    899. 

  899. 

  900.             while ((apr_isspace(*start) != 0) && (*start != '\0')) start++;
    901. 

  901.             if(processed != NULL)
    902. 

  902.                 end = processed + strlen(processed);
    903. 

  903.             else
    904. 

  904.                 end = buf + strlen(buf);
    905. 

  905.             if (end > start) end--;
    906. 

  906.             while ((end > start) && (apr_isspace(*end) != 0)) end--;
    907. 

  907.             if (end > start) {
    908. 

  908.                 *(++end) = '\0';
    909. 

  909.             }
    910. 

  910. 

  911.             /* Ignore empty lines and comments */
    912. 

  912.             if ((start == end) || (*start == '#')) continue;
    913. 

  913. 

  914.             acmp_add_pattern(p, start, NULL, NULL, (end - start));
    915. 

  915.         }
    916. 

  916.         fn = next;
    917. 

  917.     }
    918. 

  918.     if (fd != NULL) apr_file_close(fd);
    919. 

  919.     acmp_prepare(p);
    920. 

  920.     rule->op_param_data = p;
    921. 

  921.     return 1;
    922. 

  922. }
    923. 

  923. 

  924. static int msre_op_pm_execute(modsec_rec *msr, msre_rule *rule, msre_var *var, char **error_msg) {
    925. 

  925.     const char *match = NULL;
    926. 

  926.     apr_status_t rc = 0;
    927. 

  927.     int capture;
    928. 

  928.     ACMPT pt;
    929. 

  929. 

  930.     /* Nothing to read */
    931. 

  931.     if ((var->value == NULL) || (var->value_len == 0)) return 0;
    932. 

  932. 

  933.     /* Are we supposed to capture subexpressions? */
    934. 

  934.     capture = apr_table_get(rule->actionset->actions, "capture") ? 1 : 0;
    935. 

  935. 

  936.     pt.parser = (ACMP *)rule->op_param_data;
    937. 

  937.     pt.ptr = NULL;
    938. 

  938. 

  939.     rc = acmp_process_quick(&pt, &match, var->value, var->value_len);
    940. 

  940.     if (rc) {
    941. 

  941.         char *match_escaped = log_escape(msr->mp, match ? match : "<Unknown Match>");
    942. 

  942. 

  943.         /* This message will be logged. */
    944. 

  944.         if (strlen(match_escaped) > 252) {
    945. 

  945.             *error_msg = apr_psprintf(msr->mp, "Matched phrase \"%.252s ...\" at %s.",
    946. 

  946.                     match_escaped, var->name);
    947. 

  947.         } else {
    948. 

  948.             *error_msg = apr_psprintf(msr->mp, "Matched phrase \"%s\" at %s.",
    949. 

  949.                     match_escaped, var->name);
    950. 

  950.         }
    951. 

  951. 

  952.         /* Handle capture as tx.0=match */
    953. 

  953.         if (capture) {
    954. 

  954.             int i;
    955. 

  955.             msc_string *s = (msc_string *)apr_pcalloc(msr->mp, sizeof(msc_string));
    956. 

  956. 

  957.             if (s == NULL) return -1;
    958. 

  958. 

  959.             s->name = "0";
    960. 

  960.             s->name_len = strlen(s->name);
    961. 

  961.             s->value = apr_pstrdup(msr->mp, match);
    962. 

  962.             if (s->value == NULL) return -1;
    963. 

  963.             s->value_len = strlen(s->value);
    964. 

  964.             apr_table_setn(msr->tx_vars, s->name, (void *)s);
    965. 

  965. 

  966.             if (msr->txcfg->debuglog_level >= 9) {
    967. 

  967.                 msr_log(msr, 9, "Added phrase match to TX.0: %s",
    968. 

  968.                         log_escape_nq_ex(msr->mp, s->value, s->value_len));
    969. 

  969.             }
    970. 

  970. 

  971.             /* Unset the remaining ones (from previous invocations). */
    972. 

  972.             for(i = rc; i <= 9; i++) {
    973. 

  973.                 char buf[2];
    974. 

  974.                 apr_snprintf(buf, sizeof(buf), "%d", i);
    975. 

  975.                 apr_table_unset(msr->tx_vars, buf);
    976. 

  976.             }
    977. 

  977.         }
    978. 

  978. 

  979.         return 1;
    980. 

  980.     }
    981. 

  981.     return rc;
    982. 

  982. }
    983. 

  983. 

  984. /* gsbLookup */
    985. 

  985. 

  986. /*
    987. 

  987.  * \brief Reduce /./ to /
    988. 

  988.  *
    989. 

  989.  * \param pool Pointer to the memory pool
    990. 

  990.  * \param domain Input data
    991. 

  991.  *
    992. 

  992.  * \retval domain On Failure
    993. 

  993.  * \retval url On Success
    994. 

  994.  */
    995. 

  995. static const char *gsb_replace_tpath(apr_pool_t *pool, const char *domain, int len)    {
    996. 

  996. 

  997.     char *pos = NULL, *data = NULL;
    998. 

  998.     char *url = NULL;
    999. 

  999.     int match = 0;
    1000. 

  1000. 

  1001.     url = apr_palloc(pool, len + 1);
    1002. 

  1002.     data = apr_palloc(pool, len + 1);
    1003. 

  1003. 

  1004.     memset(data, 0, len+1);
    1005. 

  1005.     memset(url, 0, len+1);
    1006. 

  1006. 

  1007.     memcpy(url, domain, len);
    1008. 

  1008. 

  1009.     while(( pos = strstr(url , "/./" )) != NULL) {
    1010. 

  1010.         match = 1;
    1011. 

  1011.         data[0] = '\0';
    1012. 

  1012.         strncat(data, url, pos - url);
    1013. 

  1013.         strcat(data , "/");
    1014. 

  1014.         strcat(data ,pos + strlen("/./"));
    1015. 

  1015.         strncpy(url , data, len);
    1016. 

  1016.     }
    1017. 

  1017. 

  1018.     if(match == 0)
    1019. 

  1019.         return domain;
    1020. 

  1020. 

  1021.     return url;
    1022. 

  1022. }
    1023. 

  1023. 

  1024. /*
    1025. 

  1025.  * \brief Reduce doble dot to single dot
    1026. 

  1026.  *
    1027. 

  1027.  * \param msr Pointer to the modsec resource
    1028. 

  1028.  * \param domain Input data
    1029. 

  1029.  *
    1030. 

  1030.  * \retval domain On Failure
    1031. 

  1031.  * \retval reduced On Success
    1032. 

  1032.  */
    1033. 

  1033. static const char *gsb_reduce_char(apr_pool_t *pool, const char *domain) {
    1034. 

  1034. 

  1035.     char *ptr = apr_pstrdup(pool, domain);
    1036. 

  1036.     char *data = NULL;
    1037. 

  1037.     char *reduced = NULL;
    1038. 

  1038.     int skip = 0;
    1039. 

  1039. 

  1040. 

  1041.     if(ptr == NULL)
    1042. 

  1042.         return domain;
    1043. 

  1043. 

  1044.     data = apr_pcalloc(pool, strlen(ptr));
    1045. 

  1045. 

  1046.     if(data == NULL)
    1047. 

  1047.         return domain;
    1048. 

  1048. 

  1049.     reduced = data;
    1050. 

  1050. 

  1051.     while(*ptr != '\0') {
    1052. 

  1052. 

  1053.         switch(*ptr)    {
    1054. 

  1054.             case '.':
    1055. 

  1055.                 ptr++;
    1056. 

  1056.                 if(*ptr == '.')
    1057. 

  1057.                     skip = 1;
    1058. 

  1058. 

  1059.                 ptr--;
    1060. 

  1060.                 break;
    1061. 

  1061.             case '/':
    1062. 

  1062.                 ptr++;
    1063. 

  1063.                 if(*ptr == '/')
    1064. 

  1064.                     skip = 1;
    1065. 

  1065. 

  1066.                 ptr--;
    1067. 

  1067.                 break;
    1068. 

  1068.         }
    1069. 

  1069. 

  1070.         if(skip == 0)   {
    1071. 

  1071.             *data = *ptr;
    1072. 

  1072.             data++;
    1073. 

  1073.         }
    1074. 

  1074.         ptr++;
    1075. 

  1075.         skip = 0;
    1076. 

  1076.     }
    1077. 

  1077. 

  1078.     *data = '\0'; --data;
    1079. 

  1079. 

  1080.     if(*data == '.')
    1081. 

  1081.         *data = '\0';
    1082. 

  1082.     else
    1083. 

  1083.         ++data;
    1084. 

  1084. 

  1085.     return reduced;
    1086. 

  1086. }
    1087. 

  1087. 

  1088. 

  1089. /*
    1090. 

  1090.  * \brief Verify function to gsbLookup operator
    1091. 

  1091.  *
    1092. 

  1092.  * \param msr Pointer to the modsec resource
    1093. 

  1093.  * \param match Pointer to input data
    1094. 

  1094.  * \param match_length Input size
    1095. 

  1095.  *
    1096. 

  1096.  * \retval -1 On Failure
    1097. 

  1097.  * \retval 1 On Match
    1098. 

  1098.  * \retval 0 On No Match
    1099. 

  1099.  */
    1100. 

  1100. static int verify_gsb(gsb_db *gsb, modsec_rec *msr, const char *match, unsigned int match_length) {
    1101. 

  1101.     apr_md5_ctx_t ctx;
    1102. 

  1102.     apr_status_t rc;
    1103. 

  1103.     unsigned char digest[APR_MD5_DIGESTSIZE];
    1104. 

  1104.     const char *hash = NULL;
    1105. 

  1105.     const char *search = NULL;
    1106. 

  1106. 

  1107.     memset(digest, 0, sizeof(digest));
    1108. 

  1108. 

  1109.     apr_md5_init(&ctx);
    1110. 

  1110. 

  1111.     if ((rc = apr_md5_update(&ctx, match, match_length)) != APR_SUCCESS)
    1112. 

  1112.         return -1;
    1113. 

  1113. 

  1114.     apr_md5_final(digest, &ctx);
    1115. 

  1115. 

  1116.     hash = apr_psprintf(msr->mp, "%s", bytes2hex(msr->mp, digest, 16));
    1117. 

  1117. 

  1118.     if ((hash != NULL) && (gsb->gsb_table != NULL))   {
    1119. 

  1119.         search = apr_hash_get(gsb->gsb_table, hash, APR_HASH_KEY_STRING);
    1120. 

  1120. 

  1121.         if (search != NULL)
    1122. 

  1122.             return 1;
    1123. 

  1123.     }
    1124. 

  1124. 

  1125.     return 0;
    1126. 

  1126. }
    1127. 

  1127. 

  1128. /*
    1129. 

  1129.  * \brief Init function to gsbLookup operator
    1130. 

  1130.  *
    1131. 

  1131.  * \param rule Pointer to the rule
    1132. 

  1132.  * \param error_msg Pointer to error msg
    1133. 

  1133.  *
    1134. 

  1134.  * \retval 1 On Success
    1135. 

  1135.  * \retval 0 On Fail
    1136. 

  1136.  */
    1137. 

  1137. static int msre_op_gsbLookup_param_init(msre_rule *rule, char **error_msg) {
    1138. 

  1138.     const char *errptr = NULL;
    1139. 

  1139.     int erroffset;
    1140. 

  1140.     msc_regex_t *regex;
    1141. 

  1141. 

  1142.     if (error_msg == NULL) return -1;
    1143. 

  1143.     *error_msg = NULL;
    1144. 

  1144. 

  1145.     /* Compile rule->op_param */
    1146. 

  1146.     regex = msc_pregcomp_ex(rule->ruleset->mp, rule->op_param, PCRE_DOTALL | PCRE_MULTILINE, &errptr, &erroffset, msc_pcre_match_limit, msc_pcre_match_limit_recursion);
    1147. 

  1147. 

  1148.     if (regex == NULL) {
    1149. 

  1149.         *error_msg = apr_psprintf(rule->ruleset->mp, "Error compiling pattern (offset %d): %s",
    1150. 

  1150.                 erroffset, errptr);
    1151. 

  1151.         return 0;
    1152. 

  1152.     }
    1153. 

  1153. 

  1154.     rule->op_param_data = regex;
    1155. 

  1155. 

  1156.     return 1; /* OK */
    1157. 

  1157. }
    1158. 

  1158. 

  1159. /*
    1160. 

  1160.  * \brief Execution function to gsbLookup operator
    1161. 

  1161.  *
    1162. 

  1162.  * \param msr Pointer internal modsec request structure
    1163. 

  1163.  * \param rule Pointer to the rule
    1164. 

  1164.  * \param var Pointer to variable structure
    1165. 

  1165.  * \param error_msg Pointer to error msg
    1166. 

  1166.  *
    1167. 

  1167.  * \retval -1 On Failure
    1168. 

  1168.  * \retval 1 On Match
    1169. 

  1169.  * \retval 0 On No Match
    1170. 

  1170.  */
    1171. 

  1171. static int msre_op_gsbLookup_execute(modsec_rec *msr, msre_rule *rule, msre_var *var, char **error_msg) {
    1172. 

  1172.     msc_regex_t *regex = (msc_regex_t *)rule->op_param_data;
    1173. 

  1173.     char *my_error_msg = NULL;
    1174. 

  1174.     int ovector[33];
    1175. 

  1175.     unsigned int offset = 0;
    1176. 

  1176.     gsb_db *gsb = msr->txcfg->gsb;
    1177. 

  1177.     const char *match = NULL;
    1178. 

  1178.     unsigned int match_length;
    1179. 

  1179.     unsigned int canon_length;
    1180. 

  1180.     int rv, i, ret, count_slash;
    1181. 

  1181.     unsigned int j = 0;
    1182. 

  1182.     unsigned int size = var->value_len;
    1183. 

  1183.     char *base = NULL, *domain = NULL, *savedptr = NULL;
    1184. 

  1184.     char *str = NULL, *canon = NULL, *dot = NULL;
    1185. 

  1185.     char *data = NULL, *ptr = NULL, *url = NULL;
    1186. 

  1186.     int capture, domain_len;
    1187. 

  1187.     int d_pos = -1;
    1188. 

  1188.     int s_pos = -1;
    1189. 

  1189. 

  1190.     if (error_msg == NULL) return -1;
    1191. 

  1191.     *error_msg = NULL;
    1192. 

  1192. 

  1193.     if(regex == NULL)    {
    1194. 

  1194.         *error_msg = "Internal Error: regex is null.";
    1195. 

  1195.         return 0;
    1196. 

  1196.     }
    1197. 

  1197. 

  1198.     if(gsb == NULL)    {
    1199. 

  1199.         msr_log(msr, 1, "GSB lookup failed without a database.  Set SecGsbLookupDB.");
    1200. 

  1200.         return 0;
    1201. 

  1201.     }
    1202. 

  1202. 

  1203.     data = apr_pcalloc(rule->ruleset->mp, var->value_len+1);
    1204. 

  1204. 

  1205.     if(data == NULL)    {
    1206. 

  1206.         *error_msg = "Internal Error: cannot allocate memory for data.";
    1207. 

  1207.         return -1;
    1208. 

  1208.     }
    1209. 

  1209. 

  1210.     capture = apr_table_get(rule->actionset->actions, "capture") ? 1 : 0;
    1211. 

  1211. 

  1212.     memcpy(data,var->value,var->value_len);
    1213. 

  1213. 

  1214.     while (offset < size && (rv = msc_regexec_ex(regex, data, size, offset, PCRE_NOTEMPTY, ovector, 30, &my_error_msg)) >= 0)
    1215. 

  1215.     {
    1216. 

  1216.         for(i = 0; i < rv; ++i)
    1217. 

  1217.         {
    1218. 

  1218.             match = apr_psprintf(rule->ruleset->mp, "%.*s", ovector[2*i+1] - ovector[2*i], data + ovector[2*i]);
    1219. 

  1219. 

  1220.             if (match == NULL)  {
    1221. 

  1221.                 *error_msg = "Internal Error: cannot allocate memory for match.";
    1222. 

  1222.                 return -1;
    1223. 

  1223.             }
    1224. 

  1224. 

  1225.             match = remove_escape(rule->ruleset->mp, match, strlen(match));
    1226. 

  1226. 

  1227.             match = gsb_replace_tpath(rule->ruleset->mp, match, strlen(match));
    1228. 

  1228. 

  1229.             match = gsb_reduce_char(rule->ruleset->mp, match);
    1230. 

  1230. 

  1231.             match_length = strlen(match);
    1232. 

  1232. 

  1233.             strtolower_inplace((unsigned char *)match);
    1234. 

  1234. 

  1235.             if((strstr(match,"http") == NULL) && (match_length > 0) && (strchr(match,'.')))    {
    1236. 

  1236. 

  1237.                 /* full url */
    1238. 

  1238.                 if (msr->txcfg->debuglog_level >= 4) {
    1239. 

  1239.                     msr_log(msr, 4, "GSB: Successfully extracted url: %s", match);
    1240. 

  1240.                 }
    1241. 

  1241. 

  1242.                 ret = verify_gsb(gsb, msr, match, match_length);
    1243. 

  1243. 

  1244.                 if(ret > 0) {
    1245. 

  1245.                     set_match_to_tx(msr, capture, match, 0);
    1246. 

  1246.                     if (! *error_msg) {
    1247. 

  1247.                         *error_msg = apr_psprintf(msr->mp, "Gsb lookup for \"%s\" succeeded.",
    1248. 

  1248.                                 log_escape_nq(msr->mp, match));
    1249. 

  1249.                     }
    1250. 

  1250. 

  1251.                     str = apr_pstrdup(rule->ruleset->mp,match);
    1252. 

  1252. 

  1253.                     base = apr_strtok(str,"/",&savedptr);
    1254. 

  1254.                     if(base != NULL)
    1255. 

  1255.                         set_match_to_tx(msr, capture, base, 1);
    1256. 

  1256. 

  1257.                     return 1;
    1258. 

  1258.                 }
    1259. 

  1259. 

  1260.                 /* append / in the end of full url */
    1261. 

  1261.                 if ((match[match_length -1] != '/') && (strchr(match,'?') == NULL))    {
    1262. 

  1262. 

  1263.                     canon = apr_psprintf(rule->ruleset->mp, "%s/", match);
    1264. 

  1264.                     if (canon != NULL)  {
    1265. 

  1265. 

  1266.                         canon_length = strlen(canon);
    1267. 

  1267.                         ret = verify_gsb(gsb, msr, canon, canon_length);
    1268. 

  1268. 

  1269.                         if(ret > 0) {
    1270. 

  1270.                             set_match_to_tx(msr, capture, match, 0);
    1271. 

  1271.                             if (! *error_msg) {
    1272. 

  1272.                                 *error_msg = apr_psprintf(msr->mp, "Gsb lookup for \"%s\" succeeded.",
    1273. 

  1273.                                         log_escape_nq(msr->mp, canon));
    1274. 

  1274.                             }
    1275. 

  1275. 

  1276.                             str = apr_pstrdup(rule->ruleset->mp,match);
    1277. 

  1277. 

  1278.                             base = apr_strtok(str,"/",&savedptr);
    1279. 

  1279.                             if(base != NULL)
    1280. 

  1280.                                 set_match_to_tx(msr, capture, base, 1);
    1281. 

  1281. 

  1282.                             return 1;
    1283. 

  1283.                         }
    1284. 

  1284.                     }
    1285. 

  1285.                 }
    1286. 

  1286. 

  1287.                 /* Parsing full url */
    1288. 

  1288. 

  1289.                 domain = apr_pstrdup(rule->ruleset->mp, match);
    1290. 

  1290. 

  1291.                 domain_len = strlen(domain);
    1292. 

  1292. 

  1293.                 if(*domain != '/')  {
    1294. 

  1294. 

  1295.                     if(domain[domain_len-1] == '.')
    1296. 

  1296.                         domain[domain_len-1] = '\0';
    1297. 

  1297.                     if(domain[domain_len-1] == '/' && domain[domain_len-2] == '.')    {
    1298. 

  1298.                         domain[domain_len-2] = '/';
    1299. 

  1299.                         domain[domain_len-1] = '\0';
    1300. 

  1300.                     }
    1301. 

  1301. 

  1302.                     dot = strchr(domain,'.');
    1303. 

  1303.                     if(dot != NULL) {
    1304. 

  1304.                         canon = apr_pstrdup(rule->ruleset->mp, domain);
    1305. 

  1305. 

  1306.                         ret = verify_gsb(gsb, msr, canon, strlen(canon));
    1307. 

  1307. 

  1308.                         if(ret > 0) {
    1309. 

  1309.                             set_match_to_tx(msr, capture, canon, 0);
    1310. 

  1310.                             if (! *error_msg) {
    1311. 

  1311.                                 *error_msg = apr_psprintf(msr->mp, "Gsb lookup for \"%s\" succeeded.",
    1312. 

  1312.                                         log_escape_nq(msr->mp, canon));
    1313. 

  1313.                             }
    1314. 

  1314. 

  1315.                             str = apr_pstrdup(rule->ruleset->mp,match);
    1316. 

  1316. 

  1317.                             base = apr_strtok(str,"/",&savedptr);
    1318. 

  1318.                             if(base != NULL)
    1319. 

  1319.                                 set_match_to_tx(msr, capture, base, 1);
    1320. 

  1320. 

  1321.                             return 1;
    1322. 

  1322.                         }
    1323. 

  1323. 

  1324. 

  1325.                         base = apr_strtok(canon,"?",&savedptr);
    1326. 

  1326. 

  1327.                         if(base != NULL)   {
    1328. 

  1328.                             ret = verify_gsb(gsb, msr, base, strlen(base));
    1329. 

  1329. 

  1330.                             if(ret > 0) {
    1331. 

  1331.                                 set_match_to_tx(msr, capture, base, 0);
    1332. 

  1332.                                 if (! *error_msg) {
    1333. 

  1333.                                     *error_msg = apr_psprintf(msr->mp, "Gsb lookup for \"%s\" succeeded.",
    1334. 

  1334.                                             log_escape_nq(msr->mp, base));
    1335. 

  1335.                                 }
    1336. 

  1336. 

  1337.                                 str = apr_pstrdup(rule->ruleset->mp,match);
    1338. 

  1338. 

  1339.                                 base = apr_strtok(str,"/",&savedptr);
    1340. 

  1340.                                 if(base != NULL)
    1341. 

  1341.                                     set_match_to_tx(msr, capture, base, 1);
    1342. 

  1342. 

  1343.                                 return 1;
    1344. 

  1344.                             }
    1345. 

  1345. 

  1346.                         }
    1347. 

  1347. 

  1348.                         url = apr_palloc(rule->ruleset->mp, strlen(canon));
    1349. 

  1349.                         count_slash = 0;
    1350. 

  1350. 

  1351.                         while(*canon != '\0') {
    1352. 

  1352.                             switch (*canon)   {
    1353. 

  1353.                                 case '/':
    1354. 

  1354.                                     ptr = apr_psprintf(rule->ruleset->mp,"%s/",url);
    1355. 

  1355.                                     ret = verify_gsb(gsb, msr, ptr, strlen(ptr));
    1356. 

  1356.                                     if(ret > 0) {
    1357. 

  1357.                                         set_match_to_tx(msr, capture, ptr, 0);
    1358. 

  1358.                                         if (! *error_msg) {
    1359. 

  1359.                                             *error_msg = apr_psprintf(msr->mp, "Gsb lookup for \"%s\" succeeded.",
    1360. 

  1360.                                                     log_escape_nq(msr->mp, ptr));
    1361. 

  1361.                                         }
    1362. 

  1362. 

  1363.                                         str = apr_pstrdup(rule->ruleset->mp,match);
    1364. 

  1364. 

  1365.                                         base = apr_strtok(str,"/",&savedptr);
    1366. 

  1366.                                         if(base != NULL)
    1367. 

  1367.                                             set_match_to_tx(msr, capture, base, 1);
    1368. 

  1368.                                         return 1;
    1369. 

  1369.                                     }
    1370. 

  1370. 

  1371.                                     break;
    1372. 

  1372.                             }
    1373. 

  1373.                             url[count_slash] = *canon;
    1374. 

  1374.                             count_slash++;
    1375. 

  1375.                             canon++;
    1376. 

  1376.                         }
    1377. 

  1377.                     }
    1378. 

  1378.                 }
    1379. 

  1379. 

  1380.                 /* Do the same for subdomains */
    1381. 

  1381. 

  1382.                 for(j=0; j<strlen(match); j++)    {
    1383. 

  1383.                     if(match[j] == '/')    {
    1384. 

  1384.                         s_pos = j;
    1385. 

  1385.                         break;
    1386. 

  1386.                     }
    1387. 

  1387.                 }
    1388. 

  1388. 

  1389. 

  1390.                 str = apr_pstrdup(rule->ruleset->mp, match);
    1391. 

  1391. 

  1392.                 while (*str != '\0')   {
    1393. 

  1393. 

  1394.                     switch(*str) {
    1395. 

  1395.                         case '.':
    1396. 

  1396.                             domain++;
    1397. 

  1397.                             domain_len = strlen(domain);
    1398. 

  1398. 

  1399.                             d_pos = strchr(domain,'.') - domain;
    1400. 

  1400. 

  1401.                             if(s_pos >= 0 && d_pos >= 0 && d_pos > s_pos)
    1402. 

  1402.                                 break;
    1403. 

  1403. 

  1404.                             if(*domain != '/')  {
    1405. 

  1405. 

  1406.                                 if(domain[domain_len-1] == '.')
    1407. 

  1407.                                     domain[domain_len-1] = '\0';
    1408. 

  1408.                                 if(domain[domain_len-1] == '/' && domain[domain_len-2] == '.')    {
    1409. 

  1409.                                     domain[domain_len-2] = '/';
    1410. 

  1410.                                     domain[domain_len-1] = '\0';
    1411. 

  1411.                                 }
    1412. 

  1412. 

  1413.                                 dot = strchr(domain,'.');
    1414. 

  1414.                                 if(dot != NULL) {
    1415. 

  1415.                                     canon = apr_pstrdup(rule->ruleset->mp, domain);
    1416. 

  1416. 

  1417.                                     ret = verify_gsb(gsb, msr, canon, strlen(canon));
    1418. 

  1418. 

  1419.                                     if(ret > 0) {
    1420. 

  1420.                                         set_match_to_tx(msr, capture, canon, 0);
    1421. 

  1421.                                         if (! *error_msg) {
    1422. 

  1422.                                             *error_msg = apr_psprintf(msr->mp, "Gsb lookup for \"%s\" succeeded.",
    1423. 

  1423.                                                     log_escape_nq(msr->mp, canon));
    1424. 

  1424.                                         }
    1425. 

  1425.                                         str = apr_pstrdup(rule->ruleset->mp,match);
    1426. 

  1426. 

  1427.                                         base = apr_strtok(str,"/",&savedptr);
    1428. 

  1428.                                         if(base != NULL)
    1429. 

  1429.                                             set_match_to_tx(msr, capture, base, 1);
    1430. 

  1430.                                         return 1;
    1431. 

  1431.                                     }
    1432. 

  1432. 

  1433. 

  1434.                                     base = apr_strtok(canon,"?",&savedptr);
    1435. 

  1435. 

  1436.                                     if(base != NULL)   {
    1437. 

  1437.                                         ret = verify_gsb(gsb, msr, base, strlen(base));
    1438. 

  1438. 

  1439.                                         if(ret > 0) {
    1440. 

  1440.                                             set_match_to_tx(msr, capture, base, 0);
    1441. 

  1441.                                             if (! *error_msg) {
    1442. 

  1442.                                                 *error_msg = apr_psprintf(msr->mp, "Gsb lookup for \"%s\" succeeded.",
    1443. 

  1443.                                                         log_escape_nq(msr->mp, base));
    1444. 

  1444.                                             }
    1445. 

  1445.                                             str = apr_pstrdup(rule->ruleset->mp,match);
    1446. 

  1446. 

  1447.                                             base = apr_strtok(str,"/",&savedptr);
    1448. 

  1448.                                             if(base != NULL)
    1449. 

  1449.                                                 set_match_to_tx(msr, capture, base, 1);
    1450. 

  1450.                                             return 1;
    1451. 

  1451.                                         }
    1452. 

  1452. 

  1453.                                     }
    1454. 

  1454. 

  1455.                                     url = apr_palloc(rule->ruleset->mp, strlen(canon));
    1456. 

  1456.                                     count_slash = 0;
    1457. 

  1457. 

  1458.                                     while(*canon != '\0') {
    1459. 

  1459.                                         switch (*canon)   {
    1460. 

  1460.                                             case '/':
    1461. 

  1461.                                                 ptr = apr_psprintf(rule->ruleset->mp,"%s/",url);
    1462. 

  1462.                                                 ret = verify_gsb(gsb, msr, ptr, strlen(ptr));
    1463. 

  1463.                                                 if(ret > 0) {
    1464. 

  1464.                                                     set_match_to_tx(msr, capture, ptr, 0);
    1465. 

  1465.                                                     if (! *error_msg) {
    1466. 

  1466.                                                         *error_msg = apr_psprintf(msr->mp, "Gsb lookup for \"%s\" succeeded.",
    1467. 

  1467.                                                                 log_escape_nq(msr->mp, ptr));
    1468. 

  1468.                                                     }
    1469. 

  1469.                                                     str = apr_pstrdup(rule->ruleset->mp,match);
    1470. 

  1470. 

  1471.                                                     base = apr_strtok(str,"/",&savedptr);
    1472. 

  1472.                                                     if(base != NULL)
    1473. 

  1473.                                                         set_match_to_tx(msr, capture, base, 1);
    1474. 

  1474.                                                     return 1;
    1475. 

  1475.                                                 }
    1476. 

  1476. 

  1477.                                                 break;
    1478. 

  1478.                                         }
    1479. 

  1479.                                         url[count_slash] = *canon;
    1480. 

  1480.                                         count_slash++;
    1481. 

  1481.                                         canon++;
    1482. 

  1482.                                     }
    1483. 

  1483.                                 }
    1484. 

  1484.                             }
    1485. 

  1485.                             break;
    1486. 

  1486.                     }
    1487. 

  1487. 

  1488.                     domain = str;
    1489. 

  1489.                     domain++;
    1490. 

  1490.                     str++;
    1491. 

  1491.                 }
    1492. 

  1492. 

  1493.             }
    1494. 

  1494.         }
    1495. 

  1495. 

  1496.         offset = ovector[1];
    1497. 

  1497.     }
    1498. 

  1498. 

  1499.     return 0;
    1500. 

  1500. }
    1501. 

  1501. 

  1502. /* within */
    1503. 

  1503. 

  1504. static int msre_op_within_execute(modsec_rec *msr, msre_rule *rule, msre_var *var, char **error_msg) {
    1505. 

  1505.     msc_string *str = (msc_string *)apr_pcalloc(msr->mp, sizeof(msc_string));
    1506. 

  1506.     const char *match = NULL;
    1507. 

  1507.     const char *target;
    1508. 

  1508.     unsigned int match_length;
    1509. 

  1509.     unsigned int target_length = 0;
    1510. 

  1510.     unsigned int i, i_max;
    1511. 

  1511. 

  1512.     str->value = (char *)rule->op_param;
    1513. 

  1513.     str->value_len = strlen(str->value);
    1514. 

  1514. 

  1515.     if (error_msg == NULL) return -1;
    1516. 

  1516.     *error_msg = NULL;
    1517. 

  1517. 

  1518.     if (str->value == NULL) {
    1519. 

  1519.         *error_msg = "Internal Error: match string is null.";
    1520. 

  1520.         return -1;
    1521. 

  1521.     }
    1522. 

  1522. 

  1523.     expand_macros(msr, str, rule, msr->mp);
    1524. 

  1524. 

  1525.     match = (const char *)str->value;
    1526. 

  1526.     match_length = str->value_len;
    1527. 

  1527. 

  1528.     /* If the given target is null we give up without a match */
    1529. 

  1529.     if (var->value == NULL) {
    1530. 

  1530.         /* No match. */
    1531. 

  1531.         return 0;
    1532. 

  1532.     }
    1533. 

  1533. 

  1534.     target = var->value;
    1535. 

  1535.     target_length = var->value_len;
    1536. 

  1536. 

  1537.     /* The empty string always matches */
    1538. 

  1538.     if (target_length == 0) {
    1539. 

  1539.         /* Match. */
    1540. 

  1540.         *error_msg = apr_psprintf(msr->mp, "String match within \"\" at %s.",
    1541. 

  1541.                 var->name);
    1542. 

  1542.         return 1;
    1543. 

  1543.     }
    1544. 

  1544. 

  1545.     /* This is impossible to match */
    1546. 

  1546.     if (target_length > match_length) {
    1547. 

  1547.         /* No match. */
    1548. 

  1548.         return 0;
    1549. 

  1549.     }
    1550. 

  1550. 

  1551.     /* scan for first character, then compare from there until we
    1552. 

    1553.

Large files files are truncated, but you can click here to view the full file