FreeBSD Bugzilla – Attachment 217952 Details for
Bug 249312
security/modsecurity3: patch for cve 2020-15598
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Help
|
New Account
|
Log In
Remember
[x]
|
Forgot Password
Login:
[x]
[patch]
ported version of patch
cve-2020-15598.patch (text/plain), 9.36 KB, created by
Felipe Zipitria
on 2020-09-14 14:00:01 UTC
(
hide
)
Description:
ported version of patch
Filename:
MIME Type:
Creator:
Felipe Zipitria
Created:
2020-09-14 14:00:01 UTC
Size:
9.36 KB
patch
obsolete
>diff -ruN security/modsecurity3.orig/files/patch-src_operators_rx.cc security/modsecurity3/files/patch-src_operators_rx.cc >--- security/modsecurity3.orig/files/patch-src_operators_rx.cc 1970-01-01 00:00:00.000000000 +0000 >+++ security/modsecurity3/files/patch-src_operators_rx.cc 2020-09-14 13:54:21.829283000 +0000 >@@ -0,0 +1,51 @@ >+--- src/operators/rx.cc.orig 2020-01-13 13:09:28 UTC >++++ src/operators/rx.cc >+@@ -38,7 +38,6 @@ bool Rx::init(const std::string &arg, st >+ >+ bool Rx::evaluate(Transaction *transaction, Rule *rule, >+ const std::string& input, std::shared_ptr<RuleMessage> ruleMessage) { >+- std::list<SMatch> matches; >+ Regex *re; >+ >+ if (m_param.empty() && !m_string->m_containsMacro) { >+@@ -52,29 +51,29 @@ bool Rx::evaluate(Transaction *transacti >+ re = m_re; >+ } >+ >+- matches = re->searchAll(input); >++ std::vector<Utils::SMatchCapture> captures; >++ re->searchOneMatch(input, captures); >++ >+ if (rule && rule->m_containsCaptureAction && transaction) { >+- int i = 0; >+- matches.reverse(); >+- for (const SMatch& a : matches) { >++ for (const Utils::SMatchCapture& capture : captures) { >++ const std::string capture_substring(input.substr(capture.m_offset,capture.m_length)); >+ transaction->m_collections.m_tx_collection->storeOrUpdateFirst( >+- std::to_string(i), a.str()); >++ std::to_string(capture.m_group), capture_substring); >+ ms_dbg_a(transaction, 7, "Added regex subexpression TX." + >+- std::to_string(i) + ": " + a.str()); >+- transaction->m_matched.push_back(a.str()); >+- i++; >++ std::to_string(capture.m_group) + ": " + capture_substring); >++ transaction->m_matched.push_back(capture_substring); >+ } >+ } >+ >+- for (const auto & i : matches) { >+- logOffset(ruleMessage, i.offset(), i.str().size()); >++ for (const auto & capture : captures) { >++ logOffset(ruleMessage, capture.m_offset, capture.m_length); >+ } >+ >+ if (m_string->m_containsMacro) { >+ delete re; >+ } >+ >+- if (matches.size() > 0) { >++ if (captures.size() > 0) { >+ return true; >+ } >+ >diff -ruN security/modsecurity3.orig/files/patch-src_utils_regex.cc security/modsecurity3/files/patch-src_utils_regex.cc >--- security/modsecurity3.orig/files/patch-src_utils_regex.cc 1970-01-01 00:00:00.000000000 +0000 >+++ security/modsecurity3/files/patch-src_utils_regex.cc 2020-09-14 13:54:21.831394000 +0000 >@@ -0,0 +1,40 @@ >+--- src/utils/regex.cc.orig 2020-01-13 13:09:28 UTC >++++ src/utils/regex.cc >+@@ -16,10 +16,6 @@ >+ #include "src/utils/regex.h" >+ >+ #include <pcre.h> >+-#include <sys/socket.h> >+-#include <sys/types.h> >+-#include <netinet/in.h> >+-#include <arpa/inet.h> >+ #include <string> >+ #include <list> >+ >+@@ -99,6 +95,26 @@ std::list<SMatch> Regex::searchAll(const >+ return retList; >+ } >+ >++bool Regex::searchOneMatch(const std::string& s, std::vector<SMatchCapture>& captures) const { >++ const char *subject = s.c_str(); >++ int ovector[OVECCOUNT]; >++ >++ int rc = pcre_exec(m_pc, m_pce, subject, s.size(), 0, 0, ovector, OVECCOUNT); >++ >++ for (int i = 0; i < rc; i++) { >++ size_t start = ovector[2*i]; >++ size_t end = ovector[2*i+1]; >++ size_t len = end - start; >++ if (end > s.size()) { >++ continue; >++ } >++ SMatchCapture capture(i, start, len); >++ captures.push_back(capture); >++ } >++ >++ return (rc > 0); >++} >++ >+ int Regex::search(const std::string& s, SMatch *match) const { >+ int ovector[OVECCOUNT]; >+ int ret = pcre_exec(m_pc, m_pce, s.c_str(), >diff -ruN security/modsecurity3.orig/files/patch-src_utils_regex.h security/modsecurity3/files/patch-src_utils_regex.h >--- security/modsecurity3.orig/files/patch-src_utils_regex.h 1970-01-01 00:00:00.000000000 +0000 >+++ security/modsecurity3/files/patch-src_utils_regex.h 2020-09-14 13:54:21.833505000 +0000 >@@ -0,0 +1,35 @@ >+--- src/utils/regex.h.orig 2020-01-13 13:09:28 UTC >++++ src/utils/regex.h >+@@ -19,6 +19,7 @@ >+ #include <fstream> >+ #include <string> >+ #include <list> >++#include <vector> >+ >+ #ifndef SRC_UTILS_REGEX_H_ >+ #define SRC_UTILS_REGEX_H_ >+@@ -47,6 +48,16 @@ class SMatch { >+ size_t m_offset; >+ }; >+ >++struct SMatchCapture { >++ SMatchCapture(size_t group, size_t offset, size_t length) : >++ m_group(group), >++ m_offset(offset), >++ m_length(length) { } >++ >++ size_t m_group; // E.g. 0 = full match; 6 = capture group 6 >++ size_t m_offset; // offset of match within the analyzed string >++ size_t m_length; >++}; >+ >+ class Regex { >+ public: >+@@ -58,6 +69,7 @@ class Regex { >+ Regex& operator=(const Regex&) = delete; >+ >+ std::list<SMatch> searchAll(const std::string& s) const; >++ bool searchOneMatch(const std::string& s, std::vector<SMatchCapture>& captures) const; >+ int search(const std::string &s, SMatch *m) const; >+ int search(const std::string &s) const; >+ >diff -ruN security/modsecurity3.orig/files/patch-test_test-cases_regression_variable-TX.json security/modsecurity3/files/patch-test_test-cases_regression_variable-TX.json >--- security/modsecurity3.orig/files/patch-test_test-cases_regression_variable-TX.json 1970-01-01 00:00:00.000000000 +0000 >+++ security/modsecurity3/files/patch-test_test-cases_regression_variable-TX.json 2020-09-14 13:54:21.835531000 +0000 >@@ -0,0 +1,146 @@ >+--- test/test-cases/regression/variable-TX.json.orig 2020-01-13 13:09:28 UTC >++++ test/test-cases/regression/variable-TX.json >+@@ -80,5 +80,143 @@ >+ "SecRule REQUEST_HEADERS \"@rx ([A-z]+)\" \"id:1,log,pass,capture,id:14\"", >+ "SecRule TX:0 \"@rx ([A-z]+)\" \"id:15\"" >+ ] >++ }, >++ { >++ "enabled":1, >++ "version_min":300000, >++ "title":"Testing Variables :: capture group match after unused group", >++ "client":{ >++ "ip":"200.249.12.31", >++ "port":123 >++ }, >++ "server":{ >++ "ip":"200.249.12.31", >++ "port":80 >++ }, >++ "request":{ >++ "uri":"/?key=aadd", >++ "method":"GET" >++ }, >++ "response":{ >++ "headers":{ >++ "Date":"Mon, 13 Jul 2015 20:02:41 GMT", >++ "Last-Modified":"Sun, 26 Oct 2014 22:33:37 GMT", >++ "Content-Type":"text/html" >++ }, >++ "body":[ >++ "no need." >++ ] >++ }, >++ "expected":{ >++ "debug_log":"Added regex subexpression TX\\.3: dd[\\s\\S]*Target value: \"dd\" \\(Variable\\: TX\\:3[\\s\\S]*Rule returned 1" >++ }, >++ "rules":[ >++ "SecRuleEngine On", >++ "SecRule ARGS \"@rx (aa)(bb|cc)?(dd)\" \"id:1,log,pass,capture,id:16\"", >++ "SecRule TX:3 \"@streq dd\" \"id:19,phase:2,log,pass\"" >++ ] >++ }, >++ { >++ "enabled":1, >++ "version_min":300000, >++ "title":"Testing Variables :: empty capture group match followed by nonempty capture group", >++ "client":{ >++ "ip":"200.249.12.31", >++ "port":123 >++ }, >++ "server":{ >++ "ip":"200.249.12.31", >++ "port":80 >++ }, >++ "request":{ >++ "uri":"/?key=aadd", >++ "method":"GET" >++ }, >++ "response":{ >++ "headers":{ >++ "Date":"Mon, 13 Jul 2015 20:02:41 GMT", >++ "Last-Modified":"Sun, 26 Oct 2014 22:33:37 GMT", >++ "Content-Type":"text/html" >++ }, >++ "body":[ >++ "no need." >++ ] >++ }, >++ "expected":{ >++ "debug_log":"Added regex subexpression TX\\.3: dd[\\s\\S]*Target value: \"dd\" \\(Variable\\: TX\\:3[\\s\\S]*Rule returned 1" >++ }, >++ "rules":[ >++ "SecRuleEngine On", >++ "SecRule ARGS \"@rx (aa)(bb|cc|)(dd)\" \"id:18,phase:1,log,pass,capture\"", >++ "SecRule TX:3 \"@streq dd\" \"id:19,phase:2,log,pass\"" >++ ] >++ }, >++ { >++ "enabled":1, >++ "version_min":300000, >++ "title":"Testing Variables :: repeating capture group -- alternates", >++ "client":{ >++ "ip":"200.249.12.31", >++ "port":123 >++ }, >++ "server":{ >++ "ip":"200.249.12.31", >++ "port":80 >++ }, >++ "request":{ >++ "uri":"/?key=_abc123_", >++ "method":"GET" >++ }, >++ "response":{ >++ "headers":{ >++ "Date":"Mon, 13 Jul 2015 20:02:41 GMT", >++ "Last-Modified":"Sun, 26 Oct 2014 22:33:37 GMT", >++ "Content-Type":"text/html" >++ }, >++ "body":[ >++ "no need." >++ ] >++ }, >++ "expected":{ >++ "debug_log":"Added regex subexpression TX\\.2: abc[\\s\\S]*Added regex subexpression TX\\.3: 123" >++ }, >++ "rules":[ >++ "SecRuleEngine On", >++ "SecRule ARGS \"@rx _((?:(abc)|(123))+)_\" \"id:18,phase:1,log,pass,capture\"" >++ ] >++ }, >++ { >++ "enabled":1, >++ "version_min":300000, >++ "title":"Testing Variables :: repeating capture group -- same (nested)", >++ "client":{ >++ "ip":"200.249.12.31", >++ "port":123 >++ }, >++ "server":{ >++ "ip":"200.249.12.31", >++ "port":80 >++ }, >++ "request":{ >++ "uri":"/?key=a:5a:8a:9", >++ "method":"GET" >++ }, >++ "response":{ >++ "headers":{ >++ "Date":"Mon, 13 Jul 2015 20:02:41 GMT", >++ "Last-Modified":"Sun, 26 Oct 2014 22:33:37 GMT", >++ "Content-Type":"text/html" >++ }, >++ "body":[ >++ "no need." >++ ] >++ }, >++ "expected":{ >++ "debug_log":"Added regex subexpression TX\\.1: 5[\\s\\S]*Added regex subexpression TX\\.2: 8[\\s\\S]*Added regex subexpression TX\\.3: 9" >++ }, >++ "rules":[ >++ "SecRuleEngine On", >++ "SecRule ARGS \"@rx a:([0-9])(?:a:([0-9])(?:a:([0-9]))*)*\" \"id:18,phase:1,log,pass,capture\"" >++ ] >+ } >+ ]
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=217952">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 249312
: 217952