Exit more gracefully if uri length is zero #173

martinhsv · 2020-01-09T20:54:51Z

No description provided.

defanator · 2020-01-29T04:00:53Z

src/ngx_http_modsecurity_rewrite.c

@@ -150,6 +150,10 @@ ngx_http_modsecurity_rewrite_handler(ngx_http_request_t *r)
        if (n_uri == (char*)-1 || n_method == (char*)-1) {


I'm not sure whether the better way is to change this check in a way like if (n_uri == NULL || n_method == NULL)?

Assuming we want to leave the utility function ngx_str_to_char unchanged, it effectively has two different error return values: NULL, and (char *)-1. In that case it's useful to retain the existing line 150 check ... but then in addition also check for n_uri == NULL (the error use case that was occurring in owasp-modsecurity/ModSecurity#2216). We could of course also add a check for n_method==NULL, but I was focussed solely on improving the error handling for the case that we actually saw.

zimmerle · 2020-02-17T13:17:48Z

This is merged! Thank you!

Exit more gracefully if uri length is zero

6b7fa76

defanator reviewed Jan 29, 2020

View reviewed changes

zimmerle closed this Feb 17, 2020

zimmerle self-assigned this Feb 17, 2020

zimmerle self-requested a review February 17, 2020 13:17

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Exit more gracefully if uri length is zero #173

Exit more gracefully if uri length is zero #173

martinhsv commented Jan 9, 2020

defanator Jan 29, 2020

martinhsv Jan 29, 2020

zimmerle commented Feb 17, 2020

		@@ -150,6 +150,10 @@ ngx_http_modsecurity_rewrite_handler(ngx_http_request_t *r)
		if (n_uri == (char)-1 \|\| n_method == (char)-1) {

Exit more gracefully if uri length is zero #173

Exit more gracefully if uri length is zero #173

Conversation

martinhsv commented Jan 9, 2020

defanator Jan 29, 2020

Choose a reason for hiding this comment

martinhsv Jan 29, 2020

Choose a reason for hiding this comment

zimmerle commented Feb 17, 2020