Resolving conflict.

Author: gwroblew

CHANGES

@@ -23,7 +23,17 @@
 
   * Fixed DROP action was disabled for Apache 2 module by mistake.
 
+<<<<<<< HEAD
   * Fixed bug when use ctl:ruleRemoveByTag.
+=======
+  * Fixed bug when use ctl:ruleRemoveTargetByTag.
+
+  * Fixed IIS and NGINX modules bugs.
+
+  * Fixed bug when @strmatch patterns use invalid escape sequence (Thanks Hideaki Hayashi).
+
+  * Fixed bugs in @verifySSN (Thanks Hideaki Hayashi).
+>>>>>>> upstream/master
 
   * The doc/ directory now contains the instructions to access online documentation.
 

apache2/re_operators.c

@@ -2394,6 +2394,7 @@ static int msre_op_endsWith_execute(modsec_rec *msr, msre_rule *rule, msre_var *
 
 static int msre_op_strmatch_param_init(msre_rule *rule, char **error_msg) {
     const apr_strmatch_pattern *compiled_pattern;
+    char *processed = NULL;
     const char *pattern = rule->op_param;
     unsigned short int op_len;
 
@@ -2402,8 +2403,14 @@ static int msre_op_strmatch_param_init(msre_rule *rule, char **error_msg) {
 
     op_len = strlen(pattern);
 
+    /* Process pattern */
+    processed = parse_pm_content(pattern, op_len, rule, error_msg);
+    if (processed == NULL) {
+        return 0;
+    }
+
     /* Compile pattern */
-    compiled_pattern = apr_strmatch_precompile(rule->ruleset->mp, parse_pm_content(pattern, op_len, rule, error_msg), 1);
+    compiled_pattern = apr_strmatch_precompile(rule->ruleset->mp, processed, 1);
     if (compiled_pattern == NULL) {
         *error_msg = apr_psprintf(rule->ruleset->mp, "Error compiling pattern: %s", pattern);
         return 0;
@@ -3163,40 +3170,35 @@ static int ssn_verify(modsec_rec *msr, const char *ssnumber, int len) {
     int area, serial, grp;
     int sequencial = 0;
     int repetitions = 0;
-    int progression = 0;
     char *str_area;
     char *str_grp;
     char *str_serial;
 
     for (i = 0; i < len; i++) {
         if (apr_isdigit(ssnumber[i])) {
-                num[i] = convert_to_int(ssnumber[i]);
-                digits++;
+            if (digits < 9)
+                num[digits] = convert_to_int(ssnumber[i]);
+            digits++;
         }
     }
 
     /* Not a valid number */
     if (digits != 9)
         goto invalid;
 
-    digits = 0;
-
-    for (i=0; i < len-1; i++)   {
-        progression = (num[i] - (num[i+1]-1));
-        repetitions = (num[i] - num[i+1]);
+    for (i=0; i < 8; i++)   {
+        if (num[i] == (num[i+1]-1))
+            sequencial++;
 
-        if (repetitions != 0 )
-            sequencial = 1;
-
-        if (progression == 0)
-            digits++;
+        if (num[i] == num[i+1])
+            repetitions++;
     }
 
-    /* We are blocking when all numbers were repeated */
-    if (sequencial == 0)
+    /* We are blocking when all numbers were sequencial or repeated */
+    if (sequencial == 8)
         goto invalid;
 
-    if (digits == 8)
+    if (repetitions == 8)
         goto invalid;
 
     str_area = apr_psprintf(msr->mp,"%d%d%d",num[0],num[1],num[2]);

nginx/modsecurity/ngx_http_modsecurity.c

@@ -488,6 +488,9 @@ ngx_http_do_read_upload_client_request_body(ngx_http_request_t *r)
             if (rb->buf->last == rb->buf->end) {
 
                 rc = ngx_http_process_request_body(r, rb->to_write);
+                if(rc != NGX_OK)    {
+                    return rc;
+                }
 
                 rb->to_write = rb->bufs->next ? rb->bufs->next : rb->bufs;
                 rb->buf->last = rb->buf->start;
@@ -555,7 +558,10 @@ ngx_http_do_read_upload_client_request_body(ngx_http_request_t *r)
         ngx_del_timer(c->read);
     }
 
-    ngx_http_process_request_body(r, rb->to_write);
+    rc = ngx_http_process_request_body(r, rb->to_write);
+    if(rc != NGX_OK)    {
+        return rc;
+    }
 
     return ngx_http_upload_body_handler(r);
 }
@@ -779,7 +785,7 @@ modsecurity_read_body_cb(request_rec *r, char *buf, unsigned int length,
         if (!ctx->body_pos) {
             ctx->body_pos = b->start;
         }
-        if ((b->end - ctx->body_pos) > length) {
+        if ((unsigned int)(b->end - ctx->body_pos) > length) {
             ngx_memcpy(buf, (char *) ctx->body_pos, length);
             ctx->processed += length;
             ctx->body_pos += length;