@@ -1235,6 +1235,11 @@ static apr_status_t msre_action_ctl_execute(modsec_rec *msr, apr_pool_t *mptmp,
12351235 if (msr -> txcfg -> debuglog_level >= 4 ) {
12361236 msr_log (msr , 4 , "Ctl: ruleRemoveTargetById id=%s targets=%s" , p1 , p2 );
12371237 }
1238+ if (p2 == NULL ) {
1239+ msr_log (msr , 1 , "ModSecurity: Missing target for id \"%s\"" , p1 );
1240+ return -1 ;
1241+ }
1242+
12381243 re = apr_pcalloc (msr -> mp , sizeof (rule_exception ));
12391244 re -> type = RULE_EXCEPTION_REMOVE_ID ;
12401245 re -> param = (const char * )apr_pstrdup (msr -> mp , p1 );
@@ -1253,10 +1258,10 @@ static apr_status_t msre_action_ctl_execute(modsec_rec *msr, apr_pool_t *mptmp,
12531258 if (msr -> txcfg -> debuglog_level >= 4 ) {
12541259 msr_log (msr , 4 , "Ctl: ruleRemoveTargetByTag tag=%s targets=%s" , p1 , p2 );
12551260 }
1256- if (p2 == NULL ) {
1261+ if (p2 == NULL ) {
12571262 msr_log (msr , 1 , "ModSecurity: Missing target for tag \"%s\"" , p1 );
1258- return -1 ;
1259- }
1263+ return -1 ;
1264+ }
12601265
12611266 re = apr_pcalloc (msr -> mp , sizeof (rule_exception ));
12621267 re -> type = RULE_EXCEPTION_REMOVE_TAG ;
@@ -1281,6 +1286,10 @@ static apr_status_t msre_action_ctl_execute(modsec_rec *msr, apr_pool_t *mptmp,
12811286 if (msr -> txcfg -> debuglog_level >= 4 ) {
12821287 msr_log (msr , 4 , "Ctl: ruleRemoveTargetByMsg msg=%s targets=%s" , p1 , p2 );
12831288 }
1289+ if (p2 == NULL ) {
1290+ msr_log (msr , 1 , "ModSecurity: Missing target for msg \"%s\"" , p1 );
1291+ return -1 ;
1292+ }
12841293
12851294 re = apr_pcalloc (msr -> mp , sizeof (rule_exception ));
12861295 re -> type = RULE_EXCEPTION_REMOVE_MSG ;
0 commit comments