Skip to content

Commit 89d3ad3

Browse files
committed
Introduced a new variable to hold currval length
1 parent ca99ccd commit 89d3ad3

File tree

2 files changed

+10
-2
lines changed

2 files changed

+10
-2
lines changed

apache2/msc_xml.c

Lines changed: 9 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -44,6 +44,7 @@ static void msc_xml_on_start_elementns(
4444
// this is necessary because if there is any text between the tags (new line, etc)
4545
// it will be added to the current value
4646
xml_parser_state->currval = NULL;
47+
xml_parser_state->currpathbufflen = 0;
4748

4849
// if there is an item before the current one we set that has a child
4950
if (xml_parser_state->depth > 1) {
@@ -73,7 +74,11 @@ static void msc_xml_on_end_elementns(
7374
if (msr->txcfg->debuglog_level >= 4) {
7475
msr_log(msr, 4, "Skipping request argument, over limit (XML): name \"%s\", value \"%s\"",
7576
log_escape_ex(msr->mp, xml_parser_state->currpath, strlen(xml_parser_state->currpath)),
76-
log_escape_ex(msr->mp, xml_parser_state->currval, strlen(xml_parser_state->currval)));
77+
log_escape_ex(msr->mp,
78+
(xml_parser_state->currval == NULL ? apr_pstrndup(msr->mp, "", 1) : xml_parser_state->currval),
79+
(xml_parser_state->currvalbufflen == 0 ? 1 : xml_parser_state->currvalbufflen)
80+
)
81+
);
7782
}
7883
msr->msc_reqbody_error = 1;
7984
msr->xml->xml_error = apr_psprintf(msr->mp, "More than %ld ARGS (GET + XML)", msr->txcfg->arguments_limit);
@@ -86,7 +91,7 @@ static void msc_xml_on_end_elementns(
8691
arg->name = xml_parser_state->currpath;
8792
arg->name_len = strlen(arg->name);
8893
arg->value = (xml_parser_state->currval == NULL) ? apr_pstrndup(msr->mp, "", 1) : xml_parser_state->currval;
89-
arg->value_len = (xml_parser_state->currval == NULL) ? 0 : strlen(xml_parser_state->currval);
94+
arg->value_len = (xml_parser_state->currvalbufflen == 0) ? 1 : xml_parser_state->currvalbufflen;
9095
arg->value_origin_len = arg->value_len;
9196
arg->origin = "XML";
9297

@@ -123,6 +128,7 @@ static void msc_xml_on_characters(void *ctx, const xmlChar *ch, int len) {
123128
((xml_parser_state->currval != NULL) ? xml_parser_state->currval : ""),
124129
apr_pstrndup(msr->mp, (const char *)ch, len),
125130
NULL);
131+
xml_parser_state->currvalbufflen += len;
126132
// check if the memory allocation was successful
127133
if (xml_parser_state->currval == NULL) {
128134
msr->xml->xml_error = apr_psprintf(msr->mp, "Failed to allocate memory for XML value.");
@@ -175,6 +181,7 @@ int xml_init(modsec_rec *msr, char **error_msg) {
175181
msr->xml->xml_parser_state->pathlen = 4; // "xml\0"
176182
msr->xml->xml_parser_state->currpath = apr_pstrdup(msr->mp, "xml");
177183
msr->xml->xml_parser_state->currval = NULL;
184+
msr->xml->xml_parser_state->currvalbufflen = 0;
178185
msr->xml->xml_parser_state->currpathbufflen = 4;
179186
// initialize the stack with item of 10
180187
// this will store the information about nodes

apache2/msc_xml.h

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -31,6 +31,7 @@ struct msc_xml_parser_state {
3131
char * currpath;
3232
char * currval;
3333
size_t currpathbufflen;
34+
size_t currvalbufflen;
3435
apr_pool_t * mp;
3536
};
3637

0 commit comments

Comments
 (0)