FuzzyHash: if disable giving an run time error instead of config

Felipe Zimmerle · Felipe Zimmerle · commit b6e061ed94c2 · 2014-10-28T09:34:33.000-07:00
FuzzyHash operator is optional and only installed if the headers for libfuzzy
was found in the system. Otherwise, the FuzzyHash operator is disable during
the compilation. After this commit, if some rules tries to use it, ModSecurity
will produce an runtime error not a config time error, allowing the web server
to procede normal with its operations.
diff --git a/apache2/re_operators.c b/apache2/re_operators.c
@@ -3789,12 +3789,9 @@ static int msre_op_fuzzy_hash_init(msre_rule *rule, char **error_msg)
 
     rule->op_param_data = param_data;
 #else
-    *error_msg = apr_psprintf(rule->ruleset->mp, "ModSecurity was not " \
-        "compiled with ssdeep support.");
- 
     rule->op_param_data = NULL;
 
-    return -1;
+    return 1;
 #endif
     return 1;
 
@@ -3852,6 +3849,12 @@ static int msre_op_fuzzy_hash_execute(modsec_rec *msr, msre_rule *rule,
     }
 
     fclose(fp);
+#else
+    *error_msg = apr_psprintf(rule->ruleset->mp, "ModSecurity was not " \
+        "compiled with ssdeep support.");
+
+    return -1;
+
 #endif
 
     /* No match. */
diff --git a/tests/regression/misc/30-fuzzyHash.t b/tests/regression/misc/30-fuzzyHash.t
@@ -12,11 +12,11 @@
 		SecRule REQUEST_BODY "\@fuzzyHash $ENV{CONF_DIR}/ssdeep.txt 1" "id:192372,log,deny"
 	),
 	match_log => {
-		error => [ qr/ModSecurity: Access denied with code 403 \(phase 2\)\. Fuzzy hash of REQUEST_BODY matched with 96:MbQ1L0LDX8GPI8ov3D2D9zd6.*"modsecurity.conf-recommended"/, 1],
-		debug => [ qr/Access denied with code 403 \(phase 2\)\. Fuzzy hash of REQUEST_BODY matched with 96:MbQ1L0LDX8GPI8ov3D2D9zd6.*"modsecurity.conf-recommended"/, 1],
+		error => [ qr/ModSecurity: Access denied with code 403 \(phase 2\)\. Fuzzy hash of REQUEST_BODY matched with 96:MbQ1L0LDX8GPI8ov3D2D9zd6.*"modsecurity.conf-recommended"|ModSecurity was not compiled with ssdeep support./, 1],
+		debug => [ qr/Access denied with code 403 \(phase 2\)\. Fuzzy hash of REQUEST_BODY matched with 96:MbQ1L0LDX8GPI8ov3D2D9zd6.*"modsecurity.conf-recommended"|ModSecurity was not compiled with ssdeep support./, 1],
 	},
 	match_response => {
-		status => qr/^403$/,
+		status => qr/^403|200$/,
 	},
 	request => new HTTP::Request(
 		POST => "http://$ENV{SERVER_NAME}:$ENV{SERVER_PORT}/index.html",
