Skip to content

Commit f732fc6

Browse files
committed
Allocate regex in request's mempoll in @rx execute
If regex contains variable substitution, function msre_op_rx_execute(), which handles execution of @rx operator, will compile regex on each request (because variable, and this regex, can be different each time). It does so by calling msc_pregcomp_ex(), which accepts a mem pool because it does allocations for regex data. Until this fix, msre_op_rx_execute() passed rule->ruleset->mp to msc_pregcomp_ex(), which is a ruleset mempool that persists as long as ruleset lives - which means it is long-living and will persist until ModSecurity is stopped/restarted. This created a memory leak because regex data for non-constand regexes was allocated again to each request and not freed after request was processed. Fix that by passing msr->mp mempool to msc_pregcomp_ex() instead, which is a mempool of record corresponding to a tx being processed and will be freed as soon as processing is done.
1 parent 12cefbd commit f732fc6

File tree

1 file changed

+1
-1
lines changed

1 file changed

+1
-1
lines changed

apache2/re_operators.c

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1018,7 +1018,7 @@ static int msre_op_rx_execute(modsec_rec *msr, msre_rule *rule, msre_var *var, c
10181018
msr_log(msr, 6, "Escaping pattern [%s]",pattern);
10191019
}
10201020

1021-
regex = msc_pregcomp_ex(rule->ruleset->mp, pattern, PCRE_DOTALL | PCRE_DOLLAR_ENDONLY, &errptr, &erroffset, msc_pcre_match_limit, msc_pcre_match_limit_recursion);
1021+
regex = msc_pregcomp_ex(msr->mp, pattern, PCRE_DOTALL | PCRE_DOLLAR_ENDONLY, &errptr, &erroffset, msc_pcre_match_limit, msc_pcre_match_limit_recursion);
10221022
if (regex == NULL) {
10231023
*error_msg = apr_psprintf(rule->ruleset->mp, "Error compiling pattern (offset %d): %s",
10241024
erroffset, errptr);

0 commit comments

Comments
 (0)