ModSecurity icon indicating copy to clipboard operation
ModSecurity copied to clipboard

Published 20 hours ago verified publisher icon owasp-modsecurity

NULL pointer

Open marcstern opened this issue 3 years ago • 1 comments

In modsec_var_log_handler(), ther's a check for msr being NULL: if (msr == NULL) return NULL; return construct_single_var(msr, name);

construct_single_var() uses msr->msc_rule_mptmp, so this should also be checked: if (msr->msc_rule_mptmp == NULL) return NULL;

marcstern avatar Aug 10 '22 10:08 marcstern

Actually, it would maybe be safer to perform the checks in construct_single_var(): if (!msr || !msr->mp || !msr->modsecurity) return NULL;

We should also check msr->modsecurity->msre & msr->msc_rule_mptmp, either in construct_single_var() or, better, in the functions they're used: msre_resolve_var() & generate_single_var()

marcstern avatar Jul 20 '23 07:07 marcstern