ModSecurity icon indicating copy to clipboard operation
ModSecurity copied to clipboard

Published 20 hours ago verified publisher icon owasp-modsecurity

Removed redundant processing for "sanitizeXXX" actions

Open marcstern opened this issue 2 years ago • 0 comments

Store "sanitizeMatched" & "sanitizeMatchedBytes" as "sanitiseMatched" & "sanitiseMatchedBytes" to avoid double processing at run-time (only 1 table scan instead of 2).

It also fixes a potential NULL pointer problem (last 3 changes):

if (rule->actionset) {
                matched_bytes = apr_table_get(rule->actionset->actions, "sanitizeMatchedBytes") ? 1 : 0;
            }
            if(!matched_bytes)
                matched_bytes = apr_table_get(rule->actionset->actions, "sanitiseMatchedBytes") ? 1 : 0;

In case rule->actionset is NULL, last line uses NULL->actions

marcstern avatar Oct 04 '23 12:10 marcstern