Skip to content

Commit

Permalink
Support for PCRE2
Browse files Browse the repository at this point in the history
  • Loading branch information
@martinhsv
martinhsv committed Nov 8, 2022
1 parent 849cd7e commit 8fc0b51
Show file tree
Hide file tree
Showing 14 changed files with 438 additions and 29 deletions.
2 changes: 2 additions & 0 deletions CHANGES
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,8 @@
DD mmm YYYY - 2.9.x (to be released)
-------------------

* Support for PCRE2
[Issue #2737, #2827 - @martinhsv]

07 Sep 2022 - 2.9.6
-------------------
Expand Down
13 changes: 12 additions & 1 deletion apache2/Makefile.am
View file
Original file line number Diff line number Diff line change
Expand Up @@ -42,6 +42,7 @@ mod_security2_la_CFLAGS = @APR_CFLAGS@ \
@LUA_CFLAGS@ \
@MODSEC_EXTRA_CFLAGS@ \
@PCRE_CFLAGS@ \
@PCRE2_CFLAGS@ \
@YAJL_CFLAGS@ \
@SSDEEP_CFLAGS@

Expand All @@ -50,7 +51,8 @@ mod_security2_la_CPPFLAGS = @APR_CPPFLAGS@ \
@CURL_CPPFLAGS@ \
@LIBXML2_CFLAGS@ \
@LIBXML2_CPPFLAGS@ \
@PCRE_CPPFLAGS@
@PCRE_CPPFLAGS@ \
@PCRE2_CPPFLAGS@

mod_security2_la_LIBADD = @APR_LDADD@ \
@APU_LDADD@ \
Expand All @@ -59,6 +61,7 @@ mod_security2_la_LIBADD = @APR_LDADD@ \
@LIBXML2_LDADD@ \
@LUA_LDADD@ \
@PCRE_LDADD@ \
@PCRE2_LDADD@ \
@YAJL_LDADD@

if AIX
Expand All @@ -71,6 +74,7 @@ mod_security2_la_LDFLAGS = -module -avoid-version \
@LIBXML2_LDFLAGS@ \
@LUA_LDFLAGS@ \
@PCRE_LDFLAGS@ \
@PCRE2_LDFLAGS@ \
@YAJL_LDFLAGS@ \
@SSDEEP_LDFLAGS@
endif
Expand All @@ -85,6 +89,7 @@ mod_security2_la_LDFLAGS = -module -avoid-version \
@LIBXML2_LDFLAGS@ \
@LUA_LDFLAGS@ \
@PCRE_LDFLAGS@ \
@PCRE2_LDFLAGS@ \
@YAJL_LDFLAGS@ \
@SSDEEP_LDFLAGS@
endif
Expand All @@ -99,6 +104,7 @@ mod_security2_la_LDFLAGS = -module -avoid-version \
@LIBXML2_LDFLAGS@ \
@LUA_LDFLAGS@ \
@PCRE_LDFLAGS@ \
@PCRE2_LDFLAGS@ \
@YAJL_LDFLAGS@ \
@SSDEEP_LDFLAGS@
endif
Expand All @@ -113,6 +119,7 @@ mod_security2_la_LDFLAGS = -module -avoid-version \
@LIBXML2_LDFLAGS@ \
@LUA_LDFLAGS@ \
@PCRE_LDFLAGS@ \
@PCRE2_LDFLAGS@ \
@YAJL_LDFLAGS@ \
@SSDEEP_LDFLAGS@
endif
Expand All @@ -127,6 +134,7 @@ mod_security2_la_LDFLAGS = -no-undefined -module -avoid-version -R @PCRE_LD_PATH
@LIBXML2_LDFLAGS@ \
@LUA_LDFLAGS@ \
@PCRE_LDFLAGS@ \
@PCRE2_LDFLAGS@ \
@YAJL_LDFLAGS@ \
@SSDEEP_LDFLAGS@
endif
Expand All @@ -141,6 +149,7 @@ mod_security2_la_LDFLAGS = -no-undefined -module -avoid-version \
@LIBXML2_LDFLAGS@ \
@LUA_LDFLAGS@ \
@PCRE_LDFLAGS@ \
@PCRE2_LDFLAGS@ \
@YAJL_LDFLAGS@ \
@SSDEEP_LDFLAGS@
endif
Expand All @@ -155,6 +164,7 @@ mod_security2_la_LDFLAGS = -no-undefined -module -avoid-version \
@LIBXML2_LDFLAGS@ \
@LUA_LDFLAGS@ \
@PCRE_LDFLAGS@ \
@PCRE2_LDFLAGS@ \
@YAJL_LDFLAGS@ \
@SSDEEP_LDFLAGS@
endif
Expand All @@ -169,6 +179,7 @@ mod_security2_la_LDFLAGS = -no-undefined -module -avoid-version \
@LIBXML2_LDFLAGS@ \
@LUA_LDFLAGS@ \
@PCRE_LDFLAGS@ \
@PCRE2_LDFLAGS@ \
@YAJL_LDFLAGS@ \
@SSDEEP_LDFLAGS@
endif
Expand Down
6 changes: 5 additions & 1 deletion apache2/apache2_config.c
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
/*
* ModSecurity for Apache 2.x, http://www.modsecurity.org/
* Copyright (c) 2004-2013 Trustwave Holdings, Inc. (http://www.trustwave.com/)
* Copyright (c) 2004-2022 Trustwave Holdings, Inc. (http://www.trustwave.com/)
*
* You may not use this file except in compliance with
* the License.  You may obtain a copy of the License at
Expand Down Expand Up @@ -1293,7 +1293,11 @@ static const char *cmd_audit_log_relevant_status(cmd_parms *cmd, void *_dcfg,
{
directory_config *dcfg = _dcfg;

#ifdef WITH_PCRE2
dcfg->auditlog_relevant_regex = msc_pregcomp(cmd->pool, p1, PCRE2_DOTALL, NULL, NULL);
#else
dcfg->auditlog_relevant_regex = msc_pregcomp(cmd->pool, p1, PCRE_DOTALL, NULL, NULL);
#endif
if (dcfg->auditlog_relevant_regex == NULL) {
return apr_psprintf(cmd->pool, "ModSecurity: Invalid regular expression: %s", p1);
}
Expand Down
15 changes: 12 additions & 3 deletions apache2/mod_security2.c
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
/*
* ModSecurity for Apache 2.x, http://www.modsecurity.org/
* Copyright (c) 2004-2013 Trustwave Holdings, Inc. (http://www.trustwave.com/)
* Copyright (c) 2004-2022 Trustwave Holdings, Inc. (http://www.trustwave.com/)
*
* You may not use this file except in compliance with
* the License.  You may obtain a copy of the License at
Expand Down Expand Up @@ -107,6 +107,8 @@ static int server_limit, thread_limit;
*/
static void version(apr_pool_t *mp) {
char *pcre_vrs = NULL;
char *pcre_loaded_vrs = NULL;
char pcre2_loaded_vrs_buffer[80] ={0};

ap_log_error(APLOG_MARK, APLOG_NOTICE, 0, NULL,
"ModSecurity: APR compiled version=\"%s\"; "
Expand All @@ -116,13 +118,20 @@ static void version(apr_pool_t *mp) {
ap_log_error(APLOG_MARK, APLOG_WARNING, 0, NULL, "ModSecurity: Loaded APR do not match with compiled!");
}

#ifdef WITH_PCRE2
pcre_vrs = apr_psprintf(mp,"%d.%d ", PCRE2_MAJOR, PCRE2_MINOR);
pcre_loaded_vrs = pcre2_loaded_vrs_buffer;
pcre2_config(PCRE2_CONFIG_VERSION, pcre_loaded_vrs);
#else
pcre_vrs = apr_psprintf(mp,"%d.%d ", PCRE_MAJOR, PCRE_MINOR);
pcre_loaded_vrs = pcre_version();
#endif

ap_log_error(APLOG_MARK, APLOG_NOTICE, 0, NULL,
"ModSecurity: PCRE compiled version=\"%s\"; "
"loaded version=\"%s\"", pcre_vrs, pcre_version());
"loaded version=\"%s\"", pcre_vrs, pcre_loaded_vrs);

if (strstr(pcre_version(),pcre_vrs) == NULL) {
if (strstr(pcre_loaded_vrs,pcre_vrs) == NULL) {
ap_log_error(APLOG_MARK, APLOG_WARNING, 0, NULL, "ModSecurity: Loaded PCRE do not match with compiled!");
}

Expand Down
6 changes: 5 additions & 1 deletion apache2/modsecurity.c
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
/*
* ModSecurity for Apache 2.x, http://www.modsecurity.org/
* Copyright (c) 2004-2013 Trustwave Holdings, Inc. (http://www.trustwave.com/)
* Copyright (c) 2004-2022 Trustwave Holdings, Inc. (http://www.trustwave.com/)
*
* You may not use this file except in compliance with
* the License.  You may obtain a copy of the License at
Expand Down Expand Up @@ -561,7 +561,11 @@ static int is_response_status_relevant(modsec_rec *msr, int status) {

rc = msc_regexec(msr->txcfg->auditlog_relevant_regex, buf, strlen(buf), &my_error_msg);
if (rc >= 0) return 1;
#ifdef WITH_PCRE2
if (rc == PCRE2_ERROR_NOMATCH) return 0;
#else
if (rc == PCRE_ERROR_NOMATCH) return 0;
#endif

msr_log(msr, 1, "Regex processing failed (rc %d): %s", rc, my_error_msg);

Expand Down
42 changes: 41 additions & 1 deletion apache2/msc_crypt.c
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
/*
* ModSecurity for Apache 2.x, http://www.modsecurity.org/
* Copyright (c) 2004-2013 Trustwave Holdings, Inc. (http://www.trustwave.com/)
* Copyright (c) 2004-2022 Trustwave Holdings, Inc. (http://www.trustwave.com/)
*
* You may not use this file except in compliance with
* the License.  You may obtain a copy of the License at
Expand Down Expand Up @@ -386,7 +386,11 @@ int do_hash_method(modsec_rec *msr, char *link, int type) {
case HASH_URL_HREF_HASH_RX:
if(em[i]->type == HASH_URL_HREF_HASH_RX) {
rc = msc_regexec_capture(em[i]->param_data, link, strlen(link), ovector, 30, &my_error_msg);
#ifdef WITH_PCRE2
if ((rc == PCRE2_ERROR_MATCHLIMIT) || (rc == PCRE2_ERROR_RECURSIONLIMIT)) {
#else
if ((rc == PCRE_ERROR_MATCHLIMIT) || (rc == PCRE_ERROR_RECURSIONLIMIT)) {
#endif
msc_string *s = (msc_string *)apr_pcalloc(msr->mp, sizeof(msc_string));

if (s == NULL) return -1;
Expand Down Expand Up @@ -415,7 +419,11 @@ int do_hash_method(modsec_rec *msr, char *link, int type) {
msr_log(msr, 4, "%s.", error_msg);
return -1;
}
#ifdef WITH_PCRE2
if (rc != PCRE2_ERROR_NOMATCH) { /* Match. */
#else
if (rc != PCRE_ERROR_NOMATCH) { /* Match. */
#endif
return 1;
}
}
Expand All @@ -441,7 +449,11 @@ int do_hash_method(modsec_rec *msr, char *link, int type) {
case HASH_URL_FACTION_HASH_RX:
if(em[i]->type == HASH_URL_FACTION_HASH_RX) {
rc = msc_regexec_capture(em[i]->param_data, link, strlen(link), ovector, 30, &my_error_msg);
#ifdef WITH_PCRE2
if ((rc == PCRE2_ERROR_MATCHLIMIT) || (rc == PCRE2_ERROR_RECURSIONLIMIT)) {
#else
if ((rc == PCRE_ERROR_MATCHLIMIT) || (rc == PCRE_ERROR_RECURSIONLIMIT)) {
#endif
msc_string *s = (msc_string *)apr_pcalloc(msr->mp, sizeof(msc_string));

if (s == NULL) return -1;
Expand Down Expand Up @@ -470,7 +482,11 @@ int do_hash_method(modsec_rec *msr, char *link, int type) {
msr_log(msr, 4, "%s.", error_msg);
return -1;
}
#ifdef WITH_PCRE2
if (rc != PCRE2_ERROR_NOMATCH) { /* Match. */
#else
if (rc != PCRE_ERROR_NOMATCH) { /* Match. */
#endif
return 1;
}
}
Expand All @@ -496,7 +512,11 @@ int do_hash_method(modsec_rec *msr, char *link, int type) {
case HASH_URL_LOCATION_HASH_RX:
if(em[i]->type == HASH_URL_LOCATION_HASH_RX) {
rc = msc_regexec_capture(em[i]->param_data, link, strlen(link), ovector, 30, &my_error_msg);
#ifdef WITH_PCRE2
if ((rc == PCRE2_ERROR_MATCHLIMIT) || (rc == PCRE2_ERROR_RECURSIONLIMIT)) {
#else
if ((rc == PCRE_ERROR_MATCHLIMIT) || (rc == PCRE_ERROR_RECURSIONLIMIT)) {
#endif
msc_string *s = (msc_string *)apr_pcalloc(msr->mp, sizeof(msc_string));

if (s == NULL) return -1;
Expand Down Expand Up @@ -525,7 +545,11 @@ int do_hash_method(modsec_rec *msr, char *link, int type) {
msr_log(msr, 4, "%s.", error_msg);
return -1;
}
#ifdef WITH_PCRE2
if (rc != PCRE2_ERROR_NOMATCH) { /* Match. */
#else
if (rc != PCRE_ERROR_NOMATCH) { /* Match. */
#endif
return 1;
}
}
Expand All @@ -551,7 +575,11 @@ int do_hash_method(modsec_rec *msr, char *link, int type) {
case HASH_URL_IFRAMESRC_HASH_RX:
if(em[i]->type == HASH_URL_IFRAMESRC_HASH_RX) {
rc = msc_regexec_capture(em[i]->param_data, link, strlen(link), ovector, 30, &my_error_msg);
#ifdef WITH_PCRE2
if ((rc == PCRE2_ERROR_MATCHLIMIT) || (rc == PCRE2_ERROR_RECURSIONLIMIT)) {
#else
if ((rc == PCRE_ERROR_MATCHLIMIT) || (rc == PCRE_ERROR_RECURSIONLIMIT)) {
#endif
msc_string *s = (msc_string *)apr_pcalloc(msr->mp, sizeof(msc_string));

if (s == NULL) return -1;
Expand Down Expand Up @@ -580,7 +608,11 @@ int do_hash_method(modsec_rec *msr, char *link, int type) {
msr_log(msr, 4, "%s.", error_msg);
return -1;
}
#ifdef WITH_PCRE2
if (rc != PCRE2_ERROR_NOMATCH) { /* Match. */
#else
if (rc != PCRE_ERROR_NOMATCH) { /* Match. */
#endif
return 1;
}
}
Expand All @@ -606,7 +638,11 @@ int do_hash_method(modsec_rec *msr, char *link, int type) {
case HASH_URL_FRAMESRC_HASH_RX:
if(em[i]->type == HASH_URL_FRAMESRC_HASH_RX) {
rc = msc_regexec_capture(em[i]->param_data, link, strlen(link), ovector, 30, &my_error_msg);
#ifdef WITH_PCRE2
if ((rc == PCRE2_ERROR_MATCHLIMIT) || (rc == PCRE2_ERROR_RECURSIONLIMIT)) {
#else
if ((rc == PCRE_ERROR_MATCHLIMIT) || (rc == PCRE_ERROR_RECURSIONLIMIT)) {
#endif
msc_string *s = (msc_string *)apr_pcalloc(msr->mp, sizeof(msc_string));

if (s == NULL) return -1;
Expand Down Expand Up @@ -635,7 +671,11 @@ int do_hash_method(modsec_rec *msr, char *link, int type) {
msr_log(msr, 4, "%s.", error_msg);
return -1;
}
#ifdef WITH_PCRE2
if (rc != PCRE2_ERROR_NOMATCH) { /* Match. */
#else
if (rc != PCRE_ERROR_NOMATCH) { /* Match. */
#endif
return 1;
}
}
Expand Down
Loading

0 comments on commit 8fc0b51

Please sign in to comment.