Date: Wed, 30 Sep 2020 17:11:21 +0000 (UTC) From: Li-Wen Hsu <lwhsu@FreeBSD.org> To: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org Subject: svn commit: r550723 - in head/security/modsecurity3: . files Message-ID: <202009301711.08UHBLmj054551@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: lwhsu Date: Wed Sep 30 17:11:21 2020 New Revision: 550723 URL: https://svnweb.freebsd.org/changeset/ports/550723 Log: security/modsecurity3: Add patch for CVE-2020-15598 PR: 249312 Submitted by: Felipe Zipitria <fzipitria@perceptyx.com> Approved by: Marius Halden <marius.halden@modirum.com> (maintainer) MFH: 2020Q3 Security: CVE-2020-15598 Added: head/security/modsecurity3/files/ head/security/modsecurity3/files/patch-src_operators_rx.cc (contents, props changed) head/security/modsecurity3/files/patch-src_utils_regex.cc (contents, props changed) head/security/modsecurity3/files/patch-src_utils_regex.h (contents, props changed) head/security/modsecurity3/files/patch-test_test-cases_regression_variable-TX.json (contents, props changed) Modified: head/security/modsecurity3/Makefile Modified: head/security/modsecurity3/Makefile ============================================================================== --- head/security/modsecurity3/Makefile Wed Sep 30 17:08:36 2020 (r550722) +++ head/security/modsecurity3/Makefile Wed Sep 30 17:11:21 2020 (r550723) @@ -3,7 +3,7 @@ PORTNAME= modsecurity DISTVERSIONPREFIX= v DISTVERSION= 3.0.4 -PORTREVISION= 0 +PORTREVISION= 1 CATEGORIES= security www MASTER_SITES= https://github.com/SpiderLabs/ModSecurity/releases/download/v${PORTVERSION}/ PKGNAMESUFFIX= 3 Added: head/security/modsecurity3/files/patch-src_operators_rx.cc ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/security/modsecurity3/files/patch-src_operators_rx.cc Wed Sep 30 17:11:21 2020 (r550723) @@ -0,0 +1,51 @@ +--- src/operators/rx.cc.orig 2020-01-13 13:09:28 UTC ++++ src/operators/rx.cc +@@ -38,7 +38,6 @@ bool Rx::init(const std::string &arg, st + + bool Rx::evaluate(Transaction *transaction, Rule *rule, + const std::string& input, std::shared_ptr<RuleMessage> ruleMessage) { +- std::list<SMatch> matches; + Regex *re; + + if (m_param.empty() && !m_string->m_containsMacro) { +@@ -52,29 +51,29 @@ bool Rx::evaluate(Transaction *transacti + re = m_re; + } + +- matches = re->searchAll(input); ++ std::vector<Utils::SMatchCapture> captures; ++ re->searchOneMatch(input, captures); ++ + if (rule && rule->m_containsCaptureAction && transaction) { +- int i = 0; +- matches.reverse(); +- for (const SMatch& a : matches) { ++ for (const Utils::SMatchCapture& capture : captures) { ++ const std::string capture_substring(input.substr(capture.m_offset,capture.m_length)); + transaction->m_collections.m_tx_collection->storeOrUpdateFirst( +- std::to_string(i), a.str()); ++ std::to_string(capture.m_group), capture_substring); + ms_dbg_a(transaction, 7, "Added regex subexpression TX." + +- std::to_string(i) + ": " + a.str()); +- transaction->m_matched.push_back(a.str()); +- i++; ++ std::to_string(capture.m_group) + ": " + capture_substring); ++ transaction->m_matched.push_back(capture_substring); + } + } + +- for (const auto & i : matches) { +- logOffset(ruleMessage, i.offset(), i.str().size()); ++ for (const auto & capture : captures) { ++ logOffset(ruleMessage, capture.m_offset, capture.m_length); + } + + if (m_string->m_containsMacro) { + delete re; + } + +- if (matches.size() > 0) { ++ if (captures.size() > 0) { + return true; + } + Added: head/security/modsecurity3/files/patch-src_utils_regex.cc ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/security/modsecurity3/files/patch-src_utils_regex.cc Wed Sep 30 17:11:21 2020 (r550723) @@ -0,0 +1,40 @@ +--- src/utils/regex.cc.orig 2020-01-13 13:09:28 UTC ++++ src/utils/regex.cc +@@ -16,10 +16,6 @@ + #include "src/utils/regex.h" + + #include <pcre.h> +-#include <sys/socket.h> +-#include <sys/types.h> +-#include <netinet/in.h> +-#include <arpa/inet.h> + #include <string> + #include <list> + +@@ -99,6 +95,26 @@ std::list<SMatch> Regex::searchAll(const + return retList; + } + ++bool Regex::searchOneMatch(const std::string& s, std::vector<SMatchCapture>& captures) const { ++ const char *subject = s.c_str(); ++ int ovector[OVECCOUNT]; ++ ++ int rc = pcre_exec(m_pc, m_pce, subject, s.size(), 0, 0, ovector, OVECCOUNT); ++ ++ for (int i = 0; i < rc; i++) { ++ size_t start = ovector[2*i]; ++ size_t end = ovector[2*i+1]; ++ size_t len = end - start; ++ if (end > s.size()) { ++ continue; ++ } ++ SMatchCapture capture(i, start, len); ++ captures.push_back(capture); ++ } ++ ++ return (rc > 0); ++} ++ + int Regex::search(const std::string& s, SMatch *match) const { + int ovector[OVECCOUNT]; + int ret = pcre_exec(m_pc, m_pce, s.c_str(), Added: head/security/modsecurity3/files/patch-src_utils_regex.h ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/security/modsecurity3/files/patch-src_utils_regex.h Wed Sep 30 17:11:21 2020 (r550723) @@ -0,0 +1,35 @@ +--- src/utils/regex.h.orig 2020-01-13 13:09:28 UTC ++++ src/utils/regex.h +@@ -19,6 +19,7 @@ + #include <fstream> + #include <string> + #include <list> ++#include <vector> + + #ifndef SRC_UTILS_REGEX_H_ + #define SRC_UTILS_REGEX_H_ +@@ -47,6 +48,16 @@ class SMatch { + size_t m_offset; + }; + ++struct SMatchCapture { ++ SMatchCapture(size_t group, size_t offset, size_t length) : ++ m_group(group), ++ m_offset(offset), ++ m_length(length) { } ++ ++ size_t m_group; // E.g. 0 = full match; 6 = capture group 6 ++ size_t m_offset; // offset of match within the analyzed string ++ size_t m_length; ++}; + + class Regex { + public: +@@ -58,6 +69,7 @@ class Regex { + Regex& operator=(const Regex&) = delete; + + std::list<SMatch> searchAll(const std::string& s) const; ++ bool searchOneMatch(const std::string& s, std::vector<SMatchCapture>& captures) const; + int search(const std::string &s, SMatch *m) const; + int search(const std::string &s) const; + Added: head/security/modsecurity3/files/patch-test_test-cases_regression_variable-TX.json ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/security/modsecurity3/files/patch-test_test-cases_regression_variable-TX.json Wed Sep 30 17:11:21 2020 (r550723) @@ -0,0 +1,146 @@ +--- test/test-cases/regression/variable-TX.json.orig 2020-01-13 13:09:28 UTC ++++ test/test-cases/regression/variable-TX.json +@@ -80,5 +80,143 @@ + "SecRule REQUEST_HEADERS \"@rx ([A-z]+)\" \"id:1,log,pass,capture,id:14\"", + "SecRule TX:0 \"@rx ([A-z]+)\" \"id:15\"" + ] ++ }, ++ { ++ "enabled":1, ++ "version_min":300000, ++ "title":"Testing Variables :: capture group match after unused group", ++ "client":{ ++ "ip":"200.249.12.31", ++ "port":123 ++ }, ++ "server":{ ++ "ip":"200.249.12.31", ++ "port":80 ++ }, ++ "request":{ ++ "uri":"/?key=aadd", ++ "method":"GET" ++ }, ++ "response":{ ++ "headers":{ ++ "Date":"Mon, 13 Jul 2015 20:02:41 GMT", ++ "Last-Modified":"Sun, 26 Oct 2014 22:33:37 GMT", ++ "Content-Type":"text/html" ++ }, ++ "body":[ ++ "no need." ++ ] ++ }, ++ "expected":{ ++ "debug_log":"Added regex subexpression TX\\.3: dd[\\s\\S]*Target value: \"dd\" \\(Variable\\: TX\\:3[\\s\\S]*Rule returned 1" ++ }, ++ "rules":[ ++ "SecRuleEngine On", ++ "SecRule ARGS \"@rx (aa)(bb|cc)?(dd)\" \"id:1,log,pass,capture,id:16\"", ++ "SecRule TX:3 \"@streq dd\" \"id:19,phase:2,log,pass\"" ++ ] ++ }, ++ { ++ "enabled":1, ++ "version_min":300000, ++ "title":"Testing Variables :: empty capture group match followed by nonempty capture group", ++ "client":{ ++ "ip":"200.249.12.31", ++ "port":123 ++ }, ++ "server":{ ++ "ip":"200.249.12.31", ++ "port":80 ++ }, ++ "request":{ ++ "uri":"/?key=aadd", ++ "method":"GET" ++ }, ++ "response":{ ++ "headers":{ ++ "Date":"Mon, 13 Jul 2015 20:02:41 GMT", ++ "Last-Modified":"Sun, 26 Oct 2014 22:33:37 GMT", ++ "Content-Type":"text/html" ++ }, ++ "body":[ ++ "no need." ++ ] ++ }, ++ "expected":{ ++ "debug_log":"Added regex subexpression TX\\.3: dd[\\s\\S]*Target value: \"dd\" \\(Variable\\: TX\\:3[\\s\\S]*Rule returned 1" ++ }, ++ "rules":[ ++ "SecRuleEngine On", ++ "SecRule ARGS \"@rx (aa)(bb|cc|)(dd)\" \"id:18,phase:1,log,pass,capture\"", ++ "SecRule TX:3 \"@streq dd\" \"id:19,phase:2,log,pass\"" ++ ] ++ }, ++ { ++ "enabled":1, ++ "version_min":300000, ++ "title":"Testing Variables :: repeating capture group -- alternates", ++ "client":{ ++ "ip":"200.249.12.31", ++ "port":123 ++ }, ++ "server":{ ++ "ip":"200.249.12.31", ++ "port":80 ++ }, ++ "request":{ ++ "uri":"/?key=_abc123_", ++ "method":"GET" ++ }, ++ "response":{ ++ "headers":{ ++ "Date":"Mon, 13 Jul 2015 20:02:41 GMT", ++ "Last-Modified":"Sun, 26 Oct 2014 22:33:37 GMT", ++ "Content-Type":"text/html" ++ }, ++ "body":[ ++ "no need." ++ ] ++ }, ++ "expected":{ ++ "debug_log":"Added regex subexpression TX\\.2: abc[\\s\\S]*Added regex subexpression TX\\.3: 123" ++ }, ++ "rules":[ ++ "SecRuleEngine On", ++ "SecRule ARGS \"@rx _((?:(abc)|(123))+)_\" \"id:18,phase:1,log,pass,capture\"" ++ ] ++ }, ++ { ++ "enabled":1, ++ "version_min":300000, ++ "title":"Testing Variables :: repeating capture group -- same (nested)", ++ "client":{ ++ "ip":"200.249.12.31", ++ "port":123 ++ }, ++ "server":{ ++ "ip":"200.249.12.31", ++ "port":80 ++ }, ++ "request":{ ++ "uri":"/?key=a:5a:8a:9", ++ "method":"GET" ++ }, ++ "response":{ ++ "headers":{ ++ "Date":"Mon, 13 Jul 2015 20:02:41 GMT", ++ "Last-Modified":"Sun, 26 Oct 2014 22:33:37 GMT", ++ "Content-Type":"text/html" ++ }, ++ "body":[ ++ "no need." ++ ] ++ }, ++ "expected":{ ++ "debug_log":"Added regex subexpression TX\\.1: 5[\\s\\S]*Added regex subexpression TX\\.2: 8[\\s\\S]*Added regex subexpression TX\\.3: 9" ++ }, ++ "rules":[ ++ "SecRuleEngine On", ++ "SecRule ARGS \"@rx a:([0-9])(?:a:([0-9])(?:a:([0-9]))*)*\" \"id:18,phase:1,log,pass,capture\"" ++ ] + } + ]
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?202009301711.08UHBLmj054551>