fixed bugs in cpf_verify #13

hideaki · 2012-12-08T01:07:31Z

This is fix for validation logic for CPF.

check for var_len is wrong. original code would read one extra byte from the buffer if the string is not null terminated.
check for strlen(s_cpf) is unnecessary and unsafe.
It is unnecessary because checking i does the same thing, and it is unsafe because s_cpf is not guaranteed to be zeroed.
check for i is wrong. It should be compared with cpf_len instead of cpf_len-1. In the original code, valid CPFs were deemed as invalid because of this.

fixed bugs in cpf_verify

fixed bugs in cpf_verify

c98da92

brenosilva added a commit that referenced this pull request Dec 8, 2012

Merge pull request #13 from hideaki/cpf_verify_fix

adca6e4

fixed bugs in cpf_verify

brenosilva merged commit adca6e4 into owasp-modsecurity:remotes/trunk Dec 8, 2012

This was referenced Oct 17, 2013

Segmentation fault when uploading file with SecStreamInBodyInspection enabled #394

Closed

Apache with loaded modsecurity has crashed on my server with the signal 11, Segmentation fault. apr_global_mutex_lock is trying to lock the uncreated mutex #564

Closed

akamatgi mentioned this pull request Mar 19, 2014

nginx crash observed on nginx 1.4.5 and ModSecurity 2.7.7 #681

Closed

ghost mentioned this pull request Apr 19, 2014

nGinx shoots 100% CPU with modsecurity 2.8.0 and JSON request and response (YAJL compiled) #707

Closed

DOSarrest mentioned this pull request May 15, 2014

Nginx 1.5.10 + ModSecurity 2.7.7: Process killed by segmentation fault at 10 #658

Closed

This was referenced Oct 28, 2014

nginx/1.7.2 with modsecurity-2.8.0 high cpu load #793

Closed

nginx/1.7.2 with modsecurity-2.8.0 child processes exited on signal 11 #795

Closed

pbesedm mentioned this pull request May 8, 2015

nginx 1.9.0 core dump #884

Closed

thienphung mentioned this pull request Sep 17, 2015

Nginx 1.8.0 + ModSecurity 2.9.0 + mod_pagespeed 1.9.32.6-stable crash #930

Closed

pbesedm mentioned this pull request Mar 12, 2016

nginx core #1091

Closed

Menahem1 mentioned this pull request Feb 11, 2017

ModSecurity 3.0 Memory Leak ? #1318

Closed

wergoth mentioned this pull request Jul 25, 2017

ModSecurity segfault #1496

Closed

majordaw mentioned this pull request Sep 26, 2017

double free in ModSecurity3 'reading_logs_via_rule_message' example and OWASP CRS #1573

Closed

monkburger mentioned this pull request Mar 10, 2018

Mod Security compiled with D_FORTIFY_SOURCE=2 results in crashes with lua scripts #1703

Closed

markblackman mentioned this pull request Jul 9, 2019

mod_security causes CGI scripts to timeout #2101

Open

KfirManSnunit mentioned this pull request Dec 23, 2019

segfault at 0 ip 00007ffbbfa58646 sp 00007fff7c0c0d38 error 4 in libc-2.27.so #2216

Closed

mmelo-yottaa mentioned this pull request May 2, 2020

LMDB installed perfectly but its not showing up in working #2240

Closed

artemvarlyga mentioned this pull request Oct 26, 2020

Apache with loaded modsecurity has crashed on my server with the signal 11, Segmentation fault in apr_global_mutex_lock () #2434

Closed

marcstern mentioned this pull request Oct 21, 2021

segmentation fault with SecStreamInBodyInspection and chunked encoding #2628

Closed

TomasKorbar mentioned this pull request Oct 20, 2022

ModSecurity can cause hang of apache httpd during graceful restart #2822

Open

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

fixed bugs in cpf_verify #13

fixed bugs in cpf_verify #13

hideaki commented Dec 8, 2012

fixed bugs in cpf_verify #13

fixed bugs in cpf_verify #13

Conversation

hideaki commented Dec 8, 2012