Skip to content

Commit 6a9cd25

Browse files
author
Felipe Zimmerle
committed
Fix collection naming problem
As reported on #1274 we had a problem while merging the collections. Turns out that the collection name was wrong while passing the information to setvar.
1 parent 6346266 commit 6a9cd25

File tree

1 file changed

+25
-8
lines changed

1 file changed

+25
-8
lines changed

apache2/re_actions.c

+25-8
Original file line numberDiff line numberDiff line change
@@ -1519,6 +1519,7 @@ apr_status_t msre_action_setvar_execute(modsec_rec *msr, apr_pool_t *mptmp,
15191519
char *s = NULL;
15201520
apr_table_t *target_col = NULL;
15211521
int is_negated = 0;
1522+
char *real_col_name = NULL;
15221523
msc_string *var = NULL;
15231524

15241525
if (msr->txcfg->debuglog_level >= 9) {
@@ -1561,19 +1562,26 @@ apr_status_t msre_action_setvar_execute(modsec_rec *msr, apr_pool_t *mptmp,
15611562
var_name = s + 1;
15621563
*s = '\0';
15631564

1565+
if (strcasecmp(col_name,"USER") == 0 || strcasecmp(col_name,"SESSION") == 0
1566+
|| strcasecmp(col_name, "RESOURCE") == 0) {
1567+
real_col_name = apr_psprintf(mptmp, "%s_%s", msr->txcfg->webappid, col_name);
1568+
}
1569+
15641570
/* Locate the collection. */
15651571
if (strcasecmp(col_name, "tx") == 0) { /* Special case for TX variables. */
15661572
target_col = msr->tx_vars;
15671573
} else {
15681574
target_col = (apr_table_t *)apr_table_get(msr->collections, col_name);
1569-
if (target_col == NULL) {
1570-
if (msr->txcfg->debuglog_level >= 3) {
1571-
msr_log(msr, 3, "Could not set variable \"%s.%s\" as the collection does not exist.",
1572-
log_escape(msr->mp, col_name), log_escape(msr->mp, var_name));
1573-
}
1575+
}
15741576

1575-
return 0;
1577+
1578+
if (target_col == NULL) {
1579+
if (msr->txcfg->debuglog_level >= 3) {
1580+
msr_log(msr, 3, "Could not set variable \"%s.%s\" as the collection does not exist.",
1581+
log_escape(msr->mp, col_name), log_escape(msr->mp, var_name));
15761582
}
1583+
1584+
return 0;
15771585
}
15781586

15791587
if (is_negated) {
@@ -1616,7 +1624,11 @@ apr_status_t msre_action_setvar_execute(modsec_rec *msr, apr_pool_t *mptmp,
16161624
}
16171625

16181626
/* Record the original value before we change it */
1619-
collection_original_setvar(msr, col_name, rec);
1627+
if (real_col_name == NULL) {
1628+
collection_original_setvar(msr, col_name, rec);
1629+
} else {
1630+
collection_original_setvar(msr, real_col_name, rec);
1631+
}
16201632

16211633
/* Expand values in value */
16221634
val->value = var_value;
@@ -1651,6 +1663,7 @@ apr_status_t msre_action_setvar_execute(modsec_rec *msr, apr_pool_t *mptmp,
16511663
var->value = apr_pstrdup(msr->mp, var_value);
16521664
var->value_len = strlen(var->value);
16531665
expand_macros(msr, var, rule, mptmp);
1666+
16541667
apr_table_setn(target_col, var->name, (void *)var);
16551668

16561669
if (msr->txcfg->debuglog_level >= 9) {
@@ -2048,7 +2061,11 @@ static apr_status_t init_collection(modsec_rec *msr, const char *real_col_name,
20482061
/* Record the original counter value before we change it */
20492062
var = (msc_string *)apr_table_get(table, "UPDATE_COUNTER");
20502063
if (var != NULL) {
2051-
collection_original_setvar(msr, col_name, var);
2064+
if (real_col_name == NULL) {
2065+
collection_original_setvar(msr, col_name, var);
2066+
} else {
2067+
collection_original_setvar(msr, real_col_name, var);
2068+
}
20522069
}
20532070

20542071
/* Add the collection to the list. */

0 commit comments

Comments
 (0)