49 lines
1.8 KiB
Diff
49 lines
1.8 KiB
Diff
|
|
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2025-47947
|
|
|
|
https://github.com/owasp-modsecurity/ModSecurity/commit/26161b907e792e53d01c7293e630240db13e28b3
|
|
|
|
--- modsecurity-2.9.6/apache2/modsecurity.h.cve47947
|
|
+++ modsecurity-2.9.6/apache2/modsecurity.h
|
|
@@ -693,6 +693,7 @@
|
|
unsigned int value_origin_offset;
|
|
unsigned int value_origin_len;
|
|
const char *origin;
|
|
+ unsigned int marked_for_sanitization;
|
|
};
|
|
|
|
struct msc_string {
|
|
--- modsecurity-2.9.6/apache2/msc_json.c.cve47947
|
|
+++ modsecurity-2.9.6/apache2/msc_json.c
|
|
@@ -58,6 +58,7 @@
|
|
arg->name, arg->value);
|
|
}
|
|
|
|
+ arg->marked_for_sanitization = 0;
|
|
apr_table_addn(msr->arguments,
|
|
log_escape_nq_ex(msr->mp, arg->name, arg->name_len), (void *) arg);
|
|
|
|
--- modsecurity-2.9.6/apache2/msc_parsers.c.cve47947
|
|
+++ modsecurity-2.9.6/apache2/msc_parsers.c
|
|
@@ -340,6 +340,7 @@
|
|
*/
|
|
void add_argument(modsec_rec *msr, apr_table_t *arguments, msc_arg *arg)
|
|
{
|
|
+ arg->marked_for_sanitization = 0;
|
|
if (msr->txcfg->debuglog_level >= 5) {
|
|
msr_log(msr, 5, "Adding request argument (%s): name \"%s\", value \"%s\"",
|
|
arg->origin, log_escape_ex(msr->mp, arg->name, arg->name_len),
|
|
--- modsecurity-2.9.6/apache2/re_actions.c.cve47947
|
|
+++ modsecurity-2.9.6/apache2/re_actions.c
|
|
@@ -1413,8 +1413,9 @@
|
|
telts = (const apr_table_entry_t*)tarr->elts;
|
|
for (i = 0; i < tarr->nelts; i++) {
|
|
msc_arg *arg = (msc_arg *)telts[i].val;
|
|
- if (strcasecmp(sargname, arg->name) == 0) {
|
|
+ if (arg->marked_for_sanitization == 0 && strcasecmp(sargname, arg->name) == 0) {
|
|
apr_table_addn(msr->arguments_to_sanitize, arg->name, (void *)arg);
|
|
+ arg->marked_for_sanitization = 1;
|
|
}
|
|
}
|
|
break;
|