Re: [Mod-security-developers] ModSecurity 2.6.7: PCRE version check

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 422-6466

Can you send me your warning message ?

We applied it to avoid version mismatch like 8.2 == 8.02

Thanks

Breno

On Thu, Aug 2, 2012 at 2:20 AM, Peter Heimann <hei...@we...> wrote:

> The PCRE version check produces spurious warnings
> (x.0 does not match x.00).
>
> % diff modsecurity-apache_2.6.6/apache2/mod_security2.c
> modsecurity-apache_2.6.7/apache2/mod_security2.c
> 87c87
> <     pcre_vrs = apr_psprintf(mp,"%d.%d", PCRE_MAJOR, PCRE_MINOR);
> ---
> >     pcre_vrs = apr_psprintf(mp,"%d.%02d", PCRE_MAJOR, PCRE_MINOR);
>
> The comparison in line 93
>     if (strstr(pcre_version(),pcre_vrs) == NULL)    {
> fails for single-digit minor versions.
>
> I think the change in line 87 should be reverted.
>
> --
> Peter Heimann
>
>
> ------------------------------------------------------------------------------
> Live Security Virtual Conference
> Exclusive live event will cover all the ways today's security and
> threat landscape has changed and how IT managers can respond. Discussions
> will include endpoint security, mobile security and the latest in malware
> threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
> _______________________________________________
> mod-security-developers mailing list
> mod...@li...
> https://lists.sourceforge.net/lists/listinfo/mod-security-developers
> ModSecurity Services from Trustwave's SpiderLabs:
> https://www.trustwave.com/spiderLabs.php
>