|
From: Breno S. P. (JIRA) <no...@mo...> - 2012-09-25 14:19:50
|
[ https://www.modsecurity.org/tracker/browse/MODSEC-333?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Breno Silva Pinto resolved MODSEC-333.
--------------------------------------
Resolution: Fixed
> ruleRemoveTargetById targets order issue
> ----------------------------------------
>
> Key: MODSEC-333
> URL: https://www.modsecurity.org/tracker/browse/MODSEC-333
> Project: ModSecurity
> Issue Type: Bug
> Security Level: Normal
> Components: Actions
> Affects Versions: 2.6.7
> Reporter: Armadillo Dasypodidae
> Assignee: Breno Silva Pinto
> Fix For: 2.6.8
>
>
> Hi,
> I just discovered a bug while using the "ruleRemoveTargetById" action. When the action is used with multiple targets in a specific order: collections (like ARGS:test) followed by simple ones (like REQUEST_BODY, ARGS), the exception will not be applied to the simple targets.
> For example, if the action is used this way:
> ...ctl:ruleRemoveTargetByid=xxxxxx;ARGS:test,REQUEST_BODY...
> the exception will work for "ARGS:test" but not for "REQUEST_BODY".
> The problem is in the "fetch_target_exception" function. The "value" variable is not set to NULL when the "strchr(variable,':') != NULL" check fails.
--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira
|
