diff --git a/apache2/persist_dbm.c b/apache2/persist_dbm.c index efbbf6ebd9..8008c78925 100644 --- a/apache2/persist_dbm.c +++ b/apache2/persist_dbm.c @@ -528,22 +528,34 @@ int collection_store(modsec_rec *msr, apr_table_t *col) { if (orig_var != NULL) { const msc_string *stored_var = (const msc_string *)apr_table_get(stored_col, var->name); if (stored_var != NULL) { - int origval = atoi(orig_var->value); - int ourval = atoi(var->value); - int storedval = atoi(stored_var->value); - int delta = ourval - origval; - int newval = storedval + delta; + long long origval = atoll(orig_var->value); + long long ourval = atoll(var->value); + long long storedval = atoll(stored_var->value); + long long delta = ourval - origval; + long long newval = storedval + delta; if (newval < 0) newval = 0; /* Counters never go below zero. */ - var->value = apr_psprintf(msr->mp, "%d", newval); + /* The printf functions provided by Apache do not understand the %lld format. + * Therefore, we convert value to a string first. */ + char newval_str[23] = {'\0'}; + sprintf(newval_str, "%lld", newval); + var->value = apr_psprintf(msr->mp, "%s", newval_str); var->value_len = strlen(var->value); if (msr->txcfg->debuglog_level >= 9) { - msr_log(msr, 9, "collection_store: Delta applied for %s.%s %d->%d (%d): %d + (%d) = %d [%s,%d]", + char origval_str[23] = {'\0'}; + sprintf(origval_str, "%lld", origval); + char ourval_str[23] = {'\0'}; + sprintf(ourval_str, "%lld", ourval); + char delta_str[23] = {'\0'}; + sprintf(delta_str, "%lld", delta); + char storedval_str[23] = {'\0'}; + sprintf(storedval_str, "%lld", storedval); + msr_log(msr, 9, "collection_store: Delta applied for %s.%s %s->%s (%s): %s + (%s) = %s [%s,%d]", log_escape_ex(msr->mp, var_name->value, var_name->value_len), log_escape_ex(msr->mp, var->name, var->name_len), - origval, ourval, delta, storedval, delta, newval, var->value, var->value_len); + origval_str, ourval_str, delta_str, storedval_str, delta_str, newval_str, var->value, var->value_len); } } } diff --git a/apache2/re_actions.c b/apache2/re_actions.c index f81ddc87c7..3068c9f0ac 100644 --- a/apache2/re_actions.c +++ b/apache2/re_actions.c @@ -1606,7 +1606,7 @@ apr_status_t msre_action_setvar_execute(modsec_rec *msr, apr_pool_t *mptmp, /* Relative change. */ msc_string *rec = NULL; msc_string *val = apr_palloc(msr->mp, sizeof(msc_string)); - int value = 0; + long long value = 0; if (val == NULL) { msr_log(msr, 1, "Failed to allocate space to expand value macros"); @@ -1620,11 +1620,11 @@ apr_status_t msre_action_setvar_execute(modsec_rec *msr, apr_pool_t *mptmp, rec->name = apr_pstrdup(msr->mp, var_name); rec->name_len = strlen(rec->name); value = 0; - rec->value = apr_psprintf(msr->mp, "%d", value); + rec->value = apr_psprintf(msr->mp, "%d", 0); rec->value_len = strlen(rec->value); } else { - value = atoi(rec->value); + value = atoll(rec->value); } /* Record the original value before we change it */ @@ -1641,15 +1641,23 @@ apr_status_t msre_action_setvar_execute(modsec_rec *msr, apr_pool_t *mptmp, var_value = val->value; if (msr->txcfg->debuglog_level >= 9) { - msr_log(msr, 9, "Relative change: %s=%d%s", var_name, value, var_value); + /* The printf functions provided by Apache do not understand the %lld format. + * Therefore, we convert value to a string first. */ + char value_str[23] = {'\0'}; + sprintf(value_str, "%lld", value); + msr_log(msr, 9, "Relative change: %s=%s%s", var_name, value_str, var_value); } /* Change value. */ - value += atoi(var_value); + value += atoll(var_value); if (value < 0) value = 0; /* Counters never go below zero. */ /* Put the variable back. */ - rec->value = apr_psprintf(msr->mp, "%d", value); + /* The printf functions provided by Apache do not understand the %lld format. + * Therefore, we convert value to a string first. */ + char value_str[23] = {'\0'}; + sprintf(value_str, "%lld", value); + rec->value = apr_psprintf(msr->mp, "%s", value_str); rec->value_len = strlen(rec->value); apr_table_setn(target_col, rec->name, (void *)rec); @@ -1830,7 +1838,7 @@ static apr_status_t msre_action_deprecatevar_execute(modsec_rec *msr, apr_pool_t apr_table_t *target_col = NULL; msc_string *var = NULL, *var_last_update_time = NULL; apr_time_t last_update_time, current_time; - long current_value, new_value; + long long current_value, new_value; /* Extract the name and the value. */ /* IMP1 We have a function for this now, parse_name_eq_value? */ @@ -1901,7 +1909,7 @@ static apr_status_t msre_action_deprecatevar_execute(modsec_rec *msr, apr_pool_t } return 0; } - current_value = atoi(var->value); + current_value = atoll(var->value); /* Find the last update time (of the collection). */ var_last_update_time = (msc_string *)apr_table_get(target_col, "LAST_UPDATE_TIME"); @@ -1928,27 +1936,36 @@ static apr_status_t msre_action_deprecatevar_execute(modsec_rec *msr, apr_pool_t * time elapsed since the last update. */ new_value = current_value - - (atol(var_value) * ((current_time - last_update_time) / atol(s))); + (atoll(var_value) * ((current_time - last_update_time) / atoll(s))); if (new_value < 0) new_value = 0; + /* The printf functions provided by Apache do not understand the %lld format. + * Therefore, we convert value to a string first. */ + char new_value_str[23] = {'\0'}; + sprintf(new_value_str, "%lld", new_value); + /* Only change the value if it differs. */ if (new_value != current_value) { - var->value = apr_psprintf(msr->mp, "%ld", new_value); + var->value = apr_psprintf(msr->mp, "%s", new_value_str); var->value_len = strlen(var->value); if (msr->txcfg->debuglog_level >= 4) { - msr_log(msr, 4, "Deprecated variable \"%s.%s\" from %ld to %ld (%" APR_TIME_T_FMT " seconds since " + char current_value_str[23] = {'\0'}; + sprintf(current_value_str, "%lld", current_value); + msr_log(msr, 4, "Deprecated variable \"%s.%s\" from %s to %s (%" APR_TIME_T_FMT " seconds since " "last update).", log_escape(msr->mp, col_name), log_escape(msr->mp, var_name), - current_value, new_value, (apr_time_t)(current_time - last_update_time)); + current_value_str, new_value_str, (apr_time_t)(current_time - last_update_time)); } apr_table_set(msr->collections_dirty, col_name, "1"); } else { if (msr->txcfg->debuglog_level >= 9) { - msr_log(msr, 9, "Not deprecating variable \"%s.%s\" because the new value (%ld) is " - "the same as the old one (%ld) (%" APR_TIME_T_FMT " seconds since last update).", - log_escape(msr->mp, col_name), log_escape(msr->mp, var_name), current_value, - new_value, (apr_time_t)(current_time - last_update_time)); + char current_value_str[23] = {'\0'}; + sprintf(current_value_str, "%lld", current_value); + msr_log(msr, 9, "Not deprecating variable \"%s.%s\" because the new value (%s) is " + "the same as the old one (%s) (%" APR_TIME_T_FMT " seconds since last update).", + log_escape(msr->mp, col_name), log_escape(msr->mp, var_name), current_value_str, + new_value_str, (apr_time_t)(current_time - last_update_time)); } } diff --git a/apache2/re_operators.c b/apache2/re_operators.c index b639ae4f6e..9a1c24a215 100644 --- a/apache2/re_operators.c +++ b/apache2/re_operators.c @@ -4418,7 +4418,7 @@ static int msre_op_eq_execute(modsec_rec *msr, msre_rule *rule, msre_var *var, char **error_msg) { msc_string str; - int left, right; + long long left, right; char *target = NULL; if (error_msg == NULL) return -1; @@ -4436,15 +4436,15 @@ static int msre_op_eq_execute(modsec_rec *msr, msre_rule *rule, msre_var *var, target = apr_pstrmemdup(msr->mp, var->value, var->value_len); if (target == NULL) return -1; - left = atoi(target); - right = atoi(str.value); + left = atoll(target); + right = atoll(str.value); if (left != right) { /* No match. */ return 0; } else { - *error_msg = apr_psprintf(msr->mp, "Operator EQ matched %d at %s.", right, var->name); + *error_msg = apr_psprintf(msr->mp, "Operator EQ matched %s at %s.", str.value, var->name); /* Match. */ return 1; } @@ -4456,7 +4456,7 @@ static int msre_op_gt_execute(modsec_rec *msr, msre_rule *rule, msre_var *var, char **error_msg) { msc_string str; - int left, right; + long long left, right; char *target = NULL; if ((var->value == NULL)||(rule->op_param == NULL)) { @@ -4479,15 +4479,15 @@ static int msre_op_gt_execute(modsec_rec *msr, msre_rule *rule, msre_var *var, target = apr_pstrmemdup(msr->mp, var->value, var->value_len); if (target == NULL) return -1; - left = atoi(target); - right = atoi(str.value); + left = atoll(target); + right = atoll(str.value); if (left <= right) { /* No match. */ return 0; } else { - *error_msg = apr_psprintf(msr->mp, "Operator GT matched %d at %s.", right, var->name); + *error_msg = apr_psprintf(msr->mp, "Operator GT matched %s at %s.", str.value, var->name); /* Match. */ return 1; } @@ -4499,7 +4499,7 @@ static int msre_op_lt_execute(modsec_rec *msr, msre_rule *rule, msre_var *var, char **error_msg) { msc_string str; - int left, right; + long long left, right; char *target = NULL; if ((var->value == NULL)||(rule->op_param == NULL)) { @@ -4522,15 +4522,15 @@ static int msre_op_lt_execute(modsec_rec *msr, msre_rule *rule, msre_var *var, target = apr_pstrmemdup(msr->mp, var->value, var->value_len); if (target == NULL) return -1; - left = atoi(target); - right = atoi(str.value); + left = atoll(target); + right = atoll(str.value); if (left >= right) { /* No match. */ return 0; } else { - *error_msg = apr_psprintf(msr->mp, "Operator LT matched %d at %s.", right, var->name); + *error_msg = apr_psprintf(msr->mp, "Operator LT matched %s at %s.", str.value, var->name); /* Match. */ return 1; } @@ -4542,7 +4542,7 @@ static int msre_op_ge_execute(modsec_rec *msr, msre_rule *rule, msre_var *var, char **error_msg) { msc_string str; - int left, right; + long long left, right; char *target = NULL; if ((var->value == NULL)||(rule->op_param == NULL)) { @@ -4565,15 +4565,15 @@ static int msre_op_ge_execute(modsec_rec *msr, msre_rule *rule, msre_var *var, target = apr_pstrmemdup(msr->mp, var->value, var->value_len); if (target == NULL) return -1; - left = atoi(target); - right = atoi(str.value); + left = atoll(target); + right = atoll(str.value); if (left < right) { /* No match. */ return 0; } else { - *error_msg = apr_psprintf(msr->mp, "Operator GE matched %d at %s.", right, var->name); + *error_msg = apr_psprintf(msr->mp, "Operator GE matched %s at %s.", str.value, var->name); /* Match. */ return 1; } @@ -4585,7 +4585,7 @@ static int msre_op_le_execute(modsec_rec *msr, msre_rule *rule, msre_var *var, char **error_msg) { msc_string str; - int left, right; + long long left, right; char *target = NULL; if ((var->value == NULL)||(rule->op_param == NULL)) { @@ -4608,15 +4608,15 @@ static int msre_op_le_execute(modsec_rec *msr, msre_rule *rule, msre_var *var, target = apr_pstrmemdup(msr->mp, var->value, var->value_len); if (target == NULL) return -1; - left = atoi(target); - right = atoi(str.value); + left = atoll(target); + right = atoll(str.value); if (left > right) { /* No match. */ return 0; } else { - *error_msg = apr_psprintf(msr->mp, "Operator LE matched %d at %s.", right, var->name); + *error_msg = apr_psprintf(msr->mp, "Operator LE matched %s at %s.", str.value, var->name); /* Match. */ return 1; }