Skip to content

Commit d3f6338

Browse files
airweenairween
committed
Treat possible null values
1 parent fd414f1 commit d3f6338

1 file changed

Lines changed: 3 additions & 3 deletions

File tree

apache2/re_operators.c

Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -2304,7 +2304,7 @@ static int msre_op_detectSQLi_execute(modsec_rec *msr, msre_rule *rule, msre_var
23042304
injection_result_t issqli;
23052305
int capture;
23062306

2307-
issqli = libinjection_sqli(var->value, var->value_len, fingerprint);
2307+
issqli = libinjection_sqli(var->value ? var->value : "", var->value_len, fingerprint);
23082308
capture = apr_table_get(rule->actionset->actions, "capture") ? 1 : 0;
23092309

23102310
if (libinjection_evaluate(issqli)) {
@@ -2360,11 +2360,11 @@ static int msre_op_detectXSS_execute(modsec_rec *msr, msre_rule *rule, msre_var
23602360
int capture;
23612361
injection_result_t is_xss;
23622362

2363-
is_xss = libinjection_xss(var->value, var->value_len);
2363+
is_xss = libinjection_xss(var->value ? var->value : "", var->value_len);
23642364
capture = apr_table_get(rule->actionset->actions, "capture") ? 1 : 0;
23652365

23662366
if (libinjection_evaluate(is_xss)) {
2367-
set_match_to_tx_safe(msr, capture, var->value, var->value_len, 0);
2367+
set_match_to_tx_safe(msr, capture, var->value ? var->value : "", var->value_len, 0);
23682368
switch(is_xss) {
23692369
case LIBINJECTION_RESULT_TRUE:
23702370
*error_msg = apr_psprintf(msr->mp, "detected XSS using libinjection.");

0 commit comments

Comments
 (0)