Skip to content

Commit 8fc0b51

Browse files
martinhsvmartinhsv
committed
Support for PCRE2
1 parent 849cd7e commit 8fc0b51

File tree

14 files changed

+438
-29
lines changed

14 files changed

+438
-29
lines changed

CHANGES

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -1,6 +1,8 @@
11
DD mmm YYYY - 2.9.x (to be released)
22
-------------------
33

4+
* Support for PCRE2
5+
[Issue #2737, #2827 - @martinhsv]
46

57
07 Sep 2022 - 2.9.6
68
-------------------

apache2/Makefile.am

Lines changed: 12 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -42,6 +42,7 @@ mod_security2_la_CFLAGS = @APR_CFLAGS@ \
4242
@LUA_CFLAGS@ \
4343
@MODSEC_EXTRA_CFLAGS@ \
4444
@PCRE_CFLAGS@ \
45+
@PCRE2_CFLAGS@ \
4546
@YAJL_CFLAGS@ \
4647
@SSDEEP_CFLAGS@
4748

@@ -50,7 +51,8 @@ mod_security2_la_CPPFLAGS = @APR_CPPFLAGS@ \
5051
@CURL_CPPFLAGS@ \
5152
@LIBXML2_CFLAGS@ \
5253
@LIBXML2_CPPFLAGS@ \
53-
@PCRE_CPPFLAGS@
54+
@PCRE_CPPFLAGS@ \
55+
@PCRE2_CPPFLAGS@
5456

5557
mod_security2_la_LIBADD = @APR_LDADD@ \
5658
@APU_LDADD@ \
@@ -59,6 +61,7 @@ mod_security2_la_LIBADD = @APR_LDADD@ \
5961
@LIBXML2_LDADD@ \
6062
@LUA_LDADD@ \
6163
@PCRE_LDADD@ \
64+
@PCRE2_LDADD@ \
6265
@YAJL_LDADD@
6366

6467
if AIX
@@ -71,6 +74,7 @@ mod_security2_la_LDFLAGS = -module -avoid-version \
7174
@LIBXML2_LDFLAGS@ \
7275
@LUA_LDFLAGS@ \
7376
@PCRE_LDFLAGS@ \
77+
@PCRE2_LDFLAGS@ \
7478
@YAJL_LDFLAGS@ \
7579
@SSDEEP_LDFLAGS@
7680
endif
@@ -85,6 +89,7 @@ mod_security2_la_LDFLAGS = -module -avoid-version \
8589
@LIBXML2_LDFLAGS@ \
8690
@LUA_LDFLAGS@ \
8791
@PCRE_LDFLAGS@ \
92+
@PCRE2_LDFLAGS@ \
8893
@YAJL_LDFLAGS@ \
8994
@SSDEEP_LDFLAGS@
9095
endif
@@ -99,6 +104,7 @@ mod_security2_la_LDFLAGS = -module -avoid-version \
99104
@LIBXML2_LDFLAGS@ \
100105
@LUA_LDFLAGS@ \
101106
@PCRE_LDFLAGS@ \
107+
@PCRE2_LDFLAGS@ \
102108
@YAJL_LDFLAGS@ \
103109
@SSDEEP_LDFLAGS@
104110
endif
@@ -113,6 +119,7 @@ mod_security2_la_LDFLAGS = -module -avoid-version \
113119
@LIBXML2_LDFLAGS@ \
114120
@LUA_LDFLAGS@ \
115121
@PCRE_LDFLAGS@ \
122+
@PCRE2_LDFLAGS@ \
116123
@YAJL_LDFLAGS@ \
117124
@SSDEEP_LDFLAGS@
118125
endif
@@ -127,6 +134,7 @@ mod_security2_la_LDFLAGS = -no-undefined -module -avoid-version -R @PCRE_LD_PATH
127134
@LIBXML2_LDFLAGS@ \
128135
@LUA_LDFLAGS@ \
129136
@PCRE_LDFLAGS@ \
137+
@PCRE2_LDFLAGS@ \
130138
@YAJL_LDFLAGS@ \
131139
@SSDEEP_LDFLAGS@
132140
endif
@@ -141,6 +149,7 @@ mod_security2_la_LDFLAGS = -no-undefined -module -avoid-version \
141149
@LIBXML2_LDFLAGS@ \
142150
@LUA_LDFLAGS@ \
143151
@PCRE_LDFLAGS@ \
152+
@PCRE2_LDFLAGS@ \
144153
@YAJL_LDFLAGS@ \
145154
@SSDEEP_LDFLAGS@
146155
endif
@@ -155,6 +164,7 @@ mod_security2_la_LDFLAGS = -no-undefined -module -avoid-version \
155164
@LIBXML2_LDFLAGS@ \
156165
@LUA_LDFLAGS@ \
157166
@PCRE_LDFLAGS@ \
167+
@PCRE2_LDFLAGS@ \
158168
@YAJL_LDFLAGS@ \
159169
@SSDEEP_LDFLAGS@
160170
endif
@@ -169,6 +179,7 @@ mod_security2_la_LDFLAGS = -no-undefined -module -avoid-version \
169179
@LIBXML2_LDFLAGS@ \
170180
@LUA_LDFLAGS@ \
171181
@PCRE_LDFLAGS@ \
182+
@PCRE2_LDFLAGS@ \
172183
@YAJL_LDFLAGS@ \
173184
@SSDEEP_LDFLAGS@
174185
endif

apache2/apache2_config.c

Lines changed: 5 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1,6 +1,6 @@
11
/*
22
* ModSecurity for Apache 2.x, http://www.modsecurity.org/
3-
* Copyright (c) 2004-2013 Trustwave Holdings, Inc. (http://www.trustwave.com/)
3+
* Copyright (c) 2004-2022 Trustwave Holdings, Inc. (http://www.trustwave.com/)
44
*
55
* You may not use this file except in compliance with
66
* the License.  You may obtain a copy of the License at
@@ -1293,7 +1293,11 @@ static const char *cmd_audit_log_relevant_status(cmd_parms *cmd, void *_dcfg,
12931293
{
12941294
directory_config *dcfg = _dcfg;
12951295

1296+
#ifdef WITH_PCRE2
1297+
dcfg->auditlog_relevant_regex = msc_pregcomp(cmd->pool, p1, PCRE2_DOTALL, NULL, NULL);
1298+
#else
12961299
dcfg->auditlog_relevant_regex = msc_pregcomp(cmd->pool, p1, PCRE_DOTALL, NULL, NULL);
1300+
#endif
12971301
if (dcfg->auditlog_relevant_regex == NULL) {
12981302
return apr_psprintf(cmd->pool, "ModSecurity: Invalid regular expression: %s", p1);
12991303
}

apache2/mod_security2.c

Lines changed: 12 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -1,6 +1,6 @@
11
/*
22
* ModSecurity for Apache 2.x, http://www.modsecurity.org/
3-
* Copyright (c) 2004-2013 Trustwave Holdings, Inc. (http://www.trustwave.com/)
3+
* Copyright (c) 2004-2022 Trustwave Holdings, Inc. (http://www.trustwave.com/)
44
*
55
* You may not use this file except in compliance with
66
* the License.  You may obtain a copy of the License at
@@ -107,6 +107,8 @@ static int server_limit, thread_limit;
107107
*/
108108
static void version(apr_pool_t *mp) {
109109
char *pcre_vrs = NULL;
110+
char *pcre_loaded_vrs = NULL;
111+
char pcre2_loaded_vrs_buffer[80] ={0};
110112

111113
ap_log_error(APLOG_MARK, APLOG_NOTICE, 0, NULL,
112114
"ModSecurity: APR compiled version=\"%s\"; "
@@ -116,13 +118,20 @@ static void version(apr_pool_t *mp) {
116118
ap_log_error(APLOG_MARK, APLOG_WARNING, 0, NULL, "ModSecurity: Loaded APR do not match with compiled!");
117119
}
118120

121+
#ifdef WITH_PCRE2
122+
pcre_vrs = apr_psprintf(mp,"%d.%d ", PCRE2_MAJOR, PCRE2_MINOR);
123+
pcre_loaded_vrs = pcre2_loaded_vrs_buffer;
124+
pcre2_config(PCRE2_CONFIG_VERSION, pcre_loaded_vrs);
125+
#else
119126
pcre_vrs = apr_psprintf(mp,"%d.%d ", PCRE_MAJOR, PCRE_MINOR);
127+
pcre_loaded_vrs = pcre_version();
128+
#endif
120129

121130
ap_log_error(APLOG_MARK, APLOG_NOTICE, 0, NULL,
122131
"ModSecurity: PCRE compiled version=\"%s\"; "
123-
"loaded version=\"%s\"", pcre_vrs, pcre_version());
132+
"loaded version=\"%s\"", pcre_vrs, pcre_loaded_vrs);
124133

125-
if (strstr(pcre_version(),pcre_vrs) == NULL) {
134+
if (strstr(pcre_loaded_vrs,pcre_vrs) == NULL) {
126135
ap_log_error(APLOG_MARK, APLOG_WARNING, 0, NULL, "ModSecurity: Loaded PCRE do not match with compiled!");
127136
}
128137

apache2/modsecurity.c

Lines changed: 5 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1,6 +1,6 @@
11
/*
22
* ModSecurity for Apache 2.x, http://www.modsecurity.org/
3-
* Copyright (c) 2004-2013 Trustwave Holdings, Inc. (http://www.trustwave.com/)
3+
* Copyright (c) 2004-2022 Trustwave Holdings, Inc. (http://www.trustwave.com/)
44
*
55
* You may not use this file except in compliance with
66
* the License.  You may obtain a copy of the License at
@@ -561,7 +561,11 @@ static int is_response_status_relevant(modsec_rec *msr, int status) {
561561

562562
rc = msc_regexec(msr->txcfg->auditlog_relevant_regex, buf, strlen(buf), &my_error_msg);
563563
if (rc >= 0) return 1;
564+
#ifdef WITH_PCRE2
565+
if (rc == PCRE2_ERROR_NOMATCH) return 0;
566+
#else
564567
if (rc == PCRE_ERROR_NOMATCH) return 0;
568+
#endif
565569

566570
msr_log(msr, 1, "Regex processing failed (rc %d): %s", rc, my_error_msg);
567571

apache2/msc_crypt.c

Lines changed: 41 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1,6 +1,6 @@
11
/*
22
* ModSecurity for Apache 2.x, http://www.modsecurity.org/
3-
* Copyright (c) 2004-2013 Trustwave Holdings, Inc. (http://www.trustwave.com/)
3+
* Copyright (c) 2004-2022 Trustwave Holdings, Inc. (http://www.trustwave.com/)
44
*
55
* You may not use this file except in compliance with
66
* the License.  You may obtain a copy of the License at
@@ -386,7 +386,11 @@ int do_hash_method(modsec_rec *msr, char *link, int type) {
386386
case HASH_URL_HREF_HASH_RX:
387387
if(em[i]->type == HASH_URL_HREF_HASH_RX) {
388388
rc = msc_regexec_capture(em[i]->param_data, link, strlen(link), ovector, 30, &my_error_msg);
389+
#ifdef WITH_PCRE2
390+
if ((rc == PCRE2_ERROR_MATCHLIMIT) || (rc == PCRE2_ERROR_RECURSIONLIMIT)) {
391+
#else
389392
if ((rc == PCRE_ERROR_MATCHLIMIT) || (rc == PCRE_ERROR_RECURSIONLIMIT)) {
393+
#endif
390394
msc_string *s = (msc_string *)apr_pcalloc(msr->mp, sizeof(msc_string));
391395

392396
if (s == NULL) return -1;
@@ -415,7 +419,11 @@ int do_hash_method(modsec_rec *msr, char *link, int type) {
415419
msr_log(msr, 4, "%s.", error_msg);
416420
return -1;
417421
}
422+
#ifdef WITH_PCRE2
423+
if (rc != PCRE2_ERROR_NOMATCH) { /* Match. */
424+
#else
418425
if (rc != PCRE_ERROR_NOMATCH) { /* Match. */
426+
#endif
419427
return 1;
420428
}
421429
}
@@ -441,7 +449,11 @@ int do_hash_method(modsec_rec *msr, char *link, int type) {
441449
case HASH_URL_FACTION_HASH_RX:
442450
if(em[i]->type == HASH_URL_FACTION_HASH_RX) {
443451
rc = msc_regexec_capture(em[i]->param_data, link, strlen(link), ovector, 30, &my_error_msg);
452+
#ifdef WITH_PCRE2
453+
if ((rc == PCRE2_ERROR_MATCHLIMIT) || (rc == PCRE2_ERROR_RECURSIONLIMIT)) {
454+
#else
444455
if ((rc == PCRE_ERROR_MATCHLIMIT) || (rc == PCRE_ERROR_RECURSIONLIMIT)) {
456+
#endif
445457
msc_string *s = (msc_string *)apr_pcalloc(msr->mp, sizeof(msc_string));
446458

447459
if (s == NULL) return -1;
@@ -470,7 +482,11 @@ int do_hash_method(modsec_rec *msr, char *link, int type) {
470482
msr_log(msr, 4, "%s.", error_msg);
471483
return -1;
472484
}
485+
#ifdef WITH_PCRE2
486+
if (rc != PCRE2_ERROR_NOMATCH) { /* Match. */
487+
#else
473488
if (rc != PCRE_ERROR_NOMATCH) { /* Match. */
489+
#endif
474490
return 1;
475491
}
476492
}
@@ -496,7 +512,11 @@ int do_hash_method(modsec_rec *msr, char *link, int type) {
496512
case HASH_URL_LOCATION_HASH_RX:
497513
if(em[i]->type == HASH_URL_LOCATION_HASH_RX) {
498514
rc = msc_regexec_capture(em[i]->param_data, link, strlen(link), ovector, 30, &my_error_msg);
515+
#ifdef WITH_PCRE2
516+
if ((rc == PCRE2_ERROR_MATCHLIMIT) || (rc == PCRE2_ERROR_RECURSIONLIMIT)) {
517+
#else
499518
if ((rc == PCRE_ERROR_MATCHLIMIT) || (rc == PCRE_ERROR_RECURSIONLIMIT)) {
519+
#endif
500520
msc_string *s = (msc_string *)apr_pcalloc(msr->mp, sizeof(msc_string));
501521

502522
if (s == NULL) return -1;
@@ -525,7 +545,11 @@ int do_hash_method(modsec_rec *msr, char *link, int type) {
525545
msr_log(msr, 4, "%s.", error_msg);
526546
return -1;
527547
}
548+
#ifdef WITH_PCRE2
549+
if (rc != PCRE2_ERROR_NOMATCH) { /* Match. */
550+
#else
528551
if (rc != PCRE_ERROR_NOMATCH) { /* Match. */
552+
#endif
529553
return 1;
530554
}
531555
}
@@ -551,7 +575,11 @@ int do_hash_method(modsec_rec *msr, char *link, int type) {
551575
case HASH_URL_IFRAMESRC_HASH_RX:
552576
if(em[i]->type == HASH_URL_IFRAMESRC_HASH_RX) {
553577
rc = msc_regexec_capture(em[i]->param_data, link, strlen(link), ovector, 30, &my_error_msg);
578+
#ifdef WITH_PCRE2
579+
if ((rc == PCRE2_ERROR_MATCHLIMIT) || (rc == PCRE2_ERROR_RECURSIONLIMIT)) {
580+
#else
554581
if ((rc == PCRE_ERROR_MATCHLIMIT) || (rc == PCRE_ERROR_RECURSIONLIMIT)) {
582+
#endif
555583
msc_string *s = (msc_string *)apr_pcalloc(msr->mp, sizeof(msc_string));
556584

557585
if (s == NULL) return -1;
@@ -580,7 +608,11 @@ int do_hash_method(modsec_rec *msr, char *link, int type) {
580608
msr_log(msr, 4, "%s.", error_msg);
581609
return -1;
582610
}
611+
#ifdef WITH_PCRE2
612+
if (rc != PCRE2_ERROR_NOMATCH) { /* Match. */
613+
#else
583614
if (rc != PCRE_ERROR_NOMATCH) { /* Match. */
615+
#endif
584616
return 1;
585617
}
586618
}
@@ -606,7 +638,11 @@ int do_hash_method(modsec_rec *msr, char *link, int type) {
606638
case HASH_URL_FRAMESRC_HASH_RX:
607639
if(em[i]->type == HASH_URL_FRAMESRC_HASH_RX) {
608640
rc = msc_regexec_capture(em[i]->param_data, link, strlen(link), ovector, 30, &my_error_msg);
641+
#ifdef WITH_PCRE2
642+
if ((rc == PCRE2_ERROR_MATCHLIMIT) || (rc == PCRE2_ERROR_RECURSIONLIMIT)) {
643+
#else
609644
if ((rc == PCRE_ERROR_MATCHLIMIT) || (rc == PCRE_ERROR_RECURSIONLIMIT)) {
645+
#endif
610646
msc_string *s = (msc_string *)apr_pcalloc(msr->mp, sizeof(msc_string));
611647

612648
if (s == NULL) return -1;
@@ -635,7 +671,11 @@ int do_hash_method(modsec_rec *msr, char *link, int type) {
635671
msr_log(msr, 4, "%s.", error_msg);
636672
return -1;
637673
}
674+
#ifdef WITH_PCRE2
675+
if (rc != PCRE2_ERROR_NOMATCH) { /* Match. */
676+
#else
638677
if (rc != PCRE_ERROR_NOMATCH) { /* Match. */
678+
#endif
639679
return 1;
640680
}
641681
}

0 commit comments

Comments
 (0)