Fix possible segfault in collection_unpack - Githubissues

owasp-modsecurity / ModSecurity

ModSecurity is an open source, cross platform web application firewall (WAF) engine for Apache, IIS and Nginx. It has a robust event-based programming language which provides protection from a range of attacks against web applications and allows for HTTP traffic monitoring, logging and real-time analysis.

https://www.modsecurity.org

Apache License 2.0

7.67k stars 1.54k forks source link

Fix possible segfault in collection_unpack #3099

Closed twouters closed 2 months ago

twouters commented 2 months ago

When var->value_len somehow becomes 0, we risk wrapping around to 4294967295 due to it being an unsigned int.

Fixes #3082

marcstern commented 2 months ago

@twouter, can you do the same check for var->name_len ?

twouters commented 2 months ago

done, missed that part of your comment on the issue.

sonarcloud[bot] commented 2 months ago

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
No data about Coverage
0.0% Duplication on New Code

See analysis details on SonarCloud