Null pointer dereference in msre_op_within_execute

[marcstern]

v2 reoperators.c:
static int msre_op_within_execute(...) {
[...]
if (str->value == NULL) {
*error_msg = "Internal Error: match string is null.";
return -1;
}
[...]
if (error_msg == NULL) return -1;
*error_msg = NULL;

The last 2 lines must be at the very beginning of the function

[zimmerle]

Hi @marcstern,

I believe you are trying to refer to this part of the code -
https://github.com/SpiderLabs/ModSecurity/blob/28b4be670fc7d02bb6388034032d0061b56c8b64/apache2/re_operators.c#L1998-L2006

The check does not necessarily need to be on the top of this function, but, before the utilization of the error_msg.

Are you willing to submit a pull request?

[marcstern]

Before the utilization of the error_msg, indeed.
I don't have the time for a pull request for the moment, as I would need to re-clone everything - unless PR #1577 is merged, so I can reuse the same environment.

[zimmerle]

I am afraid o don't catch what this has to do with #1577. Even if #1577 got merged, yet, it is outdated by itself. Therefore, the tree update will be necessary. But, I do understand that you have opted to not proceed with the pull request. Thank you for your report.

[zimmerle]

Hi @marcstern,

As of 176276a this is no longer an issue. Thank you for the report.