Merge branch 'owasp-modsecurity:v3/master' into refactor/default-pcre2

Author: gberkes

build/win32/README.md

@@ -18,7 +18,7 @@ The Windows build of libModSecurity uses Build Tools for Visual Studio 2022 (for
         * Windows SDK
         * CMake
         * Address Sanitizer
- * [Conan package manager 2.2.2](https://github.com/conan-io/conan/releases/download/2.2.2/conan-2.2.2-windows-x86_64-installer.exe)
+ * [Conan package manager 2.10.2](https://github.com/conan-io/conan/releases/download/2.10.2/conan-2.10.2-windows-x86_64-installer.exe)
     * Install and then setup the default Conan profile to use the MSVC C++ compiler:
       1. Open a command-prompt and set the MSVC C++ compiler environment by executing: `C:\BuildTools\VC\Auxiliary\Build\vcvars64.bat`
       2. Execute: `conan profile detect --force`
@@ -30,7 +30,7 @@ The Windows build of libModSecurity uses Build Tools for Visual Studio 2022 (for
 
 ## Build
 
-Install the prerequisites listsed in the previous section, checkout libModSecurity and from the directory where it's located execute:
+Install the prerequisites listed in the previous section, checkout libModSecurity and from the directory where it's located execute:
 
 ```
 vcbuild.bat [build_configuration] [arch] [USE_ASAN]

build/win32/docker/Dockerfile

@@ -35,7 +35,7 @@ RUN %INSTALLER% /SP- /VERYSILENT /SUPPRESSMSGBOXES /NOCANCEL `
     /NORESTART /CLOSEAPPLICATIONS /RESTARTAPPLICATIONS /LOADINF=git.inf
 
 # download & setup conan
-ARG CONAN_VERSION=2.2.2
+ARG CONAN_VERSION=2.10.2
 ARG CONAN_BINARY=conan-${CONAN_VERSION}-windows-x86_64-installer.exe
 ARG CONAN_URL=https://github.com/conan-io/conan/releases/download/${CONAN_VERSION}/${CONAN_BINARY}
 

build/yajl.m4

@@ -62,7 +62,7 @@ else
                 YAJL_DISPLAY="${YAJL_LDADD}, ${YAJL_CFLAGS}"
             else
                 # If pkg-config did not find anything useful, go over file lookup.
-                for x in ${YAJL_POSSIBLE_LIB_NAMES}; do
+                for x in ${YAJL_POSSIBLE_PATHS}; do
                     CHECK_FOR_YAJL_AT(${x})
                     if test -n "${YAJL_VERSION}"; then
                         break

src/operators/validate_byte_range.cc

@@ -37,6 +37,11 @@ bool ValidateByteRange::getRange(const std::string &rangeRepresentation,
                 "' into a number");
             return false;
         }
+        if ((start < 0) || (start > 255)) {
+            error->assign("Invalid byte value: " +
+                std::to_string(start));
+            return false;
+        }
         table[start >> 3] = (table[start >> 3] | (1 << (start & 0x7)));
         return true;
     }
@@ -87,21 +92,29 @@ bool ValidateByteRange::getRange(const std::string &rangeRepresentation,
 bool ValidateByteRange::init(const std::string &file,
     std::string *error) {
     size_t pos = m_param.find_first_of(",");
+    bool rc;
 
     if (pos == std::string::npos) {
-        getRange(m_param, error);
+        rc = getRange(m_param, error);
     } else {
-        getRange(std::string(m_param, 0, pos), error);
+        rc = getRange(std::string(m_param, 0, pos), error);
+    }
+
+    if (rc == false) {
+        return false;
     }
 
     while (pos != std::string::npos) {
         size_t next_pos = m_param.find_first_of(",", pos + 1);
 
         if (next_pos == std::string::npos) {
-            getRange(std::string(m_param, pos + 1, m_param.length() -
+            rc = getRange(std::string(m_param, pos + 1, m_param.length() -
                 (pos + 1)), error);
         } else {
-            getRange(std::string(m_param, pos + 1, next_pos - (pos + 1)), error);
+            rc = getRange(std::string(m_param, pos + 1, next_pos - (pos + 1)), error);
+        }
+        if (rc == false) {
+            return false;
         }
         pos = next_pos;
     }