Copy possible \0 contained string before use it; remote possible sensitive data from log

airween · airween · commit be1fbdf1a4d3 · 2026-04-03T23:26:55.000+02:00
diff --git a/apache2/re_operators.c b/apache2/re_operators.c
@@ -2303,6 +2303,7 @@ static int msre_op_detectSQLi_execute(modsec_rec *msr, msre_rule *rule, msre_var
     char fingerprint[8];
     injection_result_t issqli;
     int capture;
+    char *input_copy;
 
     issqli = libinjection_sqli(var->value, var->value_len, fingerprint);
     capture = apr_table_get(rule->actionset->actions, "capture") ? 1 : 0;
@@ -2320,16 +2321,17 @@ static int msre_op_detectSQLi_execute(modsec_rec *msr, msre_rule *rule, msre_var
                 }
                 break;
             case LIBINJECTION_RESULT_ERROR:
-                set_match_to_tx(msr, capture, var->value, 0);
-                *error_msg = apr_psprintf(msr->mp, "libinjection parser error: '%s'",
-                                        log_escape_ex(msr->mp, var->value, var->value_len));
+                input_copy = apr_pmemdup(msr->mp, var->value, var->value_len);
+                set_match_to_tx(msr, capture, input_copy, 0);
+                *error_msg = apr_psprintf(msr->mp, "libinjection parser error");
                 if (msr->txcfg->debuglog_level >= 9) {
                     msr_log(msr, 9, "ISSQL: libinjection's input '%s' caused a parser error",
                         log_escape_ex(msr->mp, var->value, var->value_len));
                 }
                 break;
             default:
-                set_match_to_tx(msr, capture, var->value, 0);
+                input_copy = apr_pmemdup(msr->mp, var->value, var->value_len);
+                set_match_to_tx(msr, capture, input_copy, 0);
                 *error_msg = apr_psprintf(msr->mp, "unexpected libinjection result: (%d)", issqli);
                 if (msr->txcfg->debuglog_level >= 9) {
                     msr_log(msr, 9, "ISSQL: libinjection's input '%s' caused an unexpected result: (%d)",
@@ -2375,8 +2377,7 @@ static int msre_op_detectXSS_execute(modsec_rec *msr, msre_rule *rule, msre_var
                 }
                 break;
             case LIBINJECTION_RESULT_ERROR:
-                *error_msg = apr_psprintf(msr->mp, "libinjection parser error: '%s'",
-                                        log_escape_ex(msr->mp, var->value, var->value_len));
+                *error_msg = apr_psprintf(msr->mp, "libinjection parser error");
                     if (msr->txcfg->debuglog_level >= 9) {
                     msr_log(msr, 9, "IS_XSS: libinjection's input '%s' caused a parser error",
                         log_escape_ex(msr->mp, var->value, var->value_len));
