Fix @pm lookup for possible matches on offset zero

Felipe Zimmerle · Felipe Zimmerle · commit beedddd6c66d · 2019-10-02T08:05:14.000-07:00
diff --git a/CHANGES b/CHANGES
@@ -1,6 +1,8 @@
 v3.0.4 - YYYY-MMM-DD (to be released)
 -------------------------------------
 
+ - Fix @pm lookup for possible matches on offset zero.
+   [@zimmerle, @afoxdavidi, @martinhsv, @marshal09]
  - Regex lookup on the key name instead of COLLECTION:key
    [@rdiperri-yottaa, @danbiagini-work, @mmelo-yottaa, @zimmerle]
  - Missing throw in Operator::instantiate
diff --git a/src/operators/pm.cc b/src/operators/pm.cc
@@ -84,7 +84,7 @@ void Pm::postOrderTraversal(acmp_btree_node_t *node) {
 
 bool Pm::evaluate(Transaction *transaction, Rule *rule,
     const std::string &input, std::shared_ptr<RuleMessage> ruleMessage) {
-    int rc = 0;
+    int rc = -1;
     ACMPT pt;
     pt.parser = m_p;
     pt.ptr = NULL;
@@ -97,7 +97,7 @@ bool Pm::evaluate(Transaction *transaction, Rule *rule,
     pthread_mutex_unlock(&m_lock);
 #endif
 
-    if (rc > 0 && transaction) {
+    if (rc >= 0 && transaction) {
         std::string match_(match);
         logOffset(ruleMessage, rc - match_.size() + 1, match_.size());
         transaction->m_matched.push_back(match_);
@@ -110,7 +110,7 @@ bool Pm::evaluate(Transaction *transaction, Rule *rule,
             std::string(match));
     }
 
-    return rc > 0;
+    return rc >= 0;
 }
 
 
diff --git a/src/utils/acmp.cc b/src/utils/acmp.cc
@@ -585,7 +585,7 @@ int acmp_process_quick(ACMPT *acmpt, const char **match, const char *data, size_
         offset++;
     }
     acmpt->ptr = node;
-    return 0;
+    return -1;
 }
 
 }
diff --git a/test/test-cases/regression/operator-pm.json b/test/test-cases/regression/operator-pm.json
@@ -0,0 +1,150 @@
+[
+  {
+    "enabled": 1,
+    "version_min": 300000,
+    "version_max": 0,
+    "title": "pm operator test 1/4",
+    "client": {
+      "ip": "200.249.12.31",
+      "port": 2313
+    },
+    "server": {
+      "ip": "200.249.12.31",
+      "port": 80
+    },
+    "request": {
+      "headers": {
+        "Host": "net.tutsplus.com"
+      },
+      "uri": "\/test.pl?param1=something`somenthing",
+      "method": "GET",
+      "http_version": 1.1,
+      "body": ""
+    },
+    "response": {
+      "headers": {
+        "Content-Type": "text\/xml; charset=utf-8\n\r",
+        "Content-Length": "length\n\r"
+      }
+    },
+    "expected": {
+      "debug_log": "Rule returned 1",
+      "http_code": 500
+    },
+    "rules": [
+      "SecRuleEngine On",
+      "SecRule ARGS \"@pm a ` b\" \"phase:1,id:999,deny,status:500\""
+    ]
+  },
+  {
+    "enabled": 1,
+    "version_min": 300000,
+    "version_max": 0,
+    "title": "pm operater test 2/4",
+    "client": {
+      "ip": "200.249.12.31",
+      "port": 2313
+    },
+    "server": {
+      "ip": "200.249.12.31",
+      "port": 80
+    },
+    "request": {
+      "headers": {
+        "Host": "net.tutsplus.com"
+      },
+      "uri": "\/test.pl?param1=`somenthing",
+      "method": "GET",
+      "http_version": 1.1,
+      "body": ""
+    },
+    "response": {
+      "headers": {
+        "Content-Type": "text\/xml; charset=utf-8\n\r",
+        "Content-Length": "length\n\r"
+      }
+    },
+    "expected": {
+      "debug_log": "",
+      "http_code": 500
+    },
+    "rules": [
+      "SecRuleEngine On",
+      "SecRule ARGS \"@pm a ` b\" \"phase:1,id:999,deny,status:500\""
+    ]
+  },
+  {
+    "enabled": 1,
+    "version_min": 300000,
+    "version_max": 0,
+    "title": "pm operater test 3/4",
+    "client": {
+      "ip": "200.249.12.31",
+      "port": 2313
+    },
+    "server": {
+      "ip": "200.249.12.31",
+      "port": 80
+    },
+    "request": {
+      "headers": {
+        "Host": "net.tutsplus.com"
+      },
+      "uri": "\/test.pl?param1=a",
+      "method": "GET",
+      "http_version": 1.1,
+      "body": ""
+    },
+    "response": {
+      "headers": {
+        "Content-Type": "text\/xml; charset=utf-8\n\r",
+        "Content-Length": "length\n\r"
+      }
+    },
+    "expected": {
+      "debug_log": "Rule returned 1",
+      "http_code": 500
+    },
+    "rules": [
+      "SecRuleEngine On",
+      "SecRule ARGS \"@pm a ` b\" \"phase:1,id:999,deny,status:500\""
+    ]
+  },
+  {
+    "enabled": 1,
+    "version_min": 300000,
+    "version_max": 0,
+    "title": "pm operater test 4/4",
+    "client": {
+      "ip": "200.249.12.31",
+      "port": 2313
+    },
+    "server": {
+      "ip": "200.249.12.31",
+      "port": 80
+    },
+    "request": {
+      "headers": {
+        "Host": "net.tutsplus.com"
+      },
+      "uri": "\/test.pl?param1=a`b",
+      "method": "GET",
+      "http_version": 1.1,
+      "body": ""
+    },
+    "response": {
+      "headers": {
+        "Content-Type": "text\/xml; charset=utf-8\n\r",
+        "Content-Length": "length\n\r"
+      }
+    },
+    "expected": {
+      "debug_log": "Rule returned 1",
+      "http_code": 500
+    },
+    "rules": [
+      "SecRuleEngine On",
+      "SecRule ARGS \"@pm a ` b\" \"phase:1,id:999,deny,status:500\""
+    ]
+  }
+]

Original file line number	Diff line number	Diff line change
`@@ -585,7 +585,7 @@ int acmp_process_quick(ACMPT acmpt, const char match, const char data, size_`
`585`	`585`	`offset++;`
`586`	`586`	`}`
`587`	`587`	`acmpt->ptr = node;`
`588`		`- return 0;`
	`588`	`+ return -1;`
`589`	`589`	`}`
`590`	`590`
`591`	`591`	`}`