8000 942220: fix magic number by lifeforms · Pull Request #2010 · coreruleset/coreruleset · GitHub
[go: up one dir, main page]
More Web Proxy on the site http://driver.im/
Skip to content

942220: fix magic number #2010

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 2 commits into from
Feb 15, 2021
Merged

942220: fix magic number #2010

merged 2 commits into from
Feb 15, 2021

Conversation

lifeforms
Copy link
Member

Revert the PHP magic number back to the correct version as reported in #2009.

@lifeforms
Copy link
Member Author
lifeforms commented Feb 13, 2021
edited
Loading

Hmm, looks like I messed up creating the test, but it looks good to me, can anyone see what's wrong?

kingthorin
kingthorin reviewed Feb 13, 2021
View reviewed changes
rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf
@@ -423,7 +426,7 @@ SecRule REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIES_NAMES|ARGS_NAME
# This rule has two stricter sibling: 942361 and 942362.
# The keywords 'alter' and 'union' led to false positives.
# Therefore they have been moved to PL2 and the keywords have been extended on PL1.
# The original version also had loose word boundaries and context checksm cause further false positives.
# The original version also had loose word boundaries and context checksm cause further false positives.
Copy link
@kingthorin kingthorin Feb 13, 2021
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
# The original version also had loose word boundaries and context checksm cause further false positives.
# The original version also had loose word boundaries and context checksum cause further false positives.

Just as a clean code move, it may as well be spelt correctly. Unless it was done purposefully for line length reasons?

@fgsch
Copy link
Contributor
fgsch commented Feb 13, 2021

Hmm, looks like I messed up creating the test, but it looks good to me, can anyone see what's wrong?

AFAICT the numbers don't match.

2.2250738585072007e-308 (rule)

vs

2.2250738585072011e-308 (test)

@lifeforms
Copy link
Member Author
lifeforms commented Feb 13, 2021
edited
Loading

Ah, you're right. I found the 2.2.2250738585072011e-308 number in a blog post, I now see it's different from the number that we had in CRS in 2011. I now wonder if the original number was always faulty from the start, which makes this bug even funnier, it's mentioned in the vuln blog post as not problematic. To be on the safe side, I added both numbers to the rule now, but I'm only testing on the number mentioned in the vuln:

https://www.exploringbinary.com/php-hangs-on-numeric-value-2-2250738585072011e-308/

@dune73 dune73 mentioned this pull request Feb 15, 2021
Closed
@dune73
Copy link
Member
dune73 commented Feb 15, 2021

Thank you for the quick fix. Merging now.

@dune73 dune73 merged commit ad97096 into coreruleset:v3.4/dev Feb 15, 2021
@dune73 dune73 mentioned this pull request Mar 1, 2021
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@kingthorin kingthorin kingthorin left review comments

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@lifeforms @fgsch @dune73 @kingthorin
0