Merge branch 'v2/master' of https://github.com/marcstern/ModSecurity into v2/master

Author: Marc Stern

CHANGES

@@ -1,6 +1,8 @@
 DD mmm YYYY - 2.9.x (to be released)
 -------------------
 
+ * Enhance logging
+   [Issue #3107 - @marcstern]
  * Fix possible segfault in collection_unpack
    [Issue #3072 - @twouters]
  * Set the minimum security protocol version for SecRemoteRules

README.md

@@ -1,19 +1,22 @@
-ModSecurity for Apache 2.x
-======
+# ModSecurity 2
 
-http://www.modsecurity.org/
+https://www.modsecurity.org/
 
-Copyright (c) 2004-2013 Trustwave Holdings, Inc. (http://www.trustwave.com/)
+Copyright (c) 2004-2024 Trustwave Holdings, Inc. (https://www.trustwave.com/)
+Copyright (c) 2024-2024 OWASP ModSecurity Project (https://www.owasp.org/)
 
 You may not use this file except in compliance with the License. You may obtain a copy of the License at: https://www.apache.org/licenses/LICENSE-2.0
 
-If any of the files related to licensing are missing or if you have any other questions related to licensing please contact Trustwave Holdings, Inc. directly using the email address: modsecurity@owasp.org.
-
+If any of the files related to licensing are missing or if you have any other questions related to licensing please contact us here: modsecurity@owasp.org.
 
 ## Documentation
 
 Please refer to: [the documentation folder](https://github.com/owasp-modsecurity/ModSecurity/tree/v2/master/doc) for the reference manual.
 
 ## Sponsor Note
 
-Development of ModSecurity is sponsored by Trustwave. Sponsorship will end July 1, 2024. Additional information can be found here https://www.trustwave.com/en-us/resources/security-resources/software-updates/end-of-sale-and-trustwave-support-for-modsecurity-web-application-firewall/
+Original Development of ModSecurity was sponsored by Trustwave. In 2024, [stewardship was transferred to OWASP](https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/trustwave-transfers-modsecurity-custodianship-to-the-open-worldwide-application-security-project/).
+
+Contact us for sponsorship!
+
+You can also send us donations using the [OWASP donations page](https://owasp.org/donate/?reponame=www-project-modsecurity&title=OWASP+ModSecurity).

apache2/msc_json.c

@@ -65,6 +65,7 @@ int json_add_argument(modsec_rec *msr, const char *value, unsigned length)
                     log_escape_ex(msr->mp, arg->value, arg->value_len));
         }
         msr->msc_reqbody_error = 1;
+        msr->json->yajl_error = apr_psprintf(msr->mp, "More than %ld JSON keys", msr->txcfg->arguments_limit);
         return 0;
     }
 
@@ -374,9 +375,12 @@ int json_process_chunk(modsec_rec *msr, const char *buf, unsigned int size, char
 	if (msr->json->depth_limit_exceeded) {
            *error_msg = "JSON depth limit exceeded";
 	} else {
-           char *yajl_err = yajl_get_error(msr->json->handle, 0, buf, size);
-           *error_msg = apr_pstrdup(msr->mp, yajl_err);
-           yajl_free_error(msr->json->handle, yajl_err);
+        if (msr->json->yajl_error) *error_msg = msr->json->yajl_error;
+        else {
+             char* yajl_err = yajl_get_error(msr->json->handle, 0, buf, size);
+             *error_msg = apr_pstrdup(msr->mp, yajl_err);
+             yajl_free_error(msr->json->handle, yajl_err);
+        }
 	}
         return -1;
     }