Skip to content

Add cleanup methods to complete C based ABI #3209

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 2 commits into from
Aug 6, 2024
Merged

Add cleanup methods to complete C based ABI #3209

merged 2 commits into from
Aug 6, 2024

Conversation

eduar-hte
Copy link
Contributor

what

Add cleanup methods to C based ABI to allow the library to be used by languages that do not link with the standard C library.

why

The C/C++ interface of libModSecurity assumes that clients that use the library are also able to link with the standard C library to free any resources allocated by libModSecurity functions and returned to the client (transferring their ownership to them).

If the client wants to build a shared library version of libModSecurity (such as .dll on Windows) and use it through the exported API, it will not be able to deallocate these resources.

This PR adds two cleanup methods to allow clients that depend just on the library's ABI to free those resources.

These methods follow the approach and terminology of existing cleanup methods in the C API (such as msc_rules_cleanup & msc_cleanup) and aims to provide completeness for the lifecycle management of all objects allocated by the library.

changes

  • void msc_rules_error_cleanup(const char *error)
    • Deallocates an error message returned by the msc_rules_xxx methods.
  • void msc_intervention_cleanup(ModSecurityIntervention *it)
    • Deallocates the url and/or log members of the ModSecurityIntervention structure that may be allocated in a call to msc_intervention.

@eduar-hte
Added methods to free buffers allocated by ModSecurity APIs
dab9bb6 
- The following methods are introduced to allow clients of
  libModSecurity that are not able to link and call the C/C++ standard
  library to be able to free the buffers allocated by libModSecurity.
- msc_intervention_cleanup: Frees the buffers in a
  ModSecurityIntervention structure that have been allocated by calls to
  msc_intervention.
- msc_rules_error_cleanup: Frees an error message buffer allocated by
  the msc_rules_xxx functions to detail the condition that triggered
  the error.
@eduar-hte
Fixed potential memory leak when there is an intervention and log or …
0dce460 
…url is set.
@sonarqubecloud SonarQubeCloud
Copy link

sonarqubecloud bot commented Aug 5, 2024

Quality Gate Passed Quality Gate passed

Issues
3 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarCloud

airween
airween requested changes Aug 6, 2024
View reviewed changes
@airween airween merged commit 630751e into owasp-modsecurity:v3/master Aug 6, 2024
49 checks passed
@eduar-hte eduar-hte deleted the cleanup_api branch August 6, 2024 13:41
This was referenced Aug 6, 2024
Merged
Closed
@marcstern marcstern added the 3.x Related to ModSecurity version 3.x label Aug 20, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@airween airween airween approved these changes

Assignees
No one assigned
Labels
3.x Related to ModSecurity version 3.x
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@eduar-hte @airween @marcstern