From 30a68de92d5e619613d5250e16abe199a4c8e4d1 Mon Sep 17 00:00:00 2001 From: Eduardo Arias Date: Tue, 21 May 2024 21:02:25 +0000 Subject: [PATCH] Creating a std::string with a null pointer is undefined behaviour. - cppreference mentions this about the constructor that receives a const char *: - Constructs the string with the contents initialized with a copy of the null-terminated character string pointed to by s. The length of the string is determined by the first null character. The behavior is undefined if [s, s + Traits::length(s)) is not a valid range (for example, if s is a null pointer). - C++23 introduces a deleted constructor to prevent this in static scenarios, which is how this issue was detected. --- headers/modsecurity/rules_set_properties.h | 2 +- src/actions/transformations/url_encode.cc | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/headers/modsecurity/rules_set_properties.h b/headers/modsecurity/rules_set_properties.h index 77b112698c..643abce834 100644 --- a/headers/modsecurity/rules_set_properties.h +++ b/headers/modsecurity/rules_set_properties.h @@ -333,9 +333,9 @@ class RulesSetProperties { case FalseConfigBoolean: return "False"; case PropertyNotSetConfigBoolean: + default: return "Not set"; } - return NULL; } diff --git a/src/actions/transformations/url_encode.cc b/src/actions/transformations/url_encode.cc index 19ecb3349d..056755ca2d 100644 --- a/src/actions/transformations/url_encode.cc +++ b/src/actions/transformations/url_encode.cc @@ -48,7 +48,7 @@ std::string UrlEncode::url_enc(const char *input, len = input_len * 3 + 1; d = rval = reinterpret_cast(malloc(len)); if (rval == NULL) { - return NULL; + return {}; } /* ENH Only encode the characters that really need to be encoded. */