owasp-modsecurity · airween · May 4, 2025 · Sep 30, 2024 · Apr 20, 2025 · Apr 26, 2025
diff --git a/apache2/apache2_config.c b/apache2/apache2_config.c
@@ -3703,7 +3703,7 @@ static const char *cmd_cache_transformations(cmd_parms *cmd, void *_dcfg,
 }
 
 /**
-* \brief Add SecParseXMLIntoArgs configuration option
+* \brief Add SecParseXmlIntoArgs configuration option
 *
 * \param cmd Pointer to configuration data
 * \param _dcfg Pointer to directory configuration
@@ -3726,7 +3726,7 @@ static const char *cmd_parse_xml_into_args(cmd_parms *cmd, void *_dcfg, const ch
     if (strcasecmp(p1, "on") == 0)       { dcfg->parse_xml_into_args = MSC_XML_ARGS_ON; }
     else if (strcasecmp(p1, "off") == 0) { dcfg->parse_xml_into_args = MSC_XML_ARGS_OFF; }
     else if (strcasecmp(p1, "onlyargs") == 0) { dcfg->parse_xml_into_args = MSC_XML_ARGS_ONLYARGS; }
-    else return apr_psprintf(cmd->pool, "ModSecurity: Invalid value for SecParseXMLIntoArgs: %s", p1);
+    else return apr_psprintf(cmd->pool, "ModSecurity: Invalid value for SecParseXmlIntoArgs: %s", p1);
 
     return NULL;
 }
@@ -4499,7 +4499,7 @@ const command_rec module_directives[] = {
     ),
 
     AP_INIT_TAKE1 (
-        "SecParseXMLintoArgs",
+        "SecParseXmlIntoArgs",
         cmd_parse_xml_into_args,
         NULL,
         CMD_SCOPE_ANY,

diff --git a/apache2/msc_xml.c b/apache2/msc_xml.c
@@ -40,6 +40,10 @@ static void msc_xml_on_start_elementns(
     int *new_stack_item = (int *)apr_array_push(xml_parser_state->has_child_stack);
     *new_stack_item = 0;
     xml_parser_state->depth++;
+    // set null to the current value
+    // this is necessary because if there is any text between the tags (new line, etc)
+    // it will be added to the current value
+    xml_parser_state->currval = NULL;
 
     // if there is an item before the current one we set that has a child
     if (xml_parser_state->depth > 1) {
@@ -104,14 +108,27 @@ static void msc_xml_on_end_elementns(
     xml_parser_state->currpath = newpath;
 
     xml_parser_state->depth--;
+    xml_parser_state->currval = NULL;
 }
 
 static void msc_xml_on_characters(void *ctx, const xmlChar *ch, int len) {
 
     modsec_rec * msr = (modsec_rec *)ctx;
     msc_xml_parser_state * xml_parser_state = msr->xml->xml_parser_state;
 
-    xml_parser_state->currval = apr_pstrndup(msr->mp, (const char *)ch, len);
+    // libxml2 SAX parser will call this function multiple times
+    // during the parsing of a single node, if the value has multibyte
+    // characters, so we need to concatenate the values
+    xml_parser_state->currval = apr_pstrcat(msr->mp,
+                                            ((xml_parser_state->currval != NULL) ? xml_parser_state->currval : ""),
+                                            apr_pstrndup(msr->mp, (const char *)ch, len),
+                                            NULL);
+    // check if the memory allocation was successful
+    if (xml_parser_state->currval == NULL) {
+        msr->xml->xml_error = apr_psprintf(msr->mp, "Failed to allocate memory for XML value.");
+        xmlStopParser((xmlParserCtxtPtr)msr->xml->parsing_ctx_arg);
+    }
+
 }