Avoids unicode initialization on every rules block

ModSecurity-nginx/#67
ModSecurity/#1563

Author: Felipe Zimmerle

Diff for: CHANGES

@@ -2,6 +2,9 @@
 v3.0.????? - ?
 ---------------------------
 
+ - Avoids unicode initialization on every rules object
+   [Issue #1563 - @zimmerle, @Tiki-God, @sethinsd, @Cloaked9000, @AnoopAlias,
+                  @intelbg]
  - Makes clear to the user whenever the audit log is empty due to missing
    JSON support.
    [Issue #1585 - @zimmerle]

Diff for: headers/modsecurity/rules.h

@@ -40,30 +40,23 @@ namespace Parser {
 class Driver;
 }
 
+
 /** @ingroup ModSecurity_CPP_API */
 class Rules : public RulesProperties {
  public:
     Rules()
         : RulesProperties(new DebugLog()),
         unicode_codepage(0),
         m_referenceCount(0),
-        m_secmarker_skipped(0) {
-            unicode_map_table = reinterpret_cast<int *>(
-                malloc(sizeof(int)*65536));
-            memset(unicode_map_table, -1, (sizeof(int)*65536));
-        }
+        m_secmarker_skipped(0) { }
 
     explicit Rules(DebugLog *customLog)
         : RulesProperties(customLog),
         unicode_codepage(0),
         m_referenceCount(0),
-        m_secmarker_skipped(0) {
-            unicode_map_table = reinterpret_cast<int *>(
-                malloc(sizeof(int)*65536));
-            memset(unicode_map_table, -1, (sizeof(int)*65536));
-        }
+        m_secmarker_skipped(0) { }
 
-    ~Rules();
+    ~Rules() { }
 
     void incrementReferenceCount(void);
     void decrementReferenceCount(void);
@@ -83,7 +76,6 @@ class Rules : public RulesProperties {
 
     void debug(int level, std::string message);
 
-    int *unicode_map_table;
     int64_t unicode_codepage;
 
  private:

Diff for: headers/modsecurity/rules_properties.h

@@ -79,6 +79,14 @@ class ConfigSet {
     std::set<std::string> m_value;
 };
 
+
+class ConfigUnicodeMap {
+ public:
+    ConfigUnicodeMap() : m_set(false), m_unicode_map_table(NULL) { }
+    bool m_set;
+    int *m_unicode_map_table;
+};
+
 class RulesProperties {
  public:
     RulesProperties() :
@@ -332,6 +340,11 @@ class RulesProperties {
                 from->m_secArgumentSeparator.m_value;
         }
 
+        if (from->m_unicodeMapTable.m_set == true) {
+            to->m_unicodeMapTable.m_unicode_map_table = \
+                from->m_unicodeMapTable.m_unicode_map_table;
+        }
+
         if (from->m_httpblKey.m_set == true) {
             to->m_httpblKey.m_value = from->m_httpblKey.m_value;
             to->m_httpblKey.m_set = from->m_httpblKey.m_set;
@@ -469,6 +482,7 @@ class RulesProperties {
     ConfigString m_secArgumentSeparator;
     std::vector<actions::Action *> m_defaultActions[8];
     std::vector<modsecurity::Rule *> m_rules[8];
+    ConfigUnicodeMap m_unicodeMapTable;
 };
 
 #endif

Diff for: src/actions/transformations/url_decode_uni.cc

@@ -87,7 +87,8 @@ int UrlDecodeUni::inplace(unsigned char *input, uint64_t input_len,
                         fact = 1;
 
                         if (transaction
-                            && transaction->m_rules->unicode_map_table != NULL
+                            && transaction->m_rules->m_unicodeMapTable.m_set == true
+                            && transaction->m_rules->m_unicodeMapTable.m_unicode_map_table != NULL
                             && transaction->m_rules->unicode_codepage > 0)  {
                             for (j = 5; j >= 2; j--) {
                                 if (isxdigit((input[i+j]))) {
@@ -105,7 +106,7 @@ int UrlDecodeUni::inplace(unsigned char *input, uint64_t input_len,
 
                             if (Code >= 0 && Code <= 65535)  {
                                 Rules *r = transaction->m_rules;
-                                hmap = r->unicode_map_table[Code];
+                                hmap = r->m_unicodeMapTable.m_unicode_map_table[Code];
                             }
                         }
 

Diff for: src/rules.cc

@@ -77,12 +77,6 @@ void Rules::decrementReferenceCount(void) {
 }
 
 
-Rules::~Rules() {
-    free(unicode_map_table);
-    unicode_map_table = NULL;
-}
-
-
 /**
  * @name    loadFromUri
  * @brief   load rules from a give uri