owasp-modsecurity · fzipi · Feb 20, 2026 · Feb 20, 2026
diff --git a/apache2/apache2_util.c b/apache2/apache2_util.c
@@ -238,7 +238,7 @@ static void internal_log_ex(request_rec *r, directory_config *dcfg, modsec_rec *
     /* Construct the message. */
     apr_vsnprintf(str1, sizeof(str1), text, ap);
     if (fixup) {
-        int len = strlen(str1);
+        size_t len = strlen(str1);
 
         /* Strip line ending. */
         if (len && str1[len - 1] == '\n') {

diff --git a/apache2/msc_logging.c b/apache2/msc_logging.c
@@ -300,7 +300,8 @@ static void sanitize_request_line(modsec_rec *msr) {
         if (strcmp(arg->origin, "QUERY_STRING") == 0) {
             char *pat = NULL;
             char *p;
-            int j, arg_min, arg_max;
+            size_t j;
+            int arg_min, arg_max;
 
             /* Go to the beginning of the parameter. */
             p = qspos;
@@ -333,7 +334,7 @@ static void sanitize_request_line(modsec_rec *msr) {
                         arg_max = 1;
                         while((*pat != '\0')&&(j--)) {
                             if(arg_max > mparm->pad_2)  {
-                                int off = (strlen(mparm->value) - arg_max);
+                                int off = (int)strlen(mparm->value) - arg_max;
                                 int pos = (mparm->pad_1-1);
                                 if(off > pos)    {
                                     *pat = '*';
@@ -668,7 +669,8 @@ void sec_audit_logger_json(modsec_rec *msr) {
     int wrote_response_body = 0;
     char *entry_filename, *entry_basename;
     apr_status_t rc;
-    int i, limit, k, sanitized_partial, j;
+    int i, limit, k, sanitized_partial;
+    size_t j;
     char *buf = NULL, *pat = NULL;
     msc_parm *mparm = NULL;
     int arg_min, arg_max, sanitize_matched;
@@ -827,7 +829,7 @@ void sec_audit_logger_json(modsec_rec *msr) {
                             arg_max = 1;
                             while((*pat != '\0')&&(j--)) {
                                 if(arg_max > mparm->pad_2)  {
-                                    int off = strlen(mparm->value) - arg_max;
+                                    int off = (int)strlen(mparm->value) - arg_max;
                                     int pos = mparm->pad_1-1;
                                     if(off > pos)    {
                                         *pat = '*';
@@ -1084,7 +1086,7 @@ void sec_audit_logger_json(modsec_rec *msr) {
                                 arg_max = 1;
                                 while((*pat != '\0')&&(j--)) {
                                     if(arg_max > mparm->pad_2)  {
-                                        int off = strlen(mparm->value) - arg_max;
+                                        int off = (int)strlen(mparm->value) - arg_max;
                                         int pos = mparm->pad_1-1;
                                         if(off > pos)    {
                                             *pat = '*';
@@ -1547,7 +1549,8 @@ void sec_audit_logger_native(modsec_rec *msr) {
     int wrote_response_body = 0;
     char *entry_filename, *entry_basename;
     apr_status_t rc;
-    int i, limit, k, sanitized_partial, j;
+    int i, limit, k, sanitized_partial;
+    size_t j;
     char *buf = NULL, *pat = NULL;
     msc_parm *mparm = NULL;
     int arg_min, arg_max, sanitize_matched;
@@ -1683,7 +1686,7 @@ void sec_audit_logger_native(modsec_rec *msr) {
                             arg_max = 1;
                             while((*pat != '\0')&&(j--)) {
                                 if(arg_max > mparm->pad_2)  {
-                                    int off = strlen(mparm->value) - arg_max;
+                                    int off = (int)strlen(mparm->value) - arg_max;
                                     int pos = mparm->pad_1-1;
                                     if(off > pos)    {
                                         *pat = '*';
@@ -1931,7 +1934,7 @@ void sec_audit_logger_native(modsec_rec *msr) {
                                 arg_max = 1;
                                 while((*pat != '\0')&&(j--)) {
                                     if(arg_max > mparm->pad_2)  {
-                                        int off = strlen(mparm->value) - arg_max;
+                                        int off = (int)strlen(mparm->value) - arg_max;
                                         int pos = mparm->pad_1-1;
                                         if(off > pos)    {
                                             *pat = '*';

diff --git a/apache2/msc_multipart.c b/apache2/msc_multipart.c
@@ -22,7 +22,8 @@
 
 void validate_quotes(modsec_rec *msr, char *data, char quote)  {
     assert(msr != NULL);
-    int i, len;
+    size_t i;
+    size_t len;
 
     if(msr->mpd == NULL)
         return;
@@ -42,7 +43,7 @@ void validate_quotes(modsec_rec *msr, char *data, char quote)  {
 
         if(data[i] == '\'') {
             if (msr->txcfg->debuglog_level >= 9) {
-                msr_log(msr, 9, "Multipart: Invalid quoting detected: %s length %d bytes",
+                msr_log(msr, 9, "Multipart: Invalid quoting detected: %s length %zu bytes",
                         log_escape_nq(msr->mp, data), len);
             }
             msr->mpd->flag_invalid_quoting = 1;
@@ -846,7 +847,7 @@ int multipart_init(modsec_rec *msr, char **error_msg) {
         char *p = NULL;
         char *b = NULL;
         int seen_semicolon = 0;
-        int len = 0;
+        size_t len = 0;
 
         /* Check for extra characters before the boundary. */
         for (p = (char *)(msr->request_content_type + 19); p < msr->mpd->boundary; p++) {
@@ -1485,7 +1486,7 @@ int multipart_get_arguments(modsec_rec *msr, char *origin, apr_table_t *argument
 char *multipart_reconstruct_urlencoded_body_sanitize(modsec_rec *msr) {
     multipart_part **parts;
     char *body;
-    unsigned int body_len;
+    size_t body_len;
     int i;
 
     if (msr->mpd == NULL) return NULL;

diff --git a/apache2/msc_status_engine.c b/apache2/msc_status_engine.c
@@ -52,11 +52,11 @@
 // Bese32 encode, based on:
 // https://code.google.com/p/google-authenticator/source/browse/libpam/base32.c
 int DSOLOCAL msc_status_engine_base32_encode(char *encoded,
-    const char *data, int len) {
+    const char *data, size_t len) {
     int buffer;
     int count = 0;
     char *result = encoded;
-    int length = strlen(data);
+    size_t length = strlen(data);
 
     buffer = data[0];
 
@@ -97,7 +97,7 @@ int DSOLOCAL msc_status_engine_base32_encode(char *encoded,
 }
 
 int DSOLOCAL msc_status_engine_fill_with_dots(char *encoded_with_dots,
-    const char *data, int len, int space)
+    const char *data, size_t len, int space)
 {
     int i;
     int count = 0;

diff --git a/apache2/msc_util.c b/apache2/msc_util.c
@@ -274,12 +274,12 @@ unsigned char is_netmask_v6(char *ip_strv6) {
  *
  * \retval string On Success
  */
-char *parse_pm_content(const char *op_parm, unsigned short int op_len, msre_rule *rule, char **error_msg)  {
+char *parse_pm_content(const char *op_parm, size_t op_len, msre_rule *rule, char **error_msg)  {
     char *parm = NULL;
     char *content = NULL;
-    unsigned short int offset = 0;
+    size_t offset = 0;
     char converted = 0;
-    int i, x;
+    size_t i, x;
     unsigned char bin = 0, esc = 0, bin_offset = 0;
     unsigned char c = 0;
     unsigned char bin_parm[3] = { 0 };
@@ -708,7 +708,7 @@ char *file_basename(apr_pool_t *mp, const char *filename) {
 
 char *m_strcasestr(const char *haystack, const char *needle) {
     char aux, lower_aux;
-    int length;
+    size_t length;
 
     if ((aux = *needle++) != 0) {
         aux = (char)tolower((unsigned char)aux);

diff --git a/apache2/msc_util.h b/apache2/msc_util.h
@@ -63,7 +63,7 @@ int DSOLOCAL parse_boolean(const char *input);
 
 char DSOLOCAL *remove_quotes(apr_pool_t *mptmp, const char *input, int input_len);
 
-char DSOLOCAL *parse_pm_content(const char *op_parm, unsigned short int op_len, msre_rule *rule, char **error_msg);
+char DSOLOCAL *parse_pm_content(const char *op_parm, size_t op_len, msre_rule *rule, char **error_msg);
 
 char DSOLOCAL *remove_escape(apr_pool_t *mptmp, const char *input, int input_len);
 

diff --git a/apache2/re_operators.c b/apache2/re_operators.c
@@ -387,7 +387,7 @@ static int msre_op_rsub_param_init(msre_rule *rule, char **error_msg) {
     char *data = NULL;
     char delim;
     int ignore_case = 0;
-    unsigned short int op_len = 0;
+    size_t op_len = 0;
 
     *error_msg = NULL;
 
@@ -529,7 +529,8 @@ static int msre_op_rsub_execute(modsec_rec *msr, msre_rule *rule, msre_var *var,
     char *data_out = NULL;
     unsigned int size = 0;
     unsigned int maxsize=0;
-    int output_body = 0, input_body = 0, sl;
+    int output_body = 0, input_body = 0;
+    size_t sl;
 #if AP_SERVER_MAJORVERSION_NUMBER > 1 && AP_SERVER_MINORVERSION_NUMBER > 0
     ap_regmatch_t pmatch[AP_MAX_REG_MATCH];
 #else
@@ -1315,7 +1316,7 @@ static int msre_op_pm_param_init(msre_rule *rule, char **error_msg) {
     ACMP *p;
     const char *phrase;
     const char *next;
-    unsigned short int op_len;
+    size_t op_len;
 
     if ((rule->op_param == NULL)||(strlen(rule->op_param) == 0)) {
         *error_msg = apr_psprintf(rule->ruleset->mp, "Missing parameter for operator 'pm'.");
@@ -1361,7 +1362,7 @@ static int msre_op_pmFromFile_param_init(msre_rule *rule, char **error_msg) {
     char *end = NULL;
     const char *rulefile_path;
     char *processed = NULL;
-    unsigned short int op_len;
+    size_t op_len;
     apr_status_t rc;
     apr_file_t *fd = NULL;
     ACMP *p;
@@ -1702,7 +1703,7 @@ static const char *gsb_reduce_char(apr_pool_t *pool, const char *domain) {
  * \retval 1 On Match
  * \retval 0 On No Match
  */
-static int verify_gsb(gsb_db *gsb, modsec_rec *msr, const char *match, unsigned int match_length) {
+static int verify_gsb(gsb_db *gsb, modsec_rec *msr, const char *match, size_t match_length) {
     assert(gsb != NULL);
     assert(msr != NULL);
     assert(match != NULL);
@@ -1794,15 +1795,16 @@ static int msre_op_gsbLookup_execute(modsec_rec *msr, msre_rule *rule, msre_var
     int options = 0;
     gsb_db *gsb = msr->txcfg->gsb;
     const char *match = NULL;
-    unsigned int match_length;
-    unsigned int canon_length;
+    size_t match_length;
+    size_t canon_length;
     int rv, i, ret, count_slash;
     unsigned int j = 0;
     unsigned int size = var->value_len;
     char *base = NULL, *domain = NULL, *savedptr = NULL;
     char *str = NULL, *canon = NULL, *dot = NULL;
     char *data = NULL, *ptr = NULL, *url = NULL;
-    int capture, domain_len;
+    int capture;
+    size_t domain_len;
     int d_pos = -1;
     int s_pos = -1;
 
@@ -2672,7 +2674,7 @@ static int msre_op_strmatch_param_init(msre_rule *rule, char **error_msg) {
     const apr_strmatch_pattern *compiled_pattern;
     char *processed = NULL;
     const char *pattern = rule->op_param;
-    unsigned short int op_len;
+    size_t op_len;
 
     *error_msg = NULL;
 
@@ -4166,7 +4168,8 @@ static int msre_op_fuzzy_hash_init(msre_rule *rule, char **error_msg)
     struct fuzzy_hash_chunk *chunk, *t;
     FILE *fp;
     char *file;
-    int param_len,threshold;
+    size_t param_len;
+    int threshold;
     char line[1024];
 
     char *data = NULL;