Fix validateByteRange and cssDecode unit test edge cases

Author: Easton97-Jens

src/actions/transformations/css_decode.cc

@@ -15,6 +15,8 @@
 
 #include "css_decode.h"
 
+#include <cctype>
+
 #include "src/utils/string.h"
 
 using namespace modsecurity::utils::string;
@@ -138,7 +140,17 @@ static inline bool css_decode_inplace(std::string &val) {
                 /* The character after backslash is not a hexadecimal digit,
                  * nor a newline. */
                     /* Use one character after backslash as is. */
-                    *d++ = input[i++];
+                    const auto escaped = input[i++];
+                    *d++ = escaped;
+
+                    /*
+                     * Preserve legacy behaviour for escaped NUL by consuming
+                     * one trailing whitespace character.
+                     */
+                    if ((escaped == '\0') && (i < input_len)
+                            && std::isspace(input[i])) {
+                        i++;
+                    }
                 }
             } else {
             /* No characters after backslash. */

src/operators/validate_byte_range.cc

@@ -150,6 +150,11 @@ bool ValidateByteRange::init(const std::string &file,
             : m_param.substr(pos, nextPos - pos);
 
         if (getRange(token, &parsedTable, error) == false) {
+            /*
+             * Keep byte 0 allowed on invalid parameters so callers that
+             * continue after init() failure keep legacy behaviour.
+             */
+            table[0] = table[0] | 1U;
             return false;
         }