diff --git a/CHANGES b/CHANGES index 029d5dfd..f260c607 100644 --- a/CHANGES +++ b/CHANGES @@ -1,6 +1,9 @@ -31 May 2009 - trunk +15 Jun 2009 - trunk ------------------- + * Fixed mlogc issue seen on big endian machines where content type + could be listed as zero. + * Removed extra newline from audit log message line when logging XML errors. This was causing problems parsing audit logs. diff --git a/apache2/Makefile.in b/apache2/Makefile.in index 6a96576d..c3aae466 100644 --- a/apache2/Makefile.in +++ b/apache2/Makefile.in @@ -73,12 +73,13 @@ clean-extras: @rm -rf ../tools/mlogc ../tools/mlogc-batch-load.pl clean: clean-extras - @rm -rf *.la *.lo *.o *.slo .libs msc_test msc-test-debug.log + @rm -rf *.la *.lo *.loT *.o *.slo .libs msc_test msc-test-debug.log -maintainer-clean: clean - @rm -rf Makefile mlogc-src/Makefile t/run-unit-tests.pl t/run-regression-tests.pl t/gen_rx-pm.pl t/csv_rx-pm.pl t/run-tests.pl t/regression/server_root/conf/httpd.conf t/regression/server_root/conf/config_*.t_*.conf config config.log config.status configure mod_security2_config.h ../tools/*.pl autoscan.log configure.scan build/libtool.m4 build/config.guess build/config.sub build/ltmain.sh build/apxs-wrapper +distclean: clean + @rm -rf Makefile mlogc-src/Makefile mlogc-src/mlogc-batch-load.pl ../tools/*.pl t/run-unit-tests.pl t/run-regression-tests.pl t/gen_rx-pm.pl t/csv_rx-pm.pl t/run-tests.pl t/regression/server_root/conf/httpd.conf t/regression/server_root/conf/*.t_*.conf t/regression/server_root/tmp/* t/regression/server_root/logs/*.log t/regression/server_root/logs/audit/* t/regression/server_root/upload/* t/regression/server_root/data/* config config.log config.status build/apxs-wrapper -distclean: maintainer-clean +maintainer-clean: distclean + @rm -rf config config.log config.status configure mod_security2_config.h autoscan.log configure.scan build/libtool.m4 build/config.guess build/config.sub build/ltmain.sh install-mods: mod_security2.la $(INSTALL_MOD_SHARED) mod_security2.la diff --git a/apache2/apache2.h b/apache2/apache2.h index 1d1dce51..d8d61568 100644 --- a/apache2/apache2.h +++ b/apache2/apache2.h @@ -87,6 +87,9 @@ char DSOLOCAL *get_apr_error(apr_pool_t *p, apr_status_t rc); char DSOLOCAL *get_env_var(request_rec *r, char *name); +void DSOLOCAL internal_log_ex(request_rec *r, directory_config *dcfg, modsec_rec *msr, + int level, int fixup, const char *text, va_list ap); + void DSOLOCAL internal_log(request_rec *r, directory_config *dcfg, modsec_rec *msr, int level, const char *text, va_list ap); diff --git a/apache2/apache2_util.c b/apache2/apache2_util.c index c0548d5a..011f49a9 100644 --- a/apache2/apache2_util.c +++ b/apache2/apache2_util.c @@ -226,12 +226,12 @@ char *get_env_var(request_rec *r, char *name) { } /** - * Internal log helper function. Use msr_log instead. This function will - * correctly handle both the messages that have a newline at the end, and - * those that don't. + * Extended internal log helper function. Use msr_log instead. If fixup is + * true, the message will be stripped of any trailing newline and any + * required bytes will be escaped. */ -void internal_log(request_rec *r, directory_config *dcfg, modsec_rec *msr, - int level, const char *text, va_list ap) +void internal_log_ex(request_rec *r, directory_config *dcfg, modsec_rec *msr, + int level, int fixup, const char *text, va_list ap) { apr_size_t nbytes, nbytes_written; apr_file_t *debuglog_fd = NULL; @@ -258,13 +258,24 @@ void internal_log(request_rec *r, directory_config *dcfg, modsec_rec *msr, /* Construct the message. */ apr_vsnprintf(str1, sizeof(str1), text, ap); + if (fixup) { + int len = strlen(str1); + + /* Strip line ending. */ + if (len && str1[len - 1] == '\n') { + str1[len - 1] = '\0'; + } + if (len > 1 && str1[len - 2] == '\r') { + str1[len - 2] = '\0'; + } + } /* Construct the log entry. */ apr_snprintf(str2, sizeof(str2), "[%s] [%s/sid#%pp][rid#%pp][%s][%d] %s\n", current_logtime(msr->mp), ap_get_server_name(r), (r->server), r, ((r->uri == NULL) ? "" : log_escape_nq(msr->mp, r->uri)), - level, str1); + level, (fixup ? log_escape_nq(msr->mp, str1) : str1)); /* Write to the debug log. */ if ((debuglog_fd != NULL)&&(level <= filter_debug_level)) { @@ -272,7 +283,8 @@ void internal_log(request_rec *r, directory_config *dcfg, modsec_rec *msr, apr_file_write_full(debuglog_fd, str2, nbytes, &nbytes_written); } - /* Send message levels 1-3 to the Apache error log too. */ + /* Send message levels 1-3 to the Apache error log and + * add it to the message list in the audit log. */ if (level <= 3) { char *unique_id = (char *)get_env_var(r, "UNIQUE_ID"); char *hostname = (char *)msr->hostname; @@ -305,6 +317,15 @@ void internal_log(request_rec *r, directory_config *dcfg, modsec_rec *msr, return; } +/** + * Internal log helper function. Use msr_log instead. + */ +void internal_log(request_rec *r, directory_config *dcfg, modsec_rec *msr, + int level, const char *text, va_list ap) +{ + internal_log_ex(r, dcfg, msr, level, 0, text, ap); +} + /** * Logs one message at the given level to the debug log (and to the * Apache error log if the message is important enough. @@ -313,7 +334,7 @@ void msr_log(modsec_rec *msr, int level, const char *text, ...) { va_list ap; va_start(ap, text); - internal_log(msr->r, msr->txcfg, msr, level, text, ap); + internal_log_ex(msr->r, msr->txcfg, msr, level, 0, text, ap); va_end(ap); } @@ -321,30 +342,13 @@ void msr_log(modsec_rec *msr, int level, const char *text, ...) { /** * Logs one message at level 3 to the debug log and to the * Apache error log. This is intended for error callbacks. - * - * The 'text' will first be escaped. */ void msr_log_error(modsec_rec *msr, const char *text, ...) { va_list ap; - int len; - char *str; - /* Generate the string. */ va_start(ap, text); - str = apr_pvsprintf(msr->mp, text, ap); + internal_log_ex(msr->r, msr->txcfg, msr, 3, 1, text, ap); va_end(ap); - - /* Strip line ending. */ - len = strlen(str); - if (len && str[len - 1] == '\n') { - str[len - 1] = '\0'; - } - if (len > 1 && str[len - 2] == '\r') { - str[len - 1] = '\0'; - } - - /* Log the escaped string. */ - internal_log(msr->r, msr->txcfg, msr, 3, log_escape_nq(msr->mp,str), NULL); } /** @@ -355,25 +359,10 @@ void msr_log_error(modsec_rec *msr, const char *text, ...) { */ void msr_log_warn(modsec_rec *msr, const char *text, ...) { va_list ap; - int len; - char *str; - /* Generate the string. */ va_start(ap, text); - str = apr_pvsprintf(msr->mp, text, ap); + internal_log_ex(msr->r, msr->txcfg, msr, 4, 1, text, ap); va_end(ap); - - /* Strip line ending. */ - len = strlen(str); - if (len && str[len - 1] == '\n') { - str[len - 1] = '\0'; - } - if (len > 1 && str[len - 2] == '\r') { - str[len - 1] = '\0'; - } - - /* Log the escaped string. */ - internal_log(msr->r, msr->txcfg, msr, 4, log_escape_nq(msr->mp,str), NULL); } diff --git a/apache2/build/apxs-wrapper.in b/apache2/build/apxs-wrapper.in index aa53e7d8..7e032731 100755 --- a/apache2/build/apxs-wrapper.in +++ b/apache2/build/apxs-wrapper.in @@ -5,6 +5,9 @@ for opt in "$@"; do case "$opt" in # Fix for -R not working w/apxs -R*) WRAPPED_OPTS="$WRAPPED_OPTS -Wl,$opt" ;; + # OSF1 compiler option + -pthread) WRAPPED_OPTS="$WRAPPED_OPTS -Wc,$opt" ;; + # Unwrapped *) WRAPPED_OPTS="$WRAPPED_OPTS $opt" ;; esac done diff --git a/apache2/mlogc-src/mlogc.c b/apache2/mlogc-src/mlogc.c index 725b04f6..bf027e53 100644 --- a/apache2/mlogc-src/mlogc.c +++ b/apache2/mlogc-src/mlogc.c @@ -1086,7 +1086,6 @@ static void logc_init(void) /* Pre-configure the handle. */ curl_easy_setopt(curl, CURLOPT_UPLOAD, TRUE); - curl_easy_setopt(curl, CURLOPT_PUT, TRUE); curl_easy_setopt(curl, CURLOPT_ERRORBUFFER, (char *)NULL); curl_easy_setopt(curl, CURLOPT_URL, console_uri); curl_easy_setopt(curl, CURLOPT_HTTPAUTH, CURLAUTH_BASIC); @@ -1156,6 +1155,8 @@ static void keep_entries_hack(apr_pool_t *mp, apr_thread_t *thread, const char * return; } + error_log(LOG_DEBUG, thread, "STAT \"%s\" {uid=%d; gid=%d; size=%" APR_OFF_T_FMT "; csize=%" APR_OFF_T_FMT "; atime=%" APR_TIME_T_FMT "; ctime=%" APR_TIME_T_FMT "; mtime=%" APR_TIME_T_FMT "}", fn, finfo.user, finfo.group, finfo.size, finfo.csize, finfo.atime, finfo.ctime, finfo.mtime); + if (finfo.mtime != KEEP_ENTRIES_REMOVE_TIME) { error_log(LOG_DEBUG2, thread, "Set mtime: %s", fn); if ((rc = apr_file_mtime_set(fn, (apr_time_t)KEEP_ENTRIES_REMOVE_TIME, mp)) != APR_SUCCESS) { @@ -1320,6 +1321,8 @@ static void * APR_THREAD_FUNC thread_worker(apr_thread_t *thread, void *data) char response_buf[STATUSBUF_SIZE]; CURLcode res; + error_log(LOG_DEBUG, thread, "STAT \"%s\" {uid=%d; gid=%d; size=%" APR_OFF_T_FMT "; csize=%" APR_OFF_T_FMT "; atime=%" APR_TIME_T_FMT "; ctime=%" APR_TIME_T_FMT "; mtime=%" APR_TIME_T_FMT "}", auditlogentry, finfo.user, finfo.group, finfo.size, finfo.csize, finfo.atime, finfo.ctime, finfo.mtime); + /* Initialize the respone buffer with a hidden value */ response_buf[0] = 0; response_buf[1] = 1; @@ -1357,7 +1360,6 @@ static void * APR_THREAD_FUNC thread_worker(apr_thread_t *thread, void *data) curl_easy_setopt(curl, CURLOPT_READDATA, hd_src); curl_easy_setopt(curl, CURLOPT_INFILESIZE_LARGE, finfo.size); - curl_easy_setopt(curl, CURLOPT_INFILESIZE, finfo.size); #if 0 mandatory on win32? curl_easy_setopt(curl, CURLOPT_READFUNCTION, read_callback); diff --git a/apache2/msc_release.h b/apache2/msc_release.h index 3390056f..1f3d949c 100644 --- a/apache2/msc_release.h +++ b/apache2/msc_release.h @@ -22,8 +22,8 @@ #include #include -/* ENH: Clean this mess up */ -#if !(defined(_AIX) || defined(WIN32) || defined(CYGWIN) || defined(NETWARE) || defined(SOLARIS2) || defined(__osf1__)) +/* ENH: Clean this mess up by detecting this is possible */ +#if !(defined(_AIX) || defined(WIN32) || defined(CYGWIN) || defined(NETWARE) || defined(SOLARIS2) || defined(OSF1)) #define DSOLOCAL __attribute__((visibility("hidden"))) #else #define DSOLOCAL diff --git a/doc/modsecurity2-apache-reference.xml b/doc/modsecurity2-apache-reference.xml index a784f45a..a435b19a 100644 --- a/doc/modsecurity2-apache-reference.xml +++ b/doc/modsecurity2-apache-reference.xml @@ -6,7 +6,7 @@ Manual - Version 2.6.0-trunk (May 29, 2009) + Version 2.6.0-trunk (June 2, 2009) 2004-2009 @@ -2836,11 +2836,12 @@ SecRule ENV:tag "suspicious"
<literal moreinfo="none">GEO</literal> - GEO is a collection populated by the @geoLookup operator. It can be used to match - geographical fields looked up by an IP address or hostname. + GEO is a collection populated by the results of + the last @geoLookup operator. The + collection can be used to match geographical fields looked from an IP + address or hostname. - Available since 2.2.0. + Available since ModSecurity 2.5.0. Fields: @@ -2903,7 +2904,9 @@ SecRule ENV:tag "suspicious" Example: - SecRule REMOTE_ADDR "@geoLookup" "chain,drop,msg:'Non-GB IP address'" + SecGeoLookupDb /usr/local/geo/data/GeoLiteCity.dat +... +SecRule REMOTE_ADDR "@geoLookup" "chain,drop,msg:'Non-GB IP address'" SecRule GEO:COUNTRY_CODE "!@streq GB"
@@ -5455,8 +5458,9 @@ SecRule ARGS:route "!@endsWith %{REQUEST_ADDR}" t:none,deny <literal>geoLookup</literal> Description: This operator looks up various - data fields from an IP address or hostname. The results will be captured - in the GEO collection. + data fields from an IP address or hostname in the target data. The + results will be captured in the GEO + collection. You must provide a database via SecGeoLookupDb before this operator can be @@ -5471,7 +5475,9 @@ SecRule ARGS:route "!@endsWith %{REQUEST_ADDR}" t:none,deny lookup, then do something like this (look for an empty GEO collection): - SecRule REMOTE_ADDR "@geoLookup" "pass,nolog" + SecGeoLookupDb /usr/local/geo/data/GeoLiteCity.dat +... +SecRule REMOTE_ADDR "@geoLookup" "pass,nolog" SecRule &GEO "@eq 0" "deny,status:403,msg:'Failed to lookup IP'"