From 088c660d58f9c12ada19cfcc4c085ea4b17550a9 Mon Sep 17 00:00:00 2001 From: chaizhenhua Date: Sun, 31 Mar 2013 15:24:45 +0800 Subject: [PATCH] Improved build script --- build/find_apr.m4 | 9 +- build/find_apu.m4 | 10 +- nginx/modsecurity/config | 4 +- standalone/Makefile.am | 8 +- standalone/Makefile.in | 88 +++++++++++------- standalone/api.c | 191 +++++++++++++++++++++------------------ 6 files changed, 183 insertions(+), 127 deletions(-) diff --git a/build/find_apr.m4 b/build/find_apr.m4 index a5324a64..5524b662 100644 --- a/build/find_apr.m4 +++ b/build/find_apr.m4 @@ -11,7 +11,8 @@ APR_CFLAGS="" APR_CPPFLAGS="" APR_LDFLAGS="" APR_LDADD="" - +APR_INCLUDEDIR="" +APR_LINKLD="" AC_DEFUN([CHECK_APR], [dnl @@ -63,6 +64,10 @@ if test -n "${apr_path}"; then if test "$verbose_output" -eq 1; then AC_MSG_NOTICE(apr LDFLAGS: $APR_LDFLAGS); fi APR_LDADD="`${APR_CONFIG} --link-libtool`" if test "$verbose_output" -eq 1; then AC_MSG_NOTICE(apr LDADD: $APR_LDADD); fi + APR_INCLUDEDIR="`${APR_CONFIG} --includedir`" + if test "$verbose_output" -eq 1; then AC_MSG_NOTICE(apr INCLUDEDIR: $APR_INCLUDEDIR); fi + APR_LINKLD="`${APR_CONFIG} --link-ld`" + if test "$verbose_output" -eq 1; then AC_MSG_NOTICE(apr LINKLD: $APR_LINKLD); fi else AC_MSG_RESULT([no]) fi @@ -73,6 +78,8 @@ AC_SUBST(APR_CFLAGS) AC_SUBST(APR_CPPFLAGS) AC_SUBST(APR_LDFLAGS) AC_SUBST(APR_LDADD) +AC_SUBST(APR_INCLUDEDIR) +AC_SUBST(APR_LINKLD) if test -z "${APR_VERSION}"; then AC_MSG_NOTICE([*** apr library not found.]) diff --git a/build/find_apu.m4 b/build/find_apu.m4 index cf0b5936..bc82030b 100644 --- a/build/find_apu.m4 +++ b/build/find_apu.m4 @@ -10,6 +10,8 @@ APU_CONFIG="" APU_CFLAGS="" APU_LDFLAGS="" APU_LDADD="" +APU_INCLUDEDIR="" +APU_LINKLD="" AC_DEFUN([CHECK_APU], [dnl @@ -18,7 +20,7 @@ AC_ARG_WITH( apu, [AC_HELP_STRING([--with-apu=PATH],[Path to apu prefix or config script])], [test_paths="${with_apu}"], - [test_paths="/usr/local/libapr-util /usr/local/apr-util /usr/local/libapu /usr/local/apu /usr/local /opt/libapr-util /opt/apr-util /opt/libapu /opt/apu /opt /usr"]) + [test_paths="/usr/local/libapr-util /usr/local/apr-util /usr/local/libapu /usr/local/apu /usr/local/apr /usr/local /opt/libapr-util /opt/apr-util /opt/libapu /opt/apu /opt /usr"]) AC_MSG_CHECKING([for libapu config script]) @@ -60,6 +62,10 @@ if test -n "${apu_path}"; then if test "$verbose_output" -eq 1; then AC_MSG_NOTICE(apu LDFLAGS: $APU_LDFLAGS); fi APU_LDADD="`${APU_CONFIG} --link-libtool`" if test "$verbose_output" -eq 1; then AC_MSG_NOTICE(apu LDADD: $APU_LDADD); fi + APU_INCLUDEDIR="`${APU_CONFIG} --includedir`" + if test "$verbose_output" -eq 1; then AC_MSG_NOTICE(apu INCLUDEDIR: $APU_INCLUDEDIR); fi + APU_LINKLD="`${APU_CONFIG} --link-ld`" + if test "$verbose_output" -eq 1; then AC_MSG_NOTICE(apu LINKLD: $APU_LINKLD); fi else AC_MSG_RESULT([no]) fi @@ -69,6 +75,8 @@ AC_SUBST(APU_VERSION) AC_SUBST(APU_CFLAGS) AC_SUBST(APU_LDFLAGS) AC_SUBST(APU_LDADD) +AC_SUBST(APU_INCLUDEDIR) +AC_SUBST(APU_LINKLD) if test -z "${APU_VERSION}"; then AC_MSG_NOTICE([*** apu library not found.]) diff --git a/nginx/modsecurity/config b/nginx/modsecurity/config index dbf42706..a77538ba 100644 --- a/nginx/modsecurity/config +++ b/nginx/modsecurity/config @@ -3,5 +3,5 @@ CORE_MODULES="$CORE_MODULES ngx_pool_context_module" HTTP_AUX_FILTER_MODULES="ngx_http_modsecurity $HTTP_AUX_FILTER_MODULES" NGX_ADDON_SRCS="$NGX_ADDON_SRCS $ngx_addon_dir/ngx_http_modsecurity.c $ngx_addon_dir/apr_bucket_nginx.c $ngx_addon_dir/ngx_pool_context.c" NGX_ADDON_DEPS="$NGX_ADDON_DEPS $ngx_addon_dir/apr_bucket_nginx.h $ngx_addon_dir/ngx_pool_context.h" -CORE_LIBS="$CORE_LIBS $ngx_addon_dir/../../standalone/.libs/standalone.a -lapr-1 -laprutil-1 -lxml2 -lm " -CORE_INCS="$CORE_INCS /usr/include/apache2 /usr/include/apr-1.0 /usr/include/httpd /usr/include/apr-1 $ngx_addon_dir $ngx_addon_dir/../../standalone $ngx_addon_dir/../../apache2 /usr/include/libxml2 " +CORE_LIBS="$CORE_LIBS $ngx_addon_dir/../../standalone/.libs/standalone.a -L/usr/local/apr/lib -lapr-1 -L/usr/local/apr/lib -laprutil-1 -lpcre -lxml2 -lz -lm -ldl " +CORE_INCS="$CORE_INCS $ngx_addon_dir $ngx_addon_dir/../../standalone $ngx_addon_dir/../../apache2 /usr/include/libxml2 /usr/local/apache2/include /usr/local/apr/include/apr-1 /usr/local/apr/include/apr-1" diff --git a/standalone/Makefile.am b/standalone/Makefile.am index d6dd02f8..14d2f8a6 100644 --- a/standalone/Makefile.am +++ b/standalone/Makefile.am @@ -72,6 +72,10 @@ standalone_la_LDFLAGS = -no-undefined -module -avoid-version \ @PCRE_LDFLAGS@ @LIBXML2_LDFLAGS@ @LUA_LDFLAGS@ endif +standalone_INCS = `echo "@LIBXML2_CFLAGS@ @LUA_CFLAGS@" | sed -n 's/ *-I *\([^ ]*\) /\1 /gp'` \ + @APXS_INCLUDEDIR@ @APR_INCLUDEDIR@ @APU_INCLUDEDIR@ +standalone_LIBS = @APR_LINKLD@ @APU_LINKLD@ @APXS_LDFLAGS@ \ + @PCRE_LDADD@ @LIBXML2_LDADD@ @LUA_LDADD@ install-exec-hook: $(pkglib_LTLIBRARIES) @echo "Creating Nginx config file..."; \ rm -f ../nginx/modsecurity/config; \ @@ -80,8 +84,8 @@ install-exec-hook: $(pkglib_LTLIBRARIES) echo "HTTP_AUX_FILTER_MODULES=\"ngx_http_modsecurity \$$HTTP_AUX_FILTER_MODULES\"" >> ../nginx/modsecurity/config; \ echo "NGX_ADDON_SRCS=\"\$$NGX_ADDON_SRCS \$$ngx_addon_dir/ngx_http_modsecurity.c \$$ngx_addon_dir/apr_bucket_nginx.c \$$ngx_addon_dir/ngx_pool_context.c\"" >> ../nginx/modsecurity/config;\ echo "NGX_ADDON_DEPS=\"\$$NGX_ADDON_DEPS \$$ngx_addon_dir/apr_bucket_nginx.h \$$ngx_addon_dir/ngx_pool_context.h\"" >> ../nginx/modsecurity/config; \ - echo "CORE_LIBS=\"\$$CORE_LIBS \$$ngx_addon_dir/../../standalone/.libs/standalone.a -lapr-1 -laprutil-1 -lxml2 -lm @LUA_LDADD@\"" >> ../nginx/modsecurity/config; \ - echo "CORE_INCS=\"\$$CORE_INCS /usr/include/apache2 /usr/include/apr-1.0 /usr/include/httpd /usr/include/apr-1 \$$ngx_addon_dir \$$ngx_addon_dir/../../standalone \$$ngx_addon_dir/../../apache2 /usr/include/libxml2 `echo @LUA_CFLAGS@ | cut -d "I" -f3`\"" >> ../nginx/modsecurity/config; \ + echo "CORE_LIBS=\"\$$CORE_LIBS \$$ngx_addon_dir/../../standalone/.libs/standalone.a $(standalone_LIBS) \"" >> ../nginx/modsecurity/config; \ + echo "CORE_INCS=\"\$$CORE_INCS \$$ngx_addon_dir \$$ngx_addon_dir/../../standalone \$$ngx_addon_dir/../../apache2 $(standalone_INCS)\"" >> ../nginx/modsecurity/config; \ echo "Removing unused static libraries..."; \ for m in $(pkglib_LTLIBRARIES); do \ base=`echo $$m | sed 's/\..*//'`; \ diff --git a/standalone/Makefile.in b/standalone/Makefile.in index ca84e211..73785d3c 100644 --- a/standalone/Makefile.in +++ b/standalone/Makefile.in @@ -1,9 +1,8 @@ -# Makefile.in generated by automake 1.11.6 from Makefile.am. +# Makefile.in generated by automake 1.12.2 from Makefile.am. # @configure_input@ -# Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, -# 2003, 2004, 2005, 2006, 2007, 2008, 2009, 2010, 2011 Free Software -# Foundation, Inc. +# Copyright (C) 1994-2012 Free Software Foundation, Inc. + # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, # with or without modifications, as long as this notice is preserved. @@ -51,7 +50,8 @@ POST_UNINSTALL = : build_triplet = @build@ host_triplet = @host@ subdir = standalone -DIST_COMMON = $(srcdir)/Makefile.am $(srcdir)/Makefile.in +DIST_COMMON = $(srcdir)/Makefile.am $(srcdir)/Makefile.in \ + $(top_srcdir)/build/depcomp ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/build/find_apr.m4 \ $(top_srcdir)/build/find_apu.m4 \ @@ -149,13 +149,17 @@ AMTAR = @AMTAR@ APR_CFLAGS = @APR_CFLAGS@ APR_CONFIG = @APR_CONFIG@ APR_CPPFLAGS = @APR_CPPFLAGS@ +APR_INCLUDEDIR = @APR_INCLUDEDIR@ APR_LDADD = @APR_LDADD@ APR_LDFLAGS = @APR_LDFLAGS@ +APR_LINKLD = @APR_LINKLD@ APR_VERSION = @APR_VERSION@ APU_CFLAGS = @APU_CFLAGS@ APU_CONFIG = @APU_CONFIG@ +APU_INCLUDEDIR = @APU_INCLUDEDIR@ APU_LDADD = @APU_LDADD@ APU_LDFLAGS = @APU_LDFLAGS@ +APU_LINKLD = @APU_LINKLD@ APU_VERSION = @APU_VERSION@ APXS = @APXS@ APXS_BINDIR = @APXS_BINDIR@ @@ -381,6 +385,12 @@ standalone_la_LIBADD = @APR_LDADD@ @APU_LDADD@ @PCRE_LDADD@ @LIBXML2_LDADD@ @LUA @SOLARIS_TRUE@ @APR_LDFLAGS@ @APU_LDFLAGS@ @APXS_LDFLAGS@ \ @SOLARIS_TRUE@ @PCRE_LDFLAGS@ @LIBXML2_LDFLAGS@ @LUA_LDFLAGS@ +standalone_INCS = `echo "@LIBXML2_CFLAGS@ @LUA_CFLAGS@" | sed -n 's/ *-I *\([^ ]*\) /\1 /gp'` \ + @APXS_INCLUDEDIR@ @APR_INCLUDEDIR@ @APU_INCLUDEDIR@ + +standalone_LIBS = @APR_LINKLD@ @APU_LINKLD@ @APXS_LDFLAGS@ \ + @PCRE_LDADD@ @LIBXML2_LDADD@ @LUA_LDADD@ + all: all-am .SUFFIXES: @@ -441,12 +451,14 @@ uninstall-pkglibLTLIBRARIES: clean-pkglibLTLIBRARIES: -test -z "$(pkglib_LTLIBRARIES)" || rm -f $(pkglib_LTLIBRARIES) - @list='$(pkglib_LTLIBRARIES)'; for p in $$list; do \ - dir="`echo $$p | sed -e 's|/[^/]*$$||'`"; \ - test "$$dir" != "$$p" || dir=.; \ - echo "rm -f \"$${dir}/so_locations\""; \ - rm -f "$${dir}/so_locations"; \ - done + @list='$(pkglib_LTLIBRARIES)'; \ + locs=`for p in $$list; do echo $$p; done | \ + sed 's|^[^/]*$$|.|; s|/[^/]*$$||; s|$$|/so_locations|' | \ + sort -u`; \ + test -z "$$locs" || { \ + echo rm -f $${locs}; \ + rm -f $${locs}; \ + } standalone.la: $(standalone_la_OBJECTS) $(standalone_la_DEPENDENCIES) $(EXTRA_standalone_la_DEPENDENCIES) $(standalone_la_LINK) -rpath $(pkglibdir) $(standalone_la_OBJECTS) $(standalone_la_LIBADD) $(LIBS) @@ -797,6 +809,20 @@ GTAGS: && $(am__cd) $(top_srcdir) \ && gtags -i $(GTAGS_ARGS) "$$here" +cscopelist: $(HEADERS) $(SOURCES) $(LISP) + list='$(SOURCES) $(HEADERS) $(LISP)'; \ + case "$(srcdir)" in \ + [\\/]* | ?:[\\/]*) sdir="$(srcdir)" ;; \ + *) sdir=$(subdir)/$(srcdir) ;; \ + esac; \ + for i in $$list; do \ + if test -f "$$i"; then \ + echo "$(subdir)/$$i"; \ + else \ + echo "$$sdir/$$i"; \ + fi; \ + done >> $(top_builddir)/cscope.files + distclean-tags: -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags @@ -942,32 +968,30 @@ uninstall-am: uninstall-pkglibLTLIBRARIES .MAKE: install-am install-exec-am install-strip .PHONY: CTAGS GTAGS all all-am check check-am clean clean-generic \ - clean-libtool clean-pkglibLTLIBRARIES ctags distclean \ - distclean-compile distclean-generic distclean-libtool \ - distclean-tags distdir dvi dvi-am html html-am info info-am \ - install install-am install-data install-data-am install-dvi \ - install-dvi-am install-exec install-exec-am install-exec-hook \ - install-html install-html-am install-info install-info-am \ - install-man install-pdf install-pdf-am \ - install-pkglibLTLIBRARIES install-ps install-ps-am \ - install-strip installcheck installcheck-am installdirs \ - maintainer-clean maintainer-clean-generic mostlyclean \ - mostlyclean-compile mostlyclean-generic mostlyclean-libtool \ - pdf pdf-am ps ps-am tags uninstall uninstall-am \ - uninstall-pkglibLTLIBRARIES - + clean-libtool clean-pkglibLTLIBRARIES cscopelist ctags \ + distclean distclean-compile distclean-generic \ + distclean-libtool distclean-tags distdir dvi dvi-am html \ + html-am info info-am install install-am install-data \ + install-data-am install-dvi install-dvi-am install-exec \ + install-exec-am install-exec-hook install-html install-html-am \ + install-info install-info-am install-man install-pdf \ + install-pdf-am install-pkglibLTLIBRARIES install-ps \ + install-ps-am install-strip installcheck installcheck-am \ + installdirs maintainer-clean maintainer-clean-generic \ + mostlyclean mostlyclean-compile mostlyclean-generic \ + mostlyclean-libtool pdf pdf-am ps ps-am tags uninstall \ + uninstall-am uninstall-pkglibLTLIBRARIES install-exec-hook: $(pkglib_LTLIBRARIES) @echo "Creating Nginx config file..."; \ rm -f ../nginx/modsecurity/config; \ echo "ngx_addon_name=ngx_http_modsecurity" >> ../nginx/modsecurity/config; \ - echo "# HTTP_MODULES=\"\$$HTTP_MODULES ngx_http_modsecurity\"" >> ../nginx/modsecurity/config; \ - echo "HTTP_HEADERS_FILTER_MODULE=\"ngx_http_modsecurity \$$HTTP_HEADERS_FILTER_MODULE\"" >> ../nginx/modsecurity/config; \ - echo "NGX_ADDON_SRCS=\"\$$NGX_ADDON_SRCS \$$ngx_addon_dir/ngx_http_modsecurity.c \$$ngx_addon_dir/apr_bucket_nginx.c\"" >> ../nginx/modsecurity/config;\ - echo "NGX_ADDON_DEPS=\"\$$NGX_ADDON_DEPS\"" >> ../nginx/modsecurity/config; \ - echo "CORE_LIBS=\"\$$CORE_LIBS \$$ngx_addon_dir/../../standalone/.libs/standalone.a -lapr-1 -laprutil-1 -lxml2 -lm @LUA_LDADD@\"" >> ../nginx/modsecurity/config; \ - echo "CORE_INCS=\"\$$CORE_INCS /usr/include/apache2 /usr/include/apr-1.0 /usr/include/httpd /usr/include/apr-1 \$$ngx_addon_dir \$$ngx_addon_dir/../../standalone \$$ngx_addon_dir/../../apache2 /usr/include/libxml2 `echo @LUA_CFLAGS@ | cut -d "I" -f3`\"" >> ../nginx/modsecurity/config; \ - echo "have=REQUEST_EARLY . auto/have" >> ../nginx/modsecurity/config;\ + echo "CORE_MODULES=\"\$$CORE_MODULES ngx_pool_context_module\"" >> ../nginx/modsecurity/config; \ + echo "HTTP_AUX_FILTER_MODULES=\"ngx_http_modsecurity \$$HTTP_AUX_FILTER_MODULES\"" >> ../nginx/modsecurity/config; \ + echo "NGX_ADDON_SRCS=\"\$$NGX_ADDON_SRCS \$$ngx_addon_dir/ngx_http_modsecurity.c \$$ngx_addon_dir/apr_bucket_nginx.c \$$ngx_addon_dir/ngx_pool_context.c\"" >> ../nginx/modsecurity/config;\ + echo "NGX_ADDON_DEPS=\"\$$NGX_ADDON_DEPS \$$ngx_addon_dir/apr_bucket_nginx.h \$$ngx_addon_dir/ngx_pool_context.h\"" >> ../nginx/modsecurity/config; \ + echo "CORE_LIBS=\"\$$CORE_LIBS \$$ngx_addon_dir/../../standalone/.libs/standalone.a $(standalone_LIBS) \"" >> ../nginx/modsecurity/config; \ + echo "CORE_INCS=\"\$$CORE_INCS \$$ngx_addon_dir \$$ngx_addon_dir/../../standalone \$$ngx_addon_dir/../../apache2 $(standalone_INCS)\"" >> ../nginx/modsecurity/config; \ echo "Removing unused static libraries..."; \ for m in $(pkglib_LTLIBRARIES); do \ base=`echo $$m | sed 's/\..*//'`; \ diff --git a/standalone/api.c b/standalone/api.c index d656d04a..09158f50 100644 --- a/standalone/api.c +++ b/standalone/api.c @@ -223,40 +223,10 @@ apr_status_t ap_http_in_filter(ap_filter_t *f, apr_bucket_brigade *bb_out, } apr_status_t ap_http_out_filter(ap_filter_t *f, apr_bucket_brigade *b) { - modsec_rec *msr = (modsec_rec *)f->ctx; apr_status_t rc; - apr_bucket_brigade *bb_out; - - bb_out = modsecGetResponseBrigade(f->r); - - - if (bb_out) { - APR_BRIGADE_CONCAT(bb_out, b); - return APR_SUCCESS; - } - - // is there a way to tell whether the response body was modified or not? - // - if((msr->txcfg->content_injection_enabled || msr->content_prepend_len != 0 || msr->content_append_len != 0) - && msr->txcfg->resbody_access) { - - if (modsecWriteResponse != NULL) { - char *data = NULL; - apr_size_t length; - - rc = apr_brigade_pflatten(msr->of_brigade, &data, &length, msr->mp); - - if (rc != APR_SUCCESS) { - msr_log(msr, 1, "Output filter: Failed to flatten brigade (%d): %s", rc, - get_apr_error(msr->mp, rc)); - return -1; - } - - /* TODO: return ?*/ - modsecWriteResponse(msr->r, data, msr->stream_output_length); - } - } + apr_bucket_brigade *bb_out = (apr_bucket_brigade *)f->ctx; + APR_BRIGADE_CONCAT(bb_out, b); return APR_SUCCESS; } @@ -551,74 +521,117 @@ int modsecIsResponseBodyAccessEnabled(request_rec *r) } int modsecProcessResponse(request_rec *r) { - int status = DECLINED; + int status; + modsec_rec *msr; + apr_bucket *e; + ap_filter_t *f; + apr_bucket_brigade *bb_in, *bb_out, *bb; - if(r->output_filters != NULL) { - modsec_rec *msr = (modsec_rec *)r->output_filters->ctx; - char buf[8192]; - char *tmp = NULL; - apr_bucket *e = NULL; + if(r->output_filters == NULL) { + return DECLINED; + } + + msr = (modsec_rec *)r->output_filters->ctx; + if (msr == NULL) { + ap_log_error(APLOG_MARK, APLOG_ERR | APLOG_NOERRNO, 0, r->server, + "ModSecurity: Internal Error: msr is null in output filter."); + ap_remove_output_filter(r->output_filters); + return APR_EGENERAL; + } + + msr->r = r; + + /* create input response brigade */ + bb_in = apr_brigade_create(msr->mp, r->connection->bucket_alloc); + + if (bb_in == NULL) { + msr_log(msr, 1, "Process response: Failed to create brigade."); + return APR_EGENERAL; + } + + /* get input response brigade */ + bb = modsecGetResponseBrigade(r); + if (bb != NULL) { + APR_BRIGADE_CONCAT(bb_in, bb); + if (!APR_BUCKET_IS_EOS(APR_BRIGADE_LAST(bb_in))) { + e = apr_bucket_eos_create(bb_in->bucket_alloc); + APR_BRIGADE_INSERT_TAIL(bb_in, e); + } + } else if (modsecReadResponse != NULL) { unsigned int readcnt = 0; int is_eos = 0; - ap_filter_t *f = NULL; - apr_bucket_brigade *bb_in, *bb = NULL; + char buf[8192]; + while(!is_eos) { + modsecReadResponse(r, buf, 8192, &readcnt, &is_eos); - if (msr == NULL) { - ap_log_error(APLOG_MARK, APLOG_ERR | APLOG_NOERRNO, 0, r->server, - "ModSecurity: Internal Error: msr is null in output filter."); - ap_remove_output_filter(r->output_filters); - return send_error_bucket(msr, r->output_filters, HTTP_INTERNAL_SERVER_ERROR); - } - - bb = apr_brigade_create(msr->mp, r->connection->bucket_alloc); - - if (bb == NULL) { - msr_log(msr, 1, "Process response: Failed to create brigade."); - return APR_EGENERAL; - } - - msr->r = r; - - bb_in = modsecGetResponseBrigade(r); - - if (bb_in != NULL) { - APR_BRIGADE_CONCAT(bb, bb_in); - if (!APR_BUCKET_IS_EOS(APR_BRIGADE_LAST(bb))) { - e = apr_bucket_eos_create(bb->bucket_alloc); - APR_BRIGADE_INSERT_TAIL(bb, e); + if(readcnt > 0) { + char *tmp = (char *)apr_palloc(r->pool, readcnt); + memcpy(tmp, buf, readcnt); + e = apr_bucket_pool_create(tmp, readcnt, r->pool, r->connection->bucket_alloc); + APR_BRIGADE_INSERT_TAIL(bb_in, e); } - } else if (modsecReadResponse != NULL) { - while(!is_eos) { - modsecReadResponse(r, buf, 8192, &readcnt, &is_eos); + } - if(readcnt > 0) { - tmp = (char *)apr_palloc(r->pool, readcnt); - memcpy(tmp, buf, readcnt); - e = apr_bucket_pool_create(tmp, readcnt, r->pool, r->connection->bucket_alloc); - APR_BRIGADE_INSERT_TAIL(bb, e); - } + e = apr_bucket_eos_create(r->connection->bucket_alloc); + APR_BRIGADE_INSERT_TAIL(bb_in, e); + } else { + /* cannot read response body process header only */ + + e = apr_bucket_eos_create(r->connection->bucket_alloc); + APR_BRIGADE_INSERT_TAIL(bb_in, e); + } + + bb_out = bb ? bb : apr_brigade_create(msr->mp, r->connection->bucket_alloc); + + if (bb_out == NULL) { + msr_log(msr, 1, "Process response: Failed to create brigade."); + return APR_EGENERAL; + } + + /* concat output bucket to bb_out */ + f = ap_add_output_filter("HTTP_OUT", bb_out, r, r->connection); + status = ap_pass_brigade(r->output_filters, bb_in); + ap_remove_output_filter(f); + + if (status == APR_EGENERAL) { + /* retrive response status from bb_out */ + for(e = APR_BRIGADE_FIRST(bb_out); + e != APR_BRIGADE_SENTINEL(bb_out); + e = APR_BUCKET_NEXT(e)) { + if (AP_BUCKET_IS_ERROR(e)) { + return ((ap_bucket_error*) e->data)->status; } - - e = apr_bucket_eos_create(r->connection->bucket_alloc); - APR_BRIGADE_INSERT_TAIL(bb, e); - } else { - /* cannot read response body process header only */ - - e = apr_bucket_eos_create(r->connection->bucket_alloc); - APR_BRIGADE_INSERT_TAIL(bb, e); - } - - f = ap_add_output_filter("HTTP_OUT", msr, r, r->connection); - status = ap_pass_brigade(r->output_filters, bb); - ap_remove_output_filter(f); - if(status > 0 - && msr->intercept_actionset->intercept_status != 0) { - status = msr->intercept_actionset->intercept_status; } + return APR_EGENERAL; + } + + if (status != DECLINED) { return status; } - return status; + /* copy bb_out */ + // is there a way to tell whether the response body was modified or not? + if (modsecWriteResponse != NULL + && (msr->txcfg->content_injection_enabled || msr->content_prepend_len != 0 || msr->content_append_len != 0) + && msr->txcfg->resbody_access) { + + char *data = NULL; + apr_size_t length; + + status = apr_brigade_pflatten(msr->of_brigade, &data, &length, msr->mp); + + if (status != APR_SUCCESS) { + msr_log(msr, 1, "Output filter: Failed to flatten brigade (%d): %s", status, + get_apr_error(msr->mp, status)); + return APR_EGENERAL; + } + + if ( modsecWriteResponse(msr->r, data, msr->stream_output_length) != APR_SUCCESS) { + return APR_EGENERAL; + } + } + + return DECLINED; } int modsecFinishRequest(request_rec *r) {