github_mirrors/ModSecurity
3
0
Fork 1
mirror of https://github.com/owasp-modsecurity/ModSecurity.git synced 2025-08-17 06:36:13 +03:00
Code Issues Packages Projects Releases Wiki Activity

Fix issue in input stream

Browse Source
This commit is contained in:
brenosilva 2011-04-28 16:32:41 +00:00
parent 1aa4cace65
commit 0cc30904b9
3 changed files with 41 additions and 41 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
apache2/apache2_io.c
View File

@ -84,7 +84,8 @@ apr_status_t input_filter(ap_filter_t *f, apr_bucket_brigade *bb_out,
return APR_EGENERAL; return APR_EGENERAL;
} }
if (chunk && !msr->txcfg->stream_inbody_inspection) { //if (chunk && !msr->txcfg->stream_inbody_-nspection) {
if (chunk) {
/* Copy the data we received in the chunk */ /* Copy the data we received in the chunk */
bucket = apr_bucket_heap_create(chunk->data, chunk->length, NULL, bucket = apr_bucket_heap_create(chunk->data, chunk->length, NULL,
f->r->connection->bucket_alloc); f->r->connection->bucket_alloc);
@ -112,7 +113,7 @@ apr_status_t input_filter(ap_filter_t *f, apr_bucket_brigade *bb_out,
if (msr->txcfg->debuglog_level >= 4) { if (msr->txcfg->debuglog_level >= 4) {
msr_log(msr, 4, "Input filter: Forwarded %" APR_SIZE_T_FMT " bytes.", chunk->length); msr_log(msr, 4, "Input filter: Forwarded %" APR_SIZE_T_FMT " bytes.", chunk->length);
} }
} else if (msr->stream_input_data != NULL) { } /*else if (msr->stream_input_data != NULL) {
bucket = apr_bucket_heap_create(msr->stream_input_data, msr->stream_input_length, NULL, bucket = apr_bucket_heap_create(msr->stream_input_data, msr->stream_input_length, NULL,
f->r->connection->bucket_alloc); f->r->connection->bucket_alloc);
@ -125,7 +126,7 @@ apr_status_t input_filter(ap_filter_t *f, apr_bucket_brigade *bb_out,
} }
} }
*/
if (rc == 0) { if (rc == 0) {
modsecurity_request_body_retrieve_end(msr); modsecurity_request_body_retrieve_end(msr);
@ -262,6 +263,11 @@ apr_status_t read_request_body(modsec_rec *msr, char **error_msg) {
} }
} }
if (msr->txcfg->stream_inbody_inspection == 1) {
msr->stream_input_length+=buflen;
modsecurity_request_body_to_stream(msr, buf, buflen, error_msg);
}
if (buflen != 0) { if (buflen != 0) {
int rcbs = modsecurity_request_body_store(msr, buf, buflen, error_msg); int rcbs = modsecurity_request_body_store(msr, buf, buflen, error_msg);
if (rcbs < 0) { if (rcbs < 0) {

2
apache2/modsecurity.h
View File

@ -580,6 +580,8 @@ apr_status_t DSOLOCAL modsecurity_request_body_store(modsec_rec *msr,
apr_status_t DSOLOCAL modsecurity_request_body_end(modsec_rec *msr, char **error_msg); apr_status_t DSOLOCAL modsecurity_request_body_end(modsec_rec *msr, char **error_msg);
apr_status_t DSOLOCAL modsecurity_request_body_to_stream(modsec_rec *msr, const char *buffer, int buflen, char **error_msg);
apr_status_t DSOLOCAL modsecurity_request_body_retrieve_start(modsec_rec *msr, char **error_msg); apr_status_t DSOLOCAL modsecurity_request_body_retrieve_start(modsec_rec *msr, char **error_msg);
apr_status_t DSOLOCAL modsecurity_request_body_retrieve_end(modsec_rec *msr); apr_status_t DSOLOCAL modsecurity_request_body_retrieve_end(modsec_rec *msr);

64
apache2/msc_reqbody.c
View File

@ -82,6 +82,7 @@ static apr_status_t modsecurity_request_body_start_init(modsec_rec *msr, char **
apr_status_t modsecurity_request_body_start(modsec_rec *msr, char **error_msg) { apr_status_t modsecurity_request_body_start(modsec_rec *msr, char **error_msg) {
*error_msg = NULL; *error_msg = NULL;
msr->msc_reqbody_length = 0; msr->msc_reqbody_length = 0;
msr->stream_input_length = 0;
/* Create a separate memory pool that will be used /* Create a separate memory pool that will be used
* to allocate structures from (not data, which is allocated * to allocate structures from (not data, which is allocated
@ -96,7 +97,6 @@ apr_status_t modsecurity_request_body_start(modsec_rec *msr, char **error_msg) {
msre_reqbody_processor_metadata *metadata = msre_reqbody_processor_metadata *metadata =
(msre_reqbody_processor_metadata *)apr_table_get(msr->modsecurity->msre->reqbody_processors, msr->msc_reqbody_processor); (msre_reqbody_processor_metadata *)apr_table_get(msr->modsecurity->msre->reqbody_processors, msr->msc_reqbody_processor);
if (metadata != NULL) { if (metadata != NULL) {
if ( (metadata->init != NULL) if ( (metadata->init != NULL)
&& (metadata->init(msr, &my_error_msg) < 0)) && (metadata->init(msr, &my_error_msg) < 0))
@ -379,27 +379,25 @@ apr_status_t modsecurity_request_body_store(modsec_rec *msr,
return -1; return -1;
} }
static apr_status_t modsecurity_request_body_to_stream(modsec_rec *msr, char **error_msg) { apr_status_t modsecurity_request_body_to_stream(modsec_rec *msr, const char *buffer, int buflen, char **error_msg) {
msc_data_chunk **chunks;
char *d;
int i, sofar;
char *stream_input_body = NULL; char *stream_input_body = NULL;
char *data = NULL;
int first_pkt = 0;
*error_msg = NULL; if(msr->stream_input_data == NULL) {
/* Allocate a buffer large enough to hold the request body. */
if (msr->msc_reqbody_length + 1 == 0) {
*error_msg = apr_psprintf(msr->mp, "Internal error, request body length will overflow the stream buffer: %u",
msr->msc_reqbody_length);
return -1;
}
msr->stream_input_length = msr->msc_reqbody_length;
if(msr->stream_input_data == NULL)
msr->stream_input_data = (char *)calloc(sizeof(char), msr->stream_input_length + 1); msr->stream_input_data = (char *)calloc(sizeof(char), msr->stream_input_length + 1);
first_pkt = 1;
}
else { else {
data = (char *)malloc(msr->stream_input_length + 1 - buflen);
if(data == NULL)
return -1;
memset(data, 0, msr->stream_input_length + 1 - buflen);
memcpy(data, msr->stream_input_data, msr->stream_input_length - buflen);
stream_input_body = (char *)realloc(msr->stream_input_data, msr->stream_input_length + 1); stream_input_body = (char *)realloc(msr->stream_input_data, msr->stream_input_length + 1);
if(stream_input_body == NULL) { if(stream_input_body == NULL) {
@ -411,32 +409,29 @@ static apr_status_t modsecurity_request_body_to_stream(modsec_rec *msr, char **e
} }
if (msr->stream_input_data== NULL) { if (msr->stream_input_data== NULL) {
if(data) {
free(data);
data = NULL;
}
*error_msg = apr_psprintf(msr->mp, "Unable to allocate memory to hold request body on stream. Asked for %" APR_SIZE_T_FMT " bytes.", *error_msg = apr_psprintf(msr->mp, "Unable to allocate memory to hold request body on stream. Asked for %" APR_SIZE_T_FMT " bytes.",
msr->stream_input_length + 1); msr->stream_input_length + 1);
return -1; return -1;
} }
msr->stream_input_data[msr->stream_input_length] = '\0'; if(first_pkt) {
memcpy(msr->stream_input_data, buffer, msr->stream_input_length);
/* Copy the data we keep in chunks into the new buffer. */
sofar = 0;
d = msr->stream_input_data;
chunks = (msc_data_chunk **)msr->msc_reqbody_chunks->elts;
for(i = 0; i < msr->msc_reqbody_chunks->nelts; i++) {
if (sofar + chunks[i]->length <= msr->stream_input_length) {
memcpy(d, chunks[i]->data, chunks[i]->length);
d += chunks[i]->length;
sofar += chunks[i]->length;
} else { } else {
*error_msg = apr_psprintf(msr->mp, "Internal error, request body buffer overflow."); memcpy(msr->stream_input_data, data, msr->stream_input_length - buflen);
return -1; memcpy(msr->stream_input_data+(msr->stream_input_length - buflen), buffer, buflen);
} }
if(data) {
free(data);
data = NULL;
} }
return 1; return 1;
} }
/** /**
* Replace a bunch of chunks holding a request body with a single large chunk. * Replace a bunch of chunks holding a request body with a single large chunk.
*/ */
@ -552,9 +547,6 @@ apr_status_t modsecurity_request_body_end(modsec_rec *msr, char **error_msg) {
/* Note that we've read the body. */ /* Note that we've read the body. */
msr->msc_reqbody_read = 1; msr->msc_reqbody_read = 1;
if (msr->txcfg->stream_inbody_inspection)
modsecurity_request_body_to_stream(msr, error_msg);
/* Finalise body processing. */ /* Finalise body processing. */
if ((msr->msc_reqbody_processor != NULL) && (msr->msc_reqbody_error == 0)) { if ((msr->msc_reqbody_processor != NULL) && (msr->msc_reqbody_error == 0)) {
char *my_error_msg = NULL; char *my_error_msg = NULL;