github_mirrors/ModSecurity
3
0
Fork 1
mirror of https://github.com/owasp-modsecurity/ModSecurity.git synced 2025-08-14 05:45:59 +03:00
Code Issues Packages Projects Releases Wiki Activity

Flip allocations that happen during initialization (typically) over to use non-global apr memory pools.

Browse Source
This commit is contained in:
David Andrews 2013-12-16 14:53:19 -08:00 committed by Felipe Zimmerle
parent 31d7fc6d38
commit 27dd513ab6
5 changed files with 130 additions and 129 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
apache2/apache2_config.c
View File

@ -873,7 +873,7 @@ static const char *add_rule(cmd_parms *cmd, directory_config *dcfg, int type,
*
* ENH Probably do not want this done fully for chained rules.
*/
rule->actionset = msre_actionset_merge(modsecurity->msre, dcfg->tmp_default_actionset,
rule->actionset = msre_actionset_merge(modsecurity->msre, cmd->pool, dcfg->tmp_default_actionset,
rule->actionset, 1);
/* Keep track of the parent action for "block" */
@ -1068,7 +1068,7 @@ static const char *update_rule_action(cmd_parms *cmd, directory_config *dcfg,
}
/* Create a new actionset */
new_actionset = msre_actionset_create(modsecurity->msre, p2, &my_error_msg);
new_actionset = msre_actionset_create(modsecurity->msre, cmd->pool, p2, &my_error_msg);
if (new_actionset == NULL) return FATAL_ERROR;
if (my_error_msg != NULL) return my_error_msg;
@ -1095,7 +1095,7 @@ static const char *update_rule_action(cmd_parms *cmd, directory_config *dcfg,
/* Merge new actions with the rule */
/* ENH: Will this leak the old actionset? */
rule->actionset = msre_actionset_merge(modsecurity->msre, rule->actionset,
rule->actionset = msre_actionset_merge(modsecurity->msre, cmd->pool, rule->actionset,
new_actionset, 1);
msre_actionset_set_defaults(rule->actionset);
@ -1477,7 +1477,7 @@ static const char *cmd_default_action(cmd_parms *cmd, void *_dcfg,
extern msc_engine *modsecurity;
char *my_error_msg = NULL;
dcfg->tmp_default_actionset = msre_actionset_create(modsecurity->msre, p1, &my_error_msg);
dcfg->tmp_default_actionset = msre_actionset_create(modsecurity->msre, cmd->pool, p1, &my_error_msg);
if (dcfg->tmp_default_actionset == NULL) {
if (my_error_msg != NULL) return my_error_msg;
else return FATAL_ERROR;

73
apache2/re.c
View File

@ -38,7 +38,7 @@ static apr_status_t msre_parse_targets(msre_ruleset *ruleset, const char *text,
static char *msre_generate_target_string(apr_pool_t *pool, msre_rule *rule);
static msre_var *msre_create_var(msre_ruleset *ruleset, const char *name, const char *param,
modsec_rec *msr, char **error_msg);
static msre_action *msre_create_action(msre_engine *engine, const char *name,
static msre_action *msre_create_action(msre_engine *engine, apr_pool_t *mp, const char *name,
const char *param, char **error_msg);
static apr_status_t msre_rule_process(msre_rule *rule, modsec_rec *msr);
@ -769,7 +769,7 @@ static apr_status_t msre_parse_targets(msre_ruleset *ruleset, const char *text,
* Creates msre_action instances by parsing the given string, placing
* them into the supplied array.
*/
static apr_status_t msre_parse_actions(msre_engine *engine, msre_actionset *actionset,
static apr_status_t msre_parse_actions(msre_engine *engine, apr_pool_t *mp, msre_actionset *actionset,
const char *text, char **error_msg)
{
const apr_array_header_t *tarr;
@ -788,23 +788,23 @@ static apr_status_t msre_parse_actions(msre_engine *engine, msre_actionset *acti
if (text == NULL) {
*error_msg = apr_psprintf(engine->mp, "Internal error: " \
*error_msg = apr_psprintf(mp, "Internal error: " \
"msre_parse_actions, variable text is NULL");
return -1;
}
/* Extract name & value pairs first */
vartable = apr_table_make(engine->mp, 10);
vartable = apr_table_make(mp, 10);
if (vartable == NULL) {
*error_msg = apr_psprintf(engine->mp, "Internal error: " \
*error_msg = apr_psprintf(mp, "Internal error: " \
"msre_parse_actions, failed to create vartable");
return -1;
}
rc = msre_parse_generic(engine->mp, text, vartable, error_msg);
rc = msre_parse_generic(mp, text, vartable, error_msg);
if (rc < 0) {
if (*error_msg == NULL)
*error_msg = apr_psprintf(engine->mp, "Internal error: " \
*error_msg = apr_psprintf(mp, "Internal error: " \
"msre_parse_actions, msre_parse_generic failed. Return " \
"code: %d", rc);
@ -816,17 +816,17 @@ static apr_status_t msre_parse_actions(msre_engine *engine, msre_actionset *acti
telts = (const apr_table_entry_t*)tarr->elts;
for (i = 0; i < tarr->nelts; i++) {
/* Create action. */
action = msre_create_action(engine, telts[i].key, telts[i].val, error_msg);
action = msre_create_action(engine, mp, telts[i].key, telts[i].val, error_msg);
if (action == NULL) {
if (*error_msg == NULL)
*error_msg = apr_psprintf(engine->mp, "Internal error: " \
*error_msg = apr_psprintf(mp, "Internal error: " \
"msre_parse_actions, msre_create_action failed.");
return -1;
}
/* Initialise action (option). */
if (action->metadata->init != NULL) {
action->metadata->init(engine, actionset, action);
action->metadata->init(engine, mp, actionset, action);
}
msre_actionset_action_add(actionset, action);
@ -895,14 +895,14 @@ msre_var *msre_create_var_ex(apr_pool_t *pool, msre_engine *engine, const char *
/* Resolve variable */
var->metadata = msre_resolve_var(engine, var->name);
if (var->metadata == NULL) {
*error_msg = apr_psprintf(engine->mp, "Unknown variable: %s", name);
*error_msg = apr_psprintf(pool, "Unknown variable: %s", name);
return NULL;
}
/* The counting operator "&" can only be used against collections. */
if (var->is_counting) {
if (var->metadata->type == VAR_SIMPLE) {
*error_msg = apr_psprintf(engine->mp, "The & modificator does not apply to "
*error_msg = apr_psprintf(pool, "The & modificator does not apply to "
"non-collection variables.");
return NULL;
}
@ -911,7 +911,7 @@ msre_var *msre_create_var_ex(apr_pool_t *pool, msre_engine *engine, const char *
/* Check the parameter. */
if (varparam == NULL) {
if (var->metadata->argc_min > 0) {
*error_msg = apr_psprintf(engine->mp, "Missing mandatory parameter for variable %s.",
*error_msg = apr_psprintf(pool, "Missing mandatory parameter for variable %s.",
name);
return NULL;
}
@ -919,7 +919,7 @@ msre_var *msre_create_var_ex(apr_pool_t *pool, msre_engine *engine, const char *
/* Do we allow a parameter? */
if (var->metadata->argc_max == 0) {
*error_msg = apr_psprintf(engine->mp, "Variable %s does not support parameters.",
*error_msg = apr_psprintf(pool, "Variable %s does not support parameters.",
name);
return NULL;
}
@ -940,7 +940,7 @@ msre_var *msre_create_var_ex(apr_pool_t *pool, msre_engine *engine, const char *
static msre_var *msre_create_var(msre_ruleset *ruleset, const char *name, const char *param,
modsec_rec *msr, char **error_msg)
{
msre_var *var = msre_create_var_ex(ruleset->engine->mp, ruleset->engine, name, param, msr, error_msg);
msre_var *var = msre_create_var_ex(ruleset->mp, ruleset->engine, name, param, msr, error_msg);
if (var == NULL) return NULL;
/* Validate & initialise variable */
@ -957,7 +957,7 @@ static msre_var *msre_create_var(msre_ruleset *ruleset, const char *name, const
/**
* Creates a new action instance given its name and an (optional) parameter.
*/
msre_action *msre_create_action(msre_engine *engine, const char *name, const char *param,
msre_action *msre_create_action(msre_engine *engine, apr_pool_t *mp, const char *name, const char *param,
char **error_msg)
{
msre_action *action = NULL;
@ -968,10 +968,10 @@ msre_action *msre_create_action(msre_engine *engine, const char *name, const cha
*error_msg = NULL;
action = apr_pcalloc(engine->mp, sizeof(msre_action));
action = apr_pcalloc(mp, sizeof(msre_action));
if (action == NULL) {
*error_msg = apr_psprintf(engine->mp, "Internal error: " \
*error_msg = apr_psprintf(mp, "Internal error: " \
"msre_create_action, not able to allocate action");
return NULL;
@ -980,13 +980,13 @@ msre_action *msre_create_action(msre_engine *engine, const char *name, const cha
/* Resolve action */
action->metadata = msre_resolve_action(engine, name);
if (action->metadata == NULL) {
*error_msg = apr_psprintf(engine->mp, "Unknown action: %s", name);
*error_msg = apr_psprintf(mp, "Unknown action: %s", name);
return NULL;
}
if (param == NULL) { /* Parameter not present */
if (action->metadata->argc_min > 0) {
*error_msg = apr_psprintf(engine->mp, "Missing mandatory parameter for action %s",
*error_msg = apr_psprintf(mp, "Missing mandatory parameter for action %s",
name);
return NULL;
}
@ -994,14 +994,14 @@ msre_action *msre_create_action(msre_engine *engine, const char *name, const cha
/* Should we allow the parameter? */
if (action->metadata->argc_max == 0) {
*error_msg = apr_psprintf(engine->mp, "Extra parameter provided to action %s", name);
*error_msg = apr_psprintf(mp, "Extra parameter provided to action %s", name);
return NULL;
}
/* Handle +/- modificators */
if ((param[0] == '+')||(param[0] == '-')) {
if (action->metadata->allow_param_plusminus == 0) {
*error_msg = apr_psprintf(engine->mp,
*error_msg = apr_psprintf(mp,
"Action %s does not allow +/- modificators.", name);
return NULL;
}
@ -1021,7 +1021,7 @@ msre_action *msre_create_action(msre_engine *engine, const char *name, const cha
/* Validate parameter */
if (action->metadata->validate != NULL) {
*error_msg = action->metadata->validate(engine, action);
*error_msg = action->metadata->validate(engine, mp, action);
if (*error_msg != NULL) return NULL;
}
}
@ -1164,7 +1164,7 @@ int msre_parse_generic(apr_pool_t *mp, const char *text, apr_table_t *vartable,
* Creates an actionset instance and (as an option) populates it by
* parsing the given string which contains a list of actions.
*/
msre_actionset *msre_actionset_create(msre_engine *engine, const char *text,
msre_actionset *msre_actionset_create(msre_engine *engine, apr_pool_t *mp, const char *text,
char **error_msg)
{
msre_actionset *actionset = NULL;
@ -1175,18 +1175,18 @@ msre_actionset *msre_actionset_create(msre_engine *engine, const char *text,
*error_msg = NULL;
actionset = (msre_actionset *)apr_pcalloc(engine->mp,
actionset = (msre_actionset *)apr_pcalloc(mp,
sizeof(msre_actionset));
if (actionset == NULL) {
*error_msg = apr_psprintf(engine->mp, "Internal error: " \
*error_msg = apr_psprintf(mp, "Internal error: " \
"msre_actionset_create, not able to allocate msre_actionset");
return NULL;
}
actionset->actions = apr_table_make(engine->mp, 25);
actionset->actions = apr_table_make(mp, 25);
if (actionset->actions == NULL) {
*error_msg = apr_psprintf(engine->mp, "Internal error: " \
*error_msg = apr_psprintf(mp, "Internal error: " \
"msre_actionset_create, not able to create actions table");
return NULL;
}
@ -1225,10 +1225,10 @@ msre_actionset *msre_actionset_create(msre_engine *engine, const char *text,
/* Parse the list of actions, if it's present */
if (text != NULL) {
int ret = msre_parse_actions(engine, actionset, text, error_msg);
int ret = msre_parse_actions(engine, mp, actionset, text, error_msg);
if (ret < 0) {
if (*error_msg == NULL)
*error_msg = apr_psprintf(engine->mp, "Internal error: " \
if (*error_msg == NULL)
*error_msg = apr_psprintf(mp, "Internal error: " \
"msre_actionset_create, msre_parse_actions failed " \
"without further information. Return code: %d", ret);
return NULL;
@ -1255,7 +1255,7 @@ static msre_actionset *msre_actionset_copy(apr_pool_t *mp, msre_actionset *orig)
/**
* Merges two actionsets into one.
*/
msre_actionset *msre_actionset_merge(msre_engine *engine, msre_actionset *parent,
msre_actionset *msre_actionset_merge(msre_engine *engine, apr_pool_t *mp, msre_actionset *parent,
msre_actionset *child, int inherit_by_default)
{
msre_actionset *merged = NULL;
@ -1265,11 +1265,11 @@ msre_actionset *msre_actionset_merge(msre_engine *engine, msre_actionset *parent
if (inherit_by_default == 0) {
/* There is nothing to merge in this case. */
return msre_actionset_copy(engine->mp, child);
return msre_actionset_copy(mp, child);
}
/* Start with a copy of the parent configuration. */
merged = msre_actionset_copy(engine->mp, parent);
merged = msre_actionset_copy(mp, parent);
if (merged == NULL) return NULL;
if (child == NULL) {
@ -1332,6 +1332,7 @@ msre_actionset *msre_actionset_merge(msre_engine *engine, msre_actionset *parent
msre_actionset *msre_actionset_create_default(msre_engine *engine) {
char *my_error_msg = NULL;
return msre_actionset_create(engine,
engine->mp,
"phase:2,log,auditlog,pass",
&my_error_msg);
}
@ -2407,7 +2408,7 @@ msre_rule *msre_rule_create(msre_ruleset *ruleset, int type,
/* Parse actions */
if (actions != NULL) {
/* Create per-rule actionset */
rule->actionset = msre_actionset_create(ruleset->engine, actions, &my_error_msg);
rule->actionset = msre_actionset_create(ruleset->engine, ruleset->mp, actions, &my_error_msg);
if (rule->actionset == NULL) {
*error_msg = apr_psprintf(ruleset->mp, "Error parsing actions: %s", my_error_msg);
return NULL;
@ -2451,7 +2452,7 @@ msre_rule *msre_rule_lua_create(msre_ruleset *ruleset,
/* Parse actions */
if (actions != NULL) {
/* Create per-rule actionset */
rule->actionset = msre_actionset_create(ruleset->engine, actions, &my_error_msg);
rule->actionset = msre_actionset_create(ruleset->engine, ruleset->mp, actions, &my_error_msg);
if (rule->actionset == NULL) {
*error_msg = apr_psprintf(ruleset->mp, "Error parsing actions: %s", my_error_msg);
return NULL;

8
apache2/re.h
View File

@ -325,10 +325,10 @@ void DSOLOCAL msre_engine_variable_register(msre_engine *engine, const char *nam
fn_var_validate_t validate, fn_var_generate_t generate,
unsigned int is_cacheable, unsigned int availability);
msre_actionset DSOLOCAL *msre_actionset_create(msre_engine *engine, const char *text,
msre_actionset DSOLOCAL *msre_actionset_create(msre_engine *engine, apr_pool_t *mp, const char *text,
char **error_msg);
msre_actionset DSOLOCAL *msre_actionset_merge(msre_engine *engine, msre_actionset *parent,
msre_actionset DSOLOCAL *msre_actionset_merge(msre_engine *engine, apr_pool_t *mp, msre_actionset *parent,
msre_actionset *child, int inherit_by_default);
msre_actionset DSOLOCAL *msre_actionset_create_default(msre_engine *engine);
@ -337,8 +337,8 @@ void DSOLOCAL msre_actionset_set_defaults(msre_actionset *actionset);
void DSOLOCAL msre_actionset_init(msre_actionset *actionset, msre_rule *rule);
typedef char *(*fn_action_validate_t)(msre_engine *engine, msre_action *action);
typedef apr_status_t (*fn_action_init_t)(msre_engine *engine, msre_actionset *actionset, msre_action *action);
typedef char *(*fn_action_validate_t)(msre_engine *engine, apr_pool_t *mp, msre_action *action);
typedef apr_status_t (*fn_action_init_t)(msre_engine *engine, apr_pool_t *mp, msre_actionset *actionset, msre_action *action);
typedef apr_status_t (*fn_action_execute_t)(modsec_rec *msr, apr_pool_t *mptmp, msre_rule *rule, msre_action *action);
#define ACTION_DISRUPTIVE 1

156
apache2/re_actions.c
View File

@ -371,7 +371,7 @@ apr_status_t collection_original_setvar(modsec_rec *msr, const char *col_name, c
}
/* marker */
static apr_status_t msre_action_marker_init(msre_engine *engine, msre_actionset *actionset,
static apr_status_t msre_action_marker_init(msre_engine *engine, apr_pool_t *mp, msre_actionset *actionset,
msre_action *action)
{
actionset->id = action->param;
@ -380,24 +380,24 @@ static apr_status_t msre_action_marker_init(msre_engine *engine, msre_actionset
/* id */
static apr_status_t msre_action_id_init(msre_engine *engine, msre_actionset *actionset,
static apr_status_t msre_action_id_init(msre_engine *engine, apr_pool_t *mp, msre_actionset *actionset,
msre_action *action)
{
actionset->id = action->param;
return 1;
}
static char *msre_action_id_validate(msre_engine *engine, msre_action *action) {
static char *msre_action_id_validate(msre_engine *engine, apr_pool_t *mp, msre_action *action) {
int id;
if(action != NULL && action->param != NULL) {
for(id=0;id<strlen(action->param);id++) {
if(!apr_isdigit(action->param[id]))
return apr_psprintf(engine->mp, "ModSecurity: Invalid value for action ID: %s", action->param);
return apr_psprintf(mp, "ModSecurity: Invalid value for action ID: %s", action->param);
}
id = atoi(action->param);
if ((id == LONG_MAX)||(id == LONG_MIN)||(id <= 0)) {
return apr_psprintf(engine->mp, "ModSecurity: Invalid value for action ID: %s", action->param);
return apr_psprintf(mp, "ModSecurity: Invalid value for action ID: %s", action->param);
}
}
@ -406,7 +406,7 @@ static char *msre_action_id_validate(msre_engine *engine, msre_action *action) {
/* rev */
static apr_status_t msre_action_rev_init(msre_engine *engine, msre_actionset *actionset,
static apr_status_t msre_action_rev_init(msre_engine *engine, apr_pool_t *mp, msre_actionset *actionset,
msre_action *action)
{
actionset->rev = action->param;
@ -415,7 +415,7 @@ static apr_status_t msre_action_rev_init(msre_engine *engine, msre_actionset *ac
/* msg */
static apr_status_t msre_action_msg_init(msre_engine *engine, msre_actionset *actionset,
static apr_status_t msre_action_msg_init(msre_engine *engine, apr_pool_t *mp, msre_actionset *actionset,
msre_action *action)
{
actionset->msg = action->param;
@ -424,7 +424,7 @@ static apr_status_t msre_action_msg_init(msre_engine *engine, msre_actionset *ac
/* logdata */
static apr_status_t msre_action_logdata_init(msre_engine *engine, msre_actionset *actionset,
static apr_status_t msre_action_logdata_init(msre_engine *engine, apr_pool_t *mp, msre_actionset *actionset,
msre_action *action)
{
actionset->logdata = action->param;
@ -433,7 +433,7 @@ static apr_status_t msre_action_logdata_init(msre_engine *engine, msre_actionset
/* SanitizeMatchedBytes init */
static apr_status_t msre_action_sanitizeMatchedBytes_init(msre_engine *engine,
static apr_status_t msre_action_sanitizeMatchedBytes_init(msre_engine *engine, apr_pool_t *mp,
msre_actionset *actionset, msre_action *action)
{
char *parse_parm = NULL;
@ -444,7 +444,7 @@ static apr_status_t msre_action_sanitizeMatchedBytes_init(msre_engine *engine,
if (action->param != NULL && strlen(action->param) == 3) {
ac_param = apr_pstrdup(engine->mp, action->param);
ac_param = apr_pstrdup(mp, action->param);
parse_parm = apr_strtok(ac_param,"/",&savedptr);
if(apr_isdigit(*parse_parm) && apr_isdigit(*savedptr)) {
@ -461,7 +461,7 @@ static apr_status_t msre_action_sanitizeMatchedBytes_init(msre_engine *engine,
/* accuracy */
static apr_status_t msre_action_accuracy_init(msre_engine *engine,
static apr_status_t msre_action_accuracy_init(msre_engine *engine, apr_pool_t *mp,
msre_actionset *actionset, msre_action *action)
{
actionset->accuracy = atoi(action->param);
@ -470,7 +470,7 @@ static apr_status_t msre_action_accuracy_init(msre_engine *engine,
/* maturity */
static apr_status_t msre_action_maturity_init(msre_engine *engine,
static apr_status_t msre_action_maturity_init(msre_engine *engine, apr_pool_t *mp,
msre_actionset *actionset, msre_action *action)
{
actionset->maturity = atoi(action->param);
@ -479,7 +479,7 @@ static apr_status_t msre_action_maturity_init(msre_engine *engine,
/* ver */
static apr_status_t msre_action_ver_init(msre_engine *engine,
static apr_status_t msre_action_ver_init(msre_engine *engine, apr_pool_t *mp,
msre_actionset *actionset, msre_action *action)
{
actionset->version = action->param;
@ -488,7 +488,7 @@ static apr_status_t msre_action_ver_init(msre_engine *engine,
/* severity */
static apr_status_t msre_action_severity_init(msre_engine *engine,
static apr_status_t msre_action_severity_init(msre_engine *engine, apr_pool_t *mp,
msre_actionset *actionset, msre_action *action)
{
if (strcasecmp(action->param, "emergency") == 0) {
@ -515,7 +515,7 @@ static apr_status_t msre_action_severity_init(msre_engine *engine,
/* chain */
static apr_status_t msre_action_chain_init(msre_engine *engine, msre_actionset *actionset,
static apr_status_t msre_action_chain_init(msre_engine *engine, apr_pool_t *mp, msre_actionset *actionset,
msre_action *action)
{
actionset->is_chained = 1;
@ -523,7 +523,7 @@ static apr_status_t msre_action_chain_init(msre_engine *engine, msre_actionset *
}
/* log */
static apr_status_t msre_action_log_init(msre_engine *engine, msre_actionset *actionset,
static apr_status_t msre_action_log_init(msre_engine *engine, apr_pool_t *mp, msre_actionset *actionset,
msre_action *action)
{
actionset->log = 1;
@ -531,7 +531,7 @@ static apr_status_t msre_action_log_init(msre_engine *engine, msre_actionset *ac
}
/* nolog */
static apr_status_t msre_action_nolog_init(msre_engine *engine, msre_actionset *actionset,
static apr_status_t msre_action_nolog_init(msre_engine *engine, apr_pool_t *mp, msre_actionset *actionset,
msre_action *action)
{
actionset->log = 0;
@ -540,7 +540,7 @@ static apr_status_t msre_action_nolog_init(msre_engine *engine, msre_actionset *
}
/* auditlog */
static apr_status_t msre_action_auditlog_init(msre_engine *engine, msre_actionset *actionset,
static apr_status_t msre_action_auditlog_init(msre_engine *engine, apr_pool_t *mp, msre_actionset *actionset,
msre_action *action)
{
actionset->auditlog = 1;
@ -548,7 +548,7 @@ static apr_status_t msre_action_auditlog_init(msre_engine *engine, msre_actionse
}
/* noauditlog */
static apr_status_t msre_action_noauditlog_init(msre_engine *engine, msre_actionset *actionset,
static apr_status_t msre_action_noauditlog_init(msre_engine *engine, apr_pool_t *mp, msre_actionset *actionset,
msre_action *action)
{
actionset->auditlog = 0;
@ -556,7 +556,7 @@ static apr_status_t msre_action_noauditlog_init(msre_engine *engine, msre_action
}
/* block */
static apr_status_t msre_action_block_init(msre_engine *engine, msre_actionset *actionset,
static apr_status_t msre_action_block_init(msre_engine *engine, apr_pool_t *mp, msre_actionset *actionset,
msre_action *action)
{
/* Right now we just set a flag and inherit the real disruptive action */
@ -565,7 +565,7 @@ static apr_status_t msre_action_block_init(msre_engine *engine, msre_actionset *
}
/* deny */
static apr_status_t msre_action_deny_init(msre_engine *engine, msre_actionset *actionset,
static apr_status_t msre_action_deny_init(msre_engine *engine, apr_pool_t *mp, msre_actionset *actionset,
msre_action *action)
{
actionset->intercept_action = ACTION_DENY;
@ -574,12 +574,12 @@ static apr_status_t msre_action_deny_init(msre_engine *engine, msre_actionset *a
}
/* status */
static char *msre_action_status_validate(msre_engine *engine, msre_action *action) {
static char *msre_action_status_validate(msre_engine *engine, apr_pool_t *mp, msre_action *action) {
/* ENH action->param must be a valid HTTP status code. */
return NULL;
}
static apr_status_t msre_action_status_init(msre_engine *engine, msre_actionset *actionset,
static apr_status_t msre_action_status_init(msre_engine *engine, apr_pool_t *mp, msre_actionset *actionset,
msre_action *action)
{
actionset->intercept_status = atoi(action->param);
@ -587,7 +587,7 @@ static apr_status_t msre_action_status_init(msre_engine *engine, msre_actionset
}
/* drop */
static apr_status_t msre_action_drop_init(msre_engine *engine, msre_actionset *actionset,
static apr_status_t msre_action_drop_init(msre_engine *engine, apr_pool_t *mp, msre_actionset *actionset,
msre_action *action)
{
actionset->intercept_action = ACTION_DROP;
@ -596,12 +596,12 @@ static apr_status_t msre_action_drop_init(msre_engine *engine, msre_actionset *a
}
/* pause */
static char *msre_action_pause_validate(msre_engine *engine, msre_action *action) {
static char *msre_action_pause_validate(msre_engine *engine, apr_pool_t *mp, msre_action *action) {
/* ENH Validate a positive number. */
return NULL;
}
static apr_status_t msre_action_pause_init(msre_engine *engine, msre_actionset *actionset,
static apr_status_t msre_action_pause_init(msre_engine *engine, apr_pool_t *mp, msre_actionset *actionset,
msre_action *action)
{
actionset->intercept_action = ACTION_PAUSE;
@ -611,12 +611,12 @@ static apr_status_t msre_action_pause_init(msre_engine *engine, msre_actionset *
/* redirect */
static char *msre_action_redirect_validate(msre_engine *engine, msre_action *action) {
static char *msre_action_redirect_validate(msre_engine *engine, apr_pool_t *mp, msre_action *action) {
/* ENH Add validation. */
return NULL;
}
static apr_status_t msre_action_redirect_init(msre_engine *engine, msre_actionset *actionset,
static apr_status_t msre_action_redirect_init(msre_engine *engine, apr_pool_t *mp, msre_actionset *actionset,
msre_action *action)
{
actionset->intercept_action = ACTION_REDIRECT;
@ -643,12 +643,12 @@ static apr_status_t msre_action_redirect_execute(modsec_rec *msr, apr_pool_t *mp
/* proxy */
static char *msre_action_proxy_validate(msre_engine *engine, msre_action *action) {
static char *msre_action_proxy_validate(msre_engine *engine, apr_pool_t *mp, msre_action *action) {
/* ENH Add validation. */
return NULL;
}
static apr_status_t msre_action_proxy_init(msre_engine *engine, msre_actionset *actionset,
static apr_status_t msre_action_proxy_init(msre_engine *engine, apr_pool_t *mp, msre_actionset *actionset,
msre_action *action)
{
actionset->intercept_action = ACTION_PROXY;
@ -675,7 +675,7 @@ static apr_status_t msre_action_proxy_execute(modsec_rec *msr, apr_pool_t *mptmp
/* pass */
static apr_status_t msre_action_pass_init(msre_engine *engine, msre_actionset *actionset,
static apr_status_t msre_action_pass_init(msre_engine *engine, apr_pool_t *mp, msre_actionset *actionset,
msre_action *action)
{
actionset->intercept_action = ACTION_NONE;
@ -685,12 +685,12 @@ static apr_status_t msre_action_pass_init(msre_engine *engine, msre_actionset *a
/* skip */
static char *msre_action_skip_validate(msre_engine *engine, msre_action *action) {
static char *msre_action_skip_validate(msre_engine *engine, apr_pool_t *mp, msre_action *action) {
/* ENH Add validation. */
return NULL;
}
static apr_status_t msre_action_skip_init(msre_engine *engine, msre_actionset *actionset,
static apr_status_t msre_action_skip_init(msre_engine *engine, apr_pool_t *mp, msre_actionset *actionset,
msre_action *action)
{
actionset->skip_count = atoi(action->param);
@ -700,12 +700,12 @@ static apr_status_t msre_action_skip_init(msre_engine *engine, msre_actionset *a
/* skipAfter */
static char *msre_action_skipAfter_validate(msre_engine *engine, msre_action *action) {
static char *msre_action_skipAfter_validate(msre_engine *engine, apr_pool_t *mp, msre_action *action) {
/* ENH Add validation. */
return NULL;
}
static apr_status_t msre_action_skipAfter_init(msre_engine *engine, msre_actionset *actionset,
static apr_status_t msre_action_skipAfter_init(msre_engine *engine, apr_pool_t *mp, msre_actionset *actionset,
msre_action *action)
{
actionset->skip_after = action->param;
@ -714,7 +714,7 @@ static apr_status_t msre_action_skipAfter_init(msre_engine *engine, msre_actions
/* allow */
static apr_status_t msre_action_allow_init(msre_engine *engine, msre_actionset *actionset,
static apr_status_t msre_action_allow_init(msre_engine *engine, apr_pool_t *mp, msre_actionset *actionset,
msre_action *action)
{
actionset->intercept_action = ACTION_ALLOW;
@ -732,7 +732,7 @@ static apr_status_t msre_action_allow_init(msre_engine *engine, msre_actionset *
return 1;
}
static char *msre_action_allow_validate(msre_engine *engine, msre_action *action) {
static char *msre_action_allow_validate(msre_engine *engine, apr_pool_t *mp, msre_action *action) {
if (action->param != NULL) {
if (strcasecmp(action->param, "phase") == 0) {
return NULL;
@ -740,7 +740,7 @@ static char *msre_action_allow_validate(msre_engine *engine, msre_action *action
if (strcasecmp(action->param, "request") == 0) {
return NULL;
} else {
return apr_psprintf(engine->mp, "Invalid parameter for allow: %s", action->param);
return apr_psprintf(mp, "Invalid parameter for allow: %s", action->param);
}
}
@ -749,12 +749,12 @@ static char *msre_action_allow_validate(msre_engine *engine, msre_action *action
/* phase */
static char *msre_action_phase_validate(msre_engine *engine, msre_action *action) {
static char *msre_action_phase_validate(msre_engine *engine, apr_pool_t *mp, msre_action *action) {
/* ENH Add validation. */
return NULL;
}
static apr_status_t msre_action_phase_init(msre_engine *engine, msre_actionset *actionset,
static apr_status_t msre_action_phase_init(msre_engine *engine, apr_pool_t *mp, msre_actionset *actionset,
msre_action *action)
{
if(strcasecmp(action->param,"request") == 0)
@ -771,16 +771,16 @@ static apr_status_t msre_action_phase_init(msre_engine *engine, msre_actionset *
/* t */
static char *msre_action_t_validate(msre_engine *engine, msre_action *action) {
static char *msre_action_t_validate(msre_engine *engine, apr_pool_t *mp, msre_action *action) {
msre_tfn_metadata *metadata = NULL;
metadata = msre_engine_tfn_resolve(engine, action->param);
if (metadata == NULL) return apr_psprintf(engine->mp, "Invalid transformation function: %s",
if (metadata == NULL) return apr_psprintf(mp, "Invalid transformation function: %s",
action->param);
action->param_data = metadata;
return NULL;
}
static apr_status_t msre_action_t_init(msre_engine *engine, msre_actionset *actionset,
static apr_status_t msre_action_t_init(msre_engine *engine, apr_pool_t *mp, msre_actionset *actionset,
msre_action *action)
{
msre_tfn_metadata *metadata = (msre_tfn_metadata *)action->param_data;
@ -789,16 +789,16 @@ static apr_status_t msre_action_t_init(msre_engine *engine, msre_actionset *acti
}
/* ctl */
static char *msre_action_ctl_validate(msre_engine *engine, msre_action *action) {
static char *msre_action_ctl_validate(msre_engine *engine, apr_pool_t *mp, msre_action *action) {
char *name = NULL;
char *value = NULL;
/* Parse first. */
if (parse_name_eq_value(engine->mp, action->param, &name, &value) < 0) {
if (parse_name_eq_value(mp, action->param, &name, &value) < 0) {
return FATAL_ERROR;
}
if (value == NULL) {
return apr_psprintf(engine->mp, "Missing ctl value for name: %s", name);
return apr_psprintf(mp, "Missing ctl value for name: %s", name);
}
/* Validate value. */
@ -806,25 +806,25 @@ static char *msre_action_ctl_validate(msre_engine *engine, msre_action *action)
if (strcasecmp(value, "on") == 0) return NULL;
if (strcasecmp(value, "off") == 0) return NULL;
if (strcasecmp(value, "detectiononly") == 0) return NULL;
return apr_psprintf(engine->mp, "Invalid setting for ctl name ruleEngine: %s", value);
return apr_psprintf(mp, "Invalid setting for ctl name ruleEngine: %s", value);
} else
if (strcasecmp(name, "ruleRemoveById") == 0) {
/* ENH nothing yet */
return NULL;
} else
if (strcasecmp(name, "ruleRemoveByTag") == 0) {
if (!msc_pregcomp(engine->mp, value, 0, NULL, NULL))
return apr_psprintf(engine->mp, "ModSecurity: Invalid regular expression \"%s\"", value);
if (!msc_pregcomp(mp, value, 0, NULL, NULL))
return apr_psprintf(mp, "ModSecurity: Invalid regular expression \"%s\"", value);
return NULL;
} else
if (strcasecmp(name, "ruleRemoveByMsg") == 0) {
if (!msc_pregcomp(engine->mp, value, 0, NULL, NULL))
return apr_psprintf(engine->mp, "ModSecurity: Invalid regular expression \"%s\"", value);
if (!msc_pregcomp(mp, value, 0, NULL, NULL))
return apr_psprintf(mp, "ModSecurity: Invalid regular expression \"%s\"", value);
return NULL;
} else
if (strcasecmp(name, "requestBodyAccess") == 0) {
if (parse_boolean(value) == -1) {
return apr_psprintf(engine->mp, "Invalid setting for ctl name "
return apr_psprintf(mp, "Invalid setting for ctl name "
" requestBodyAccess: %s", value);
}
return NULL;
@ -838,12 +838,12 @@ static char *msre_action_ctl_validate(msre_engine *engine, msre_action *action)
if (strcasecmp(name, "forceRequestBodyVariable") == 0) {
if (strcasecmp(value, "on") == 0) return NULL;
if (strcasecmp(value, "off") == 0) return NULL;
return apr_psprintf(engine->mp, "Invalid setting for ctl name "
return apr_psprintf(mp, "Invalid setting for ctl name "
" forceRequestBodyVariable: %s", value);
} else
if (strcasecmp(name, "responseBodyAccess") == 0) {
if (parse_boolean(value) == -1) {
return apr_psprintf(engine->mp, "Invalid setting for ctl name "
return apr_psprintf(mp, "Invalid setting for ctl name "
" responseBodyAccess: %s", value);
}
return NULL;
@ -852,38 +852,38 @@ static char *msre_action_ctl_validate(msre_engine *engine, msre_action *action)
if (strcasecmp(value, "on") == 0) return NULL;
if (strcasecmp(value, "off") == 0) return NULL;
if (strcasecmp(value, "relevantonly") == 0) return NULL;
return apr_psprintf(engine->mp, "Invalid setting for ctl name "
return apr_psprintf(mp, "Invalid setting for ctl name "
" auditEngine: %s", value);
} else
if (strcasecmp(name, "auditLogParts") == 0) {
if ((value[0] == '+')||(value[0] == '-')) {
if (is_valid_parts_specification(value + 1) != 1) {
return apr_psprintf(engine->mp, "Invalid setting for ctl name "
return apr_psprintf(mp, "Invalid setting for ctl name "
"auditLogParts: %s", value);
}
}
else
if (is_valid_parts_specification(value) != 1) {
return apr_psprintf(engine->mp, "Invalid setting for ctl name "
return apr_psprintf(mp, "Invalid setting for ctl name "
"auditLogParts: %s", value);
}
return NULL;
} else
if (strcasecmp(name, "debugLogLevel") == 0) {
if ((atoi(value) >= 0)&&(atoi(value) <= 9)) return NULL;
return apr_psprintf(engine->mp, "Invalid setting for ctl name "
return apr_psprintf(mp, "Invalid setting for ctl name "
"debugLogLevel: %s", value);
} else
if (strcasecmp(name, "requestBodyLimit") == 0) {
long int limit = strtol(value, NULL, 10);
if ((limit == LONG_MAX)||(limit == LONG_MIN)||(limit <= 0)) {
return apr_psprintf(engine->mp, "Invalid setting for ctl name "
return apr_psprintf(mp, "Invalid setting for ctl name "
"requestBodyLimit: %s", value);
}
if (limit > REQUEST_BODY_HARD_LIMIT) {
return apr_psprintf(engine->mp, "Request size limit cannot exceed "
return apr_psprintf(mp, "Request size limit cannot exceed "
"the hard limit: %ld", RESPONSE_BODY_HARD_LIMIT);
}
@ -893,12 +893,12 @@ static char *msre_action_ctl_validate(msre_engine *engine, msre_action *action)
long int limit = strtol(value, NULL, 10);
if ((limit == LONG_MAX)||(limit == LONG_MIN)||(limit <= 0)) {
return apr_psprintf(engine->mp, "Invalid setting for ctl name "
return apr_psprintf(mp, "Invalid setting for ctl name "
"responseBodyLimit: %s", value);
}
if (limit > RESPONSE_BODY_HARD_LIMIT) {
return apr_psprintf(engine->mp, "Response size limit cannot exceed "
return apr_psprintf(mp, "Response size limit cannot exceed "
"the hard limit: %ld", RESPONSE_BODY_HARD_LIMIT);
}
@ -911,7 +911,7 @@ static char *msre_action_ctl_validate(msre_engine *engine, msre_action *action)
parm = apr_strtok(value,";",&savedptr);
if(parm == NULL && savedptr == NULL)
return apr_psprintf(engine->mp, "ruleRemoveTargetById must has at least id;VARIABLE");
return apr_psprintf(mp, "ruleRemoveTargetById must has at least id;VARIABLE");
return NULL;
} else
@ -921,9 +921,9 @@ static char *msre_action_ctl_validate(msre_engine *engine, msre_action *action)
parm = apr_strtok(value,";",&savedptr);
if(parm == NULL && savedptr == NULL)
return apr_psprintf(engine->mp, "ruleRemoveTargetByTag must has at least tag;VARIABLE");
if (!msc_pregcomp(engine->mp, parm, 0, NULL, NULL)) {
return apr_psprintf(engine->mp, "ModSecurity: Invalid regular expression \"%s\"", parm);
return apr_psprintf(mp, "ruleRemoveTargetByTag must has at least tag;VARIABLE");
if (!msc_pregcomp(mp, parm, 0, NULL, NULL)) {
return apr_psprintf(mp, "ModSecurity: Invalid regular expression \"%s\"", parm);
}
return NULL;
} else
@ -933,27 +933,27 @@ static char *msre_action_ctl_validate(msre_engine *engine, msre_action *action)
parm = apr_strtok(value,";",&savedptr);
if(parm == NULL && savedptr == NULL)
return apr_psprintf(engine->mp, "ruleRemoveTargetByMsg must has at least msg;VARIABLE");
if (!msc_pregcomp(engine->mp, parm, 0, NULL, NULL)) {
return apr_psprintf(engine->mp, "ModSecurity: Invalid regular expression \"%s\"", parm);
return apr_psprintf(mp, "ruleRemoveTargetByMsg must has at least msg;VARIABLE");
if (!msc_pregcomp(mp, parm, 0, NULL, NULL)) {
return apr_psprintf(mp, "ModSecurity: Invalid regular expression \"%s\"", parm);
}
return NULL;
} else
if (strcasecmp(name, "HashEnforcement") == 0) {
if (strcasecmp(value, "on") == 0) return NULL;
if (strcasecmp(value, "off") == 0) return NULL;
return apr_psprintf(engine->mp, "Invalid setting for ctl name HashEnforcement: %s", value);
return apr_psprintf(mp, "Invalid setting for ctl name HashEnforcement: %s", value);
} else
if (strcasecmp(name, "HashEngine") == 0) {
if (strcasecmp(value, "on") == 0) return NULL;
if (strcasecmp(value, "off") == 0) return NULL;
return apr_psprintf(engine->mp, "Invalid setting for ctl name HashEngine: %s", value);
return apr_psprintf(mp, "Invalid setting for ctl name HashEngine: %s", value);
} else {
return apr_psprintf(engine->mp, "Invalid ctl name setting: %s", name);
return apr_psprintf(mp, "Invalid ctl name setting: %s", name);
}
}
static apr_status_t msre_action_ctl_init(msre_engine *engine, msre_actionset *actionset,
static apr_status_t msre_action_ctl_init(msre_engine *engine, apr_pool_t *mp, msre_actionset *actionset,
msre_action *action)
{
/* Do nothing. */
@ -1294,16 +1294,16 @@ static apr_status_t msre_action_ctl_execute(modsec_rec *msr, apr_pool_t *mptmp,
}
/* xmlns */
static char *msre_action_xmlns_validate(msre_engine *engine, msre_action *action) {
static char *msre_action_xmlns_validate(msre_engine *engine, apr_pool_t *mp, msre_action *action) {
char *name = NULL;
char *value = NULL;
/* Parse first. */
if (parse_name_eq_value(engine->mp, action->param, &name, &value) < 0) {
if (parse_name_eq_value(mp, action->param, &name, &value) < 0) {
return FATAL_ERROR;
}
if (value == NULL) {
return apr_psprintf(engine->mp, "Missing xmlns href for prefix: %s", name);
return apr_psprintf(mp, "Missing xmlns href for prefix: %s", name);
}
/* Don't do anything else right now, we are just storing
@ -2165,7 +2165,7 @@ static apr_status_t msre_action_setrsc_execute(modsec_rec *msr, apr_pool_t *mptm
}
/* exec */
static char *msre_action_exec_validate(msre_engine *engine, msre_action *action) {
static char *msre_action_exec_validate(msre_engine *engine, apr_pool_t *mp, msre_action *action) {
#if defined(WITH_LUA)
char *filename = (char *)action->param;
@ -2179,7 +2179,7 @@ static char *msre_action_exec_validate(msre_engine *engine, msre_action *action)
msc_script *script = NULL;
/* Compile script. */
char *msg = lua_compile(&script, filename, engine->mp);
char *msg = lua_compile(&script, filename, mp);
if (msg != NULL) return msg;
action->param_data = script;

14
standalone/api.c
View File

@ -266,7 +266,7 @@ const char *modsecProcessConfig(directory_config *config, const char *file, cons
incpath = file;
/* locate the start of the directories proper */
status = apr_filepath_root(&rootpath, &incpath, APR_FILEPATH_TRUENAME | APR_FILEPATH_NATIVE, pool);
status = apr_filepath_root(&rootpath, &incpath, APR_FILEPATH_TRUENAME | APR_FILEPATH_NATIVE, config->mp);
/* we allow APR_SUCCESS and APR_EINCOMPLETE */
if (APR_ERELATIVE == status) {
@ -274,20 +274,20 @@ const char *modsecProcessConfig(directory_config *config, const char *file, cons
if(dir[li] != '/' && dir[li] != '\\')
#ifdef WIN32
file = apr_pstrcat(pool, dir, "\\", file, NULL);
file = apr_pstrcat(config->mp, dir, "\\", file, NULL);
#else
file = apr_pstrcat(pool, dir, "/", file, NULL);
file = apr_pstrcat(config->mp, dir, "/", file, NULL);
#endif
else
file = apr_pstrcat(pool, dir, file, NULL);
file = apr_pstrcat(config->mp, dir, file, NULL);
}
else if (APR_EBADPATH == status) {
return apr_pstrcat(pool, "Config file has a bad path, ", file, NULL);
return apr_pstrcat(config->mp, "Config file has a bad path, ", file, NULL);
}
apr_pool_create(&ptemp, pool);
apr_pool_create(&ptemp, config->mp);
err = process_command_config(server, config, pool, ptemp, file);
err = process_command_config(server, config, config->mp, ptemp, file);
apr_pool_destroy(ptemp);