mirror of
https://github.com/owasp-modsecurity/ModSecurity.git
synced 2025-08-15 23:55:03 +03:00
Flip allocations that happen during initialization (typically) over to use non-global apr memory pools.
This commit is contained in:
David Andrews
Felipe Zimmerle
parent
31d7fc6d38
commit
27dd513ab6
@ -873,7 +873,7 @@ static const char *add_rule(cmd_parms *cmd, directory_config *dcfg, int type,
|
|||||||
*
|
*
|
||||||
* ENH Probably do not want this done fully for chained rules.
|
* ENH Probably do not want this done fully for chained rules.
|
||||||
*/
|
*/
|
||||||
rule->actionset = msre_actionset_merge(modsecurity->msre, dcfg->tmp_default_actionset,
|
rule->actionset = msre_actionset_merge(modsecurity->msre, cmd->pool, dcfg->tmp_default_actionset,
|
||||||
rule->actionset, 1);
|
rule->actionset, 1);
|
||||||
|
|
||||||
/* Keep track of the parent action for "block" */
|
/* Keep track of the parent action for "block" */
|
||||||
@ -1068,7 +1068,7 @@ static const char *update_rule_action(cmd_parms *cmd, directory_config *dcfg,
|
|||||||
}
|
}
|
||||||
|
|
||||||
/* Create a new actionset */
|
/* Create a new actionset */
|
||||||
new_actionset = msre_actionset_create(modsecurity->msre, p2, &my_error_msg);
|
new_actionset = msre_actionset_create(modsecurity->msre, cmd->pool, p2, &my_error_msg);
|
||||||
if (new_actionset == NULL) return FATAL_ERROR;
|
if (new_actionset == NULL) return FATAL_ERROR;
|
||||||
if (my_error_msg != NULL) return my_error_msg;
|
if (my_error_msg != NULL) return my_error_msg;
|
||||||
|
|
||||||
@ -1095,7 +1095,7 @@ static const char *update_rule_action(cmd_parms *cmd, directory_config *dcfg,
|
|||||||
|
|
||||||
/* Merge new actions with the rule */
|
/* Merge new actions with the rule */
|
||||||
/* ENH: Will this leak the old actionset? */
|
/* ENH: Will this leak the old actionset? */
|
||||||
rule->actionset = msre_actionset_merge(modsecurity->msre, rule->actionset,
|
rule->actionset = msre_actionset_merge(modsecurity->msre, cmd->pool, rule->actionset,
|
||||||
new_actionset, 1);
|
new_actionset, 1);
|
||||||
msre_actionset_set_defaults(rule->actionset);
|
msre_actionset_set_defaults(rule->actionset);
|
||||||
|
|
||||||
@ -1477,7 +1477,7 @@ static const char *cmd_default_action(cmd_parms *cmd, void *_dcfg,
|
|||||||
extern msc_engine *modsecurity;
|
extern msc_engine *modsecurity;
|
||||||
char *my_error_msg = NULL;
|
char *my_error_msg = NULL;
|
||||||
|
|
||||||
dcfg->tmp_default_actionset = msre_actionset_create(modsecurity->msre, p1, &my_error_msg);
|
dcfg->tmp_default_actionset = msre_actionset_create(modsecurity->msre, cmd->pool, p1, &my_error_msg);
|
||||||
if (dcfg->tmp_default_actionset == NULL) {
|
if (dcfg->tmp_default_actionset == NULL) {
|
||||||
if (my_error_msg != NULL) return my_error_msg;
|
if (my_error_msg != NULL) return my_error_msg;
|
||||||
else return FATAL_ERROR;
|
else return FATAL_ERROR;
|
||||||
|
|||||||
73
apache2/re.c
73
apache2/re.c
@ -38,7 +38,7 @@ static apr_status_t msre_parse_targets(msre_ruleset *ruleset, const char *text,
|
|||||||
static char *msre_generate_target_string(apr_pool_t *pool, msre_rule *rule);
|
static char *msre_generate_target_string(apr_pool_t *pool, msre_rule *rule);
|
||||||
static msre_var *msre_create_var(msre_ruleset *ruleset, const char *name, const char *param,
|
static msre_var *msre_create_var(msre_ruleset *ruleset, const char *name, const char *param,
|
||||||
modsec_rec *msr, char **error_msg);
|
modsec_rec *msr, char **error_msg);
|
||||||
static msre_action *msre_create_action(msre_engine *engine, const char *name,
|
static msre_action *msre_create_action(msre_engine *engine, apr_pool_t *mp, const char *name,
|
||||||
const char *param, char **error_msg);
|
const char *param, char **error_msg);
|
||||||
static apr_status_t msre_rule_process(msre_rule *rule, modsec_rec *msr);
|
static apr_status_t msre_rule_process(msre_rule *rule, modsec_rec *msr);
|
||||||
|
|
||||||
@ -769,7 +769,7 @@ static apr_status_t msre_parse_targets(msre_ruleset *ruleset, const char *text,
|
|||||||
* Creates msre_action instances by parsing the given string, placing
|
* Creates msre_action instances by parsing the given string, placing
|
||||||
* them into the supplied array.
|
* them into the supplied array.
|
||||||
*/
|
*/
|
||||||
static apr_status_t msre_parse_actions(msre_engine *engine, msre_actionset *actionset,
|
static apr_status_t msre_parse_actions(msre_engine *engine, apr_pool_t *mp, msre_actionset *actionset,
|
||||||
const char *text, char **error_msg)
|
const char *text, char **error_msg)
|
||||||
{
|
{
|
||||||
const apr_array_header_t *tarr;
|
const apr_array_header_t *tarr;
|
||||||
@ -788,23 +788,23 @@ static apr_status_t msre_parse_actions(msre_engine *engine, msre_actionset *acti
|
|||||||
|
|
||||||
|
|
||||||
if (text == NULL) {
|
if (text == NULL) {
|
||||||
*error_msg = apr_psprintf(engine->mp, "Internal error: " \
|
*error_msg = apr_psprintf(mp, "Internal error: " \
|
||||||
"msre_parse_actions, variable text is NULL");
|
"msre_parse_actions, variable text is NULL");
|
||||||
return -1;
|
return -1;
|
||||||
}
|
}
|
||||||
|
|
||||||
/* Extract name & value pairs first */
|
/* Extract name & value pairs first */
|
||||||
vartable = apr_table_make(engine->mp, 10);
|
vartable = apr_table_make(mp, 10);
|
||||||
if (vartable == NULL) {
|
if (vartable == NULL) {
|
||||||
*error_msg = apr_psprintf(engine->mp, "Internal error: " \
|
*error_msg = apr_psprintf(mp, "Internal error: " \
|
||||||
"msre_parse_actions, failed to create vartable");
|
"msre_parse_actions, failed to create vartable");
|
||||||
|
|
||||||
return -1;
|
return -1;
|
||||||
}
|
}
|
||||||
rc = msre_parse_generic(engine->mp, text, vartable, error_msg);
|
rc = msre_parse_generic(mp, text, vartable, error_msg);
|
||||||
if (rc < 0) {
|
if (rc < 0) {
|
||||||
if (*error_msg == NULL)
|
if (*error_msg == NULL)
|
||||||
*error_msg = apr_psprintf(engine->mp, "Internal error: " \
|
*error_msg = apr_psprintf(mp, "Internal error: " \
|
||||||
"msre_parse_actions, msre_parse_generic failed. Return " \
|
"msre_parse_actions, msre_parse_generic failed. Return " \
|
||||||
"code: %d", rc);
|
"code: %d", rc);
|
||||||
|
|
||||||
@ -816,17 +816,17 @@ static apr_status_t msre_parse_actions(msre_engine *engine, msre_actionset *acti
|
|||||||
telts = (const apr_table_entry_t*)tarr->elts;
|
telts = (const apr_table_entry_t*)tarr->elts;
|
||||||
for (i = 0; i < tarr->nelts; i++) {
|
for (i = 0; i < tarr->nelts; i++) {
|
||||||
/* Create action. */
|
/* Create action. */
|
||||||
action = msre_create_action(engine, telts[i].key, telts[i].val, error_msg);
|
action = msre_create_action(engine, mp, telts[i].key, telts[i].val, error_msg);
|
||||||
if (action == NULL) {
|
if (action == NULL) {
|
||||||
if (*error_msg == NULL)
|
if (*error_msg == NULL)
|
||||||
*error_msg = apr_psprintf(engine->mp, "Internal error: " \
|
*error_msg = apr_psprintf(mp, "Internal error: " \
|
||||||
"msre_parse_actions, msre_create_action failed.");
|
"msre_parse_actions, msre_create_action failed.");
|
||||||
return -1;
|
return -1;
|
||||||
}
|
}
|
||||||
|
|
||||||
/* Initialise action (option). */
|
/* Initialise action (option). */
|
||||||
if (action->metadata->init != NULL) {
|
if (action->metadata->init != NULL) {
|
||||||
action->metadata->init(engine, actionset, action);
|
action->metadata->init(engine, mp, actionset, action);
|
||||||
}
|
}
|
||||||
|
|
||||||
msre_actionset_action_add(actionset, action);
|
msre_actionset_action_add(actionset, action);
|
||||||
@ -895,14 +895,14 @@ msre_var *msre_create_var_ex(apr_pool_t *pool, msre_engine *engine, const char *
|
|||||||
/* Resolve variable */
|
/* Resolve variable */
|
||||||
var->metadata = msre_resolve_var(engine, var->name);
|
var->metadata = msre_resolve_var(engine, var->name);
|
||||||
if (var->metadata == NULL) {
|
if (var->metadata == NULL) {
|
||||||
*error_msg = apr_psprintf(engine->mp, "Unknown variable: %s", name);
|
*error_msg = apr_psprintf(pool, "Unknown variable: %s", name);
|
||||||
return NULL;
|
return NULL;
|
||||||
}
|
}
|
||||||
|
|
||||||
/* The counting operator "&" can only be used against collections. */
|
/* The counting operator "&" can only be used against collections. */
|
||||||
if (var->is_counting) {
|
if (var->is_counting) {
|
||||||
if (var->metadata->type == VAR_SIMPLE) {
|
if (var->metadata->type == VAR_SIMPLE) {
|
||||||
*error_msg = apr_psprintf(engine->mp, "The & modificator does not apply to "
|
*error_msg = apr_psprintf(pool, "The & modificator does not apply to "
|
||||||
"non-collection variables.");
|
"non-collection variables.");
|
||||||
return NULL;
|
return NULL;
|
||||||
}
|
}
|
||||||
@ -911,7 +911,7 @@ msre_var *msre_create_var_ex(apr_pool_t *pool, msre_engine *engine, const char *
|
|||||||
/* Check the parameter. */
|
/* Check the parameter. */
|
||||||
if (varparam == NULL) {
|
if (varparam == NULL) {
|
||||||
if (var->metadata->argc_min > 0) {
|
if (var->metadata->argc_min > 0) {
|
||||||
*error_msg = apr_psprintf(engine->mp, "Missing mandatory parameter for variable %s.",
|
*error_msg = apr_psprintf(pool, "Missing mandatory parameter for variable %s.",
|
||||||
name);
|
name);
|
||||||
return NULL;
|
return NULL;
|
||||||
}
|
}
|
||||||
@ -919,7 +919,7 @@ msre_var *msre_create_var_ex(apr_pool_t *pool, msre_engine *engine, const char *
|
|||||||
|
|
||||||
/* Do we allow a parameter? */
|
/* Do we allow a parameter? */
|
||||||
if (var->metadata->argc_max == 0) {
|
if (var->metadata->argc_max == 0) {
|
||||||
*error_msg = apr_psprintf(engine->mp, "Variable %s does not support parameters.",
|
*error_msg = apr_psprintf(pool, "Variable %s does not support parameters.",
|
||||||
name);
|
name);
|
||||||
return NULL;
|
return NULL;
|
||||||
}
|
}
|
||||||
@ -940,7 +940,7 @@ msre_var *msre_create_var_ex(apr_pool_t *pool, msre_engine *engine, const char *
|
|||||||
static msre_var *msre_create_var(msre_ruleset *ruleset, const char *name, const char *param,
|
static msre_var *msre_create_var(msre_ruleset *ruleset, const char *name, const char *param,
|
||||||
modsec_rec *msr, char **error_msg)
|
modsec_rec *msr, char **error_msg)
|
||||||
{
|
{
|
||||||
msre_var *var = msre_create_var_ex(ruleset->engine->mp, ruleset->engine, name, param, msr, error_msg);
|
msre_var *var = msre_create_var_ex(ruleset->mp, ruleset->engine, name, param, msr, error_msg);
|
||||||
if (var == NULL) return NULL;
|
if (var == NULL) return NULL;
|
||||||
|
|
||||||
/* Validate & initialise variable */
|
/* Validate & initialise variable */
|
||||||
@ -957,7 +957,7 @@ static msre_var *msre_create_var(msre_ruleset *ruleset, const char *name, const
|
|||||||
/**
|
/**
|
||||||
* Creates a new action instance given its name and an (optional) parameter.
|
* Creates a new action instance given its name and an (optional) parameter.
|
||||||
*/
|
*/
|
||||||
msre_action *msre_create_action(msre_engine *engine, const char *name, const char *param,
|
msre_action *msre_create_action(msre_engine *engine, apr_pool_t *mp, const char *name, const char *param,
|
||||||
char **error_msg)
|
char **error_msg)
|
||||||
{
|
{
|
||||||
msre_action *action = NULL;
|
msre_action *action = NULL;
|
||||||
@ -968,10 +968,10 @@ msre_action *msre_create_action(msre_engine *engine, const char *name, const cha
|
|||||||
*error_msg = NULL;
|
*error_msg = NULL;
|
||||||
|
|
||||||
|
|
||||||
action = apr_pcalloc(engine->mp, sizeof(msre_action));
|
action = apr_pcalloc(mp, sizeof(msre_action));
|
||||||
|
|
||||||
if (action == NULL) {
|
if (action == NULL) {
|
||||||
*error_msg = apr_psprintf(engine->mp, "Internal error: " \
|
*error_msg = apr_psprintf(mp, "Internal error: " \
|
||||||
"msre_create_action, not able to allocate action");
|
"msre_create_action, not able to allocate action");
|
||||||
|
|
||||||
return NULL;
|
return NULL;
|
||||||
@ -980,13 +980,13 @@ msre_action *msre_create_action(msre_engine *engine, const char *name, const cha
|
|||||||
/* Resolve action */
|
/* Resolve action */
|
||||||
action->metadata = msre_resolve_action(engine, name);
|
action->metadata = msre_resolve_action(engine, name);
|
||||||
if (action->metadata == NULL) {
|
if (action->metadata == NULL) {
|
||||||
*error_msg = apr_psprintf(engine->mp, "Unknown action: %s", name);
|
*error_msg = apr_psprintf(mp, "Unknown action: %s", name);
|
||||||
return NULL;
|
return NULL;
|
||||||
}
|
}
|
||||||
|
|
||||||
if (param == NULL) { /* Parameter not present */
|
if (param == NULL) { /* Parameter not present */
|
||||||
if (action->metadata->argc_min > 0) {
|
if (action->metadata->argc_min > 0) {
|
||||||
*error_msg = apr_psprintf(engine->mp, "Missing mandatory parameter for action %s",
|
*error_msg = apr_psprintf(mp, "Missing mandatory parameter for action %s",
|
||||||
name);
|
name);
|
||||||
return NULL;
|
return NULL;
|
||||||
}
|
}
|
||||||
@ -994,14 +994,14 @@ msre_action *msre_create_action(msre_engine *engine, const char *name, const cha
|
|||||||
|
|
||||||
/* Should we allow the parameter? */
|
/* Should we allow the parameter? */
|
||||||
if (action->metadata->argc_max == 0) {
|
if (action->metadata->argc_max == 0) {
|
||||||
*error_msg = apr_psprintf(engine->mp, "Extra parameter provided to action %s", name);
|
*error_msg = apr_psprintf(mp, "Extra parameter provided to action %s", name);
|
||||||
return NULL;
|
return NULL;
|
||||||
}
|
}
|
||||||
|
|
||||||
/* Handle +/- modificators */
|
/* Handle +/- modificators */
|
||||||
if ((param[0] == '+')||(param[0] == '-')) {
|
if ((param[0] == '+')||(param[0] == '-')) {
|
||||||
if (action->metadata->allow_param_plusminus == 0) {
|
if (action->metadata->allow_param_plusminus == 0) {
|
||||||
*error_msg = apr_psprintf(engine->mp,
|
*error_msg = apr_psprintf(mp,
|
||||||
"Action %s does not allow +/- modificators.", name);
|
"Action %s does not allow +/- modificators.", name);
|
||||||
return NULL;
|
return NULL;
|
||||||
}
|
}
|
||||||
@ -1021,7 +1021,7 @@ msre_action *msre_create_action(msre_engine *engine, const char *name, const cha
|
|||||||
|
|
||||||
/* Validate parameter */
|
/* Validate parameter */
|
||||||
if (action->metadata->validate != NULL) {
|
if (action->metadata->validate != NULL) {
|
||||||
*error_msg = action->metadata->validate(engine, action);
|
*error_msg = action->metadata->validate(engine, mp, action);
|
||||||
if (*error_msg != NULL) return NULL;
|
if (*error_msg != NULL) return NULL;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
@ -1164,7 +1164,7 @@ int msre_parse_generic(apr_pool_t *mp, const char *text, apr_table_t *vartable,
|
|||||||
* Creates an actionset instance and (as an option) populates it by
|
* Creates an actionset instance and (as an option) populates it by
|
||||||
* parsing the given string which contains a list of actions.
|
* parsing the given string which contains a list of actions.
|
||||||
*/
|
*/
|
||||||
msre_actionset *msre_actionset_create(msre_engine *engine, const char *text,
|
msre_actionset *msre_actionset_create(msre_engine *engine, apr_pool_t *mp, const char *text,
|
||||||
char **error_msg)
|
char **error_msg)
|
||||||
{
|
{
|
||||||
msre_actionset *actionset = NULL;
|
msre_actionset *actionset = NULL;
|
||||||
@ -1175,18 +1175,18 @@ msre_actionset *msre_actionset_create(msre_engine *engine, const char *text,
|
|||||||
|
|
||||||
*error_msg = NULL;
|
*error_msg = NULL;
|
||||||
|
|
||||||
actionset = (msre_actionset *)apr_pcalloc(engine->mp,
|
actionset = (msre_actionset *)apr_pcalloc(mp,
|
||||||
sizeof(msre_actionset));
|
sizeof(msre_actionset));
|
||||||
|
|
||||||
if (actionset == NULL) {
|
if (actionset == NULL) {
|
||||||
*error_msg = apr_psprintf(engine->mp, "Internal error: " \
|
*error_msg = apr_psprintf(mp, "Internal error: " \
|
||||||
"msre_actionset_create, not able to allocate msre_actionset");
|
"msre_actionset_create, not able to allocate msre_actionset");
|
||||||
return NULL;
|
return NULL;
|
||||||
}
|
}
|
||||||
|
|
||||||
actionset->actions = apr_table_make(engine->mp, 25);
|
actionset->actions = apr_table_make(mp, 25);
|
||||||
if (actionset->actions == NULL) {
|
if (actionset->actions == NULL) {
|
||||||
*error_msg = apr_psprintf(engine->mp, "Internal error: " \
|
*error_msg = apr_psprintf(mp, "Internal error: " \
|
||||||
"msre_actionset_create, not able to create actions table");
|
"msre_actionset_create, not able to create actions table");
|
||||||
return NULL;
|
return NULL;
|
||||||
}
|
}
|
||||||
@ -1225,10 +1225,10 @@ msre_actionset *msre_actionset_create(msre_engine *engine, const char *text,
|
|||||||
|
|
||||||
/* Parse the list of actions, if it's present */
|
/* Parse the list of actions, if it's present */
|
||||||
if (text != NULL) {
|
if (text != NULL) {
|
||||||
int ret = msre_parse_actions(engine, actionset, text, error_msg);
|
int ret = msre_parse_actions(engine, mp, actionset, text, error_msg);
|
||||||
if (ret < 0) {
|
if (ret < 0) {
|
||||||
if (*error_msg == NULL)
|
if (*error_msg == NULL)
|
||||||
*error_msg = apr_psprintf(engine->mp, "Internal error: " \
|
*error_msg = apr_psprintf(mp, "Internal error: " \
|
||||||
"msre_actionset_create, msre_parse_actions failed " \
|
"msre_actionset_create, msre_parse_actions failed " \
|
||||||
"without further information. Return code: %d", ret);
|
"without further information. Return code: %d", ret);
|
||||||
return NULL;
|
return NULL;
|
||||||
@ -1255,7 +1255,7 @@ static msre_actionset *msre_actionset_copy(apr_pool_t *mp, msre_actionset *orig)
|
|||||||
/**
|
/**
|
||||||
* Merges two actionsets into one.
|
* Merges two actionsets into one.
|
||||||
*/
|
*/
|
||||||
msre_actionset *msre_actionset_merge(msre_engine *engine, msre_actionset *parent,
|
msre_actionset *msre_actionset_merge(msre_engine *engine, apr_pool_t *mp, msre_actionset *parent,
|
||||||
msre_actionset *child, int inherit_by_default)
|
msre_actionset *child, int inherit_by_default)
|
||||||
{
|
{
|
||||||
msre_actionset *merged = NULL;
|
msre_actionset *merged = NULL;
|
||||||
@ -1265,11 +1265,11 @@ msre_actionset *msre_actionset_merge(msre_engine *engine, msre_actionset *parent
|
|||||||
|
|
||||||
if (inherit_by_default == 0) {
|
if (inherit_by_default == 0) {
|
||||||
/* There is nothing to merge in this case. */
|
/* There is nothing to merge in this case. */
|
||||||
return msre_actionset_copy(engine->mp, child);
|
return msre_actionset_copy(mp, child);
|
||||||
}
|
}
|
||||||
|
|
||||||
/* Start with a copy of the parent configuration. */
|
/* Start with a copy of the parent configuration. */
|
||||||
merged = msre_actionset_copy(engine->mp, parent);
|
merged = msre_actionset_copy(mp, parent);
|
||||||
if (merged == NULL) return NULL;
|
if (merged == NULL) return NULL;
|
||||||
|
|
||||||
if (child == NULL) {
|
if (child == NULL) {
|
||||||
@ -1332,6 +1332,7 @@ msre_actionset *msre_actionset_merge(msre_engine *engine, msre_actionset *parent
|
|||||||
msre_actionset *msre_actionset_create_default(msre_engine *engine) {
|
msre_actionset *msre_actionset_create_default(msre_engine *engine) {
|
||||||
char *my_error_msg = NULL;
|
char *my_error_msg = NULL;
|
||||||
return msre_actionset_create(engine,
|
return msre_actionset_create(engine,
|
||||||
|
engine->mp,
|
||||||
"phase:2,log,auditlog,pass",
|
"phase:2,log,auditlog,pass",
|
||||||
&my_error_msg);
|
&my_error_msg);
|
||||||
}
|
}
|
||||||
@ -2407,7 +2408,7 @@ msre_rule *msre_rule_create(msre_ruleset *ruleset, int type,
|
|||||||
/* Parse actions */
|
/* Parse actions */
|
||||||
if (actions != NULL) {
|
if (actions != NULL) {
|
||||||
/* Create per-rule actionset */
|
/* Create per-rule actionset */
|
||||||
rule->actionset = msre_actionset_create(ruleset->engine, actions, &my_error_msg);
|
rule->actionset = msre_actionset_create(ruleset->engine, ruleset->mp, actions, &my_error_msg);
|
||||||
if (rule->actionset == NULL) {
|
if (rule->actionset == NULL) {
|
||||||
*error_msg = apr_psprintf(ruleset->mp, "Error parsing actions: %s", my_error_msg);
|
*error_msg = apr_psprintf(ruleset->mp, "Error parsing actions: %s", my_error_msg);
|
||||||
return NULL;
|
return NULL;
|
||||||
@ -2451,7 +2452,7 @@ msre_rule *msre_rule_lua_create(msre_ruleset *ruleset,
|
|||||||
/* Parse actions */
|
/* Parse actions */
|
||||||
if (actions != NULL) {
|
if (actions != NULL) {
|
||||||
/* Create per-rule actionset */
|
/* Create per-rule actionset */
|
||||||
rule->actionset = msre_actionset_create(ruleset->engine, actions, &my_error_msg);
|
rule->actionset = msre_actionset_create(ruleset->engine, ruleset->mp, actions, &my_error_msg);
|
||||||
if (rule->actionset == NULL) {
|
if (rule->actionset == NULL) {
|
||||||
*error_msg = apr_psprintf(ruleset->mp, "Error parsing actions: %s", my_error_msg);
|
*error_msg = apr_psprintf(ruleset->mp, "Error parsing actions: %s", my_error_msg);
|
||||||
return NULL;
|
return NULL;
|
||||||
|
|||||||
@ -325,10 +325,10 @@ void DSOLOCAL msre_engine_variable_register(msre_engine *engine, const char *nam
|
|||||||
fn_var_validate_t validate, fn_var_generate_t generate,
|
fn_var_validate_t validate, fn_var_generate_t generate,
|
||||||
unsigned int is_cacheable, unsigned int availability);
|
unsigned int is_cacheable, unsigned int availability);
|
||||||
|
|
||||||
msre_actionset DSOLOCAL *msre_actionset_create(msre_engine *engine, const char *text,
|
msre_actionset DSOLOCAL *msre_actionset_create(msre_engine *engine, apr_pool_t *mp, const char *text,
|
||||||
char **error_msg);
|
char **error_msg);
|
||||||
|
|
||||||
msre_actionset DSOLOCAL *msre_actionset_merge(msre_engine *engine, msre_actionset *parent,
|
msre_actionset DSOLOCAL *msre_actionset_merge(msre_engine *engine, apr_pool_t *mp, msre_actionset *parent,
|
||||||
msre_actionset *child, int inherit_by_default);
|
msre_actionset *child, int inherit_by_default);
|
||||||
|
|
||||||
msre_actionset DSOLOCAL *msre_actionset_create_default(msre_engine *engine);
|
msre_actionset DSOLOCAL *msre_actionset_create_default(msre_engine *engine);
|
||||||
@ -337,8 +337,8 @@ void DSOLOCAL msre_actionset_set_defaults(msre_actionset *actionset);
|
|||||||
|
|
||||||
void DSOLOCAL msre_actionset_init(msre_actionset *actionset, msre_rule *rule);
|
void DSOLOCAL msre_actionset_init(msre_actionset *actionset, msre_rule *rule);
|
||||||
|
|
||||||
typedef char *(*fn_action_validate_t)(msre_engine *engine, msre_action *action);
|
typedef char *(*fn_action_validate_t)(msre_engine *engine, apr_pool_t *mp, msre_action *action);
|
||||||
typedef apr_status_t (*fn_action_init_t)(msre_engine *engine, msre_actionset *actionset, msre_action *action);
|
typedef apr_status_t (*fn_action_init_t)(msre_engine *engine, apr_pool_t *mp, msre_actionset *actionset, msre_action *action);
|
||||||
typedef apr_status_t (*fn_action_execute_t)(modsec_rec *msr, apr_pool_t *mptmp, msre_rule *rule, msre_action *action);
|
typedef apr_status_t (*fn_action_execute_t)(modsec_rec *msr, apr_pool_t *mptmp, msre_rule *rule, msre_action *action);
|
||||||
|
|
||||||
#define ACTION_DISRUPTIVE 1
|
#define ACTION_DISRUPTIVE 1
|
||||||
|
|||||||
@ -371,7 +371,7 @@ apr_status_t collection_original_setvar(modsec_rec *msr, const char *col_name, c
|
|||||||
}
|
}
|
||||||
|
|
||||||
/* marker */
|
/* marker */
|
||||||
static apr_status_t msre_action_marker_init(msre_engine *engine, msre_actionset *actionset,
|
static apr_status_t msre_action_marker_init(msre_engine *engine, apr_pool_t *mp, msre_actionset *actionset,
|
||||||
msre_action *action)
|
msre_action *action)
|
||||||
{
|
{
|
||||||
actionset->id = action->param;
|
actionset->id = action->param;
|
||||||
@ -380,24 +380,24 @@ static apr_status_t msre_action_marker_init(msre_engine *engine, msre_actionset
|
|||||||
|
|
||||||
/* id */
|
/* id */
|
||||||
|
|
||||||
static apr_status_t msre_action_id_init(msre_engine *engine, msre_actionset *actionset,
|
static apr_status_t msre_action_id_init(msre_engine *engine, apr_pool_t *mp, msre_actionset *actionset,
|
||||||
msre_action *action)
|
msre_action *action)
|
||||||
{
|
{
|
||||||
actionset->id = action->param;
|
actionset->id = action->param;
|
||||||
return 1;
|
return 1;
|
||||||
}
|
}
|
||||||
|
|
||||||
static char *msre_action_id_validate(msre_engine *engine, msre_action *action) {
|
static char *msre_action_id_validate(msre_engine *engine, apr_pool_t *mp, msre_action *action) {
|
||||||
int id;
|
int id;
|
||||||
|
|
||||||
if(action != NULL && action->param != NULL) {
|
if(action != NULL && action->param != NULL) {
|
||||||
for(id=0;id<strlen(action->param);id++) {
|
for(id=0;id<strlen(action->param);id++) {
|
||||||
if(!apr_isdigit(action->param[id]))
|
if(!apr_isdigit(action->param[id]))
|
||||||
return apr_psprintf(engine->mp, "ModSecurity: Invalid value for action ID: %s", action->param);
|
return apr_psprintf(mp, "ModSecurity: Invalid value for action ID: %s", action->param);
|
||||||
}
|
}
|
||||||
id = atoi(action->param);
|
id = atoi(action->param);
|
||||||
if ((id == LONG_MAX)||(id == LONG_MIN)||(id <= 0)) {
|
if ((id == LONG_MAX)||(id == LONG_MIN)||(id <= 0)) {
|
||||||
return apr_psprintf(engine->mp, "ModSecurity: Invalid value for action ID: %s", action->param);
|
return apr_psprintf(mp, "ModSecurity: Invalid value for action ID: %s", action->param);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -406,7 +406,7 @@ static char *msre_action_id_validate(msre_engine *engine, msre_action *action) {
|
|||||||
|
|
||||||
/* rev */
|
/* rev */
|
||||||
|
|
||||||
static apr_status_t msre_action_rev_init(msre_engine *engine, msre_actionset *actionset,
|
static apr_status_t msre_action_rev_init(msre_engine *engine, apr_pool_t *mp, msre_actionset *actionset,
|
||||||
msre_action *action)
|
msre_action *action)
|
||||||
{
|
{
|
||||||
actionset->rev = action->param;
|
actionset->rev = action->param;
|
||||||
@ -415,7 +415,7 @@ static apr_status_t msre_action_rev_init(msre_engine *engine, msre_actionset *ac
|
|||||||
|
|
||||||
/* msg */
|
/* msg */
|
||||||
|
|
||||||
static apr_status_t msre_action_msg_init(msre_engine *engine, msre_actionset *actionset,
|
static apr_status_t msre_action_msg_init(msre_engine *engine, apr_pool_t *mp, msre_actionset *actionset,
|
||||||
msre_action *action)
|
msre_action *action)
|
||||||
{
|
{
|
||||||
actionset->msg = action->param;
|
actionset->msg = action->param;
|
||||||
@ -424,7 +424,7 @@ static apr_status_t msre_action_msg_init(msre_engine *engine, msre_actionset *ac
|
|||||||
|
|
||||||
/* logdata */
|
/* logdata */
|
||||||
|
|
||||||
static apr_status_t msre_action_logdata_init(msre_engine *engine, msre_actionset *actionset,
|
static apr_status_t msre_action_logdata_init(msre_engine *engine, apr_pool_t *mp, msre_actionset *actionset,
|
||||||
msre_action *action)
|
msre_action *action)
|
||||||
{
|
{
|
||||||
actionset->logdata = action->param;
|
actionset->logdata = action->param;
|
||||||
@ -433,7 +433,7 @@ static apr_status_t msre_action_logdata_init(msre_engine *engine, msre_actionset
|
|||||||
|
|
||||||
/* SanitizeMatchedBytes init */
|
/* SanitizeMatchedBytes init */
|
||||||
|
|
||||||
static apr_status_t msre_action_sanitizeMatchedBytes_init(msre_engine *engine,
|
static apr_status_t msre_action_sanitizeMatchedBytes_init(msre_engine *engine, apr_pool_t *mp,
|
||||||
msre_actionset *actionset, msre_action *action)
|
msre_actionset *actionset, msre_action *action)
|
||||||
{
|
{
|
||||||
char *parse_parm = NULL;
|
char *parse_parm = NULL;
|
||||||
@ -444,7 +444,7 @@ static apr_status_t msre_action_sanitizeMatchedBytes_init(msre_engine *engine,
|
|||||||
|
|
||||||
if (action->param != NULL && strlen(action->param) == 3) {
|
if (action->param != NULL && strlen(action->param) == 3) {
|
||||||
|
|
||||||
ac_param = apr_pstrdup(engine->mp, action->param);
|
ac_param = apr_pstrdup(mp, action->param);
|
||||||
parse_parm = apr_strtok(ac_param,"/",&savedptr);
|
parse_parm = apr_strtok(ac_param,"/",&savedptr);
|
||||||
|
|
||||||
if(apr_isdigit(*parse_parm) && apr_isdigit(*savedptr)) {
|
if(apr_isdigit(*parse_parm) && apr_isdigit(*savedptr)) {
|
||||||
@ -461,7 +461,7 @@ static apr_status_t msre_action_sanitizeMatchedBytes_init(msre_engine *engine,
|
|||||||
|
|
||||||
/* accuracy */
|
/* accuracy */
|
||||||
|
|
||||||
static apr_status_t msre_action_accuracy_init(msre_engine *engine,
|
static apr_status_t msre_action_accuracy_init(msre_engine *engine, apr_pool_t *mp,
|
||||||
msre_actionset *actionset, msre_action *action)
|
msre_actionset *actionset, msre_action *action)
|
||||||
{
|
{
|
||||||
actionset->accuracy = atoi(action->param);
|
actionset->accuracy = atoi(action->param);
|
||||||
@ -470,7 +470,7 @@ static apr_status_t msre_action_accuracy_init(msre_engine *engine,
|
|||||||
|
|
||||||
/* maturity */
|
/* maturity */
|
||||||
|
|
||||||
static apr_status_t msre_action_maturity_init(msre_engine *engine,
|
static apr_status_t msre_action_maturity_init(msre_engine *engine, apr_pool_t *mp,
|
||||||
msre_actionset *actionset, msre_action *action)
|
msre_actionset *actionset, msre_action *action)
|
||||||
{
|
{
|
||||||
actionset->maturity = atoi(action->param);
|
actionset->maturity = atoi(action->param);
|
||||||
@ -479,7 +479,7 @@ static apr_status_t msre_action_maturity_init(msre_engine *engine,
|
|||||||
|
|
||||||
/* ver */
|
/* ver */
|
||||||
|
|
||||||
static apr_status_t msre_action_ver_init(msre_engine *engine,
|
static apr_status_t msre_action_ver_init(msre_engine *engine, apr_pool_t *mp,
|
||||||
msre_actionset *actionset, msre_action *action)
|
msre_actionset *actionset, msre_action *action)
|
||||||
{
|
{
|
||||||
actionset->version = action->param;
|
actionset->version = action->param;
|
||||||
@ -488,7 +488,7 @@ static apr_status_t msre_action_ver_init(msre_engine *engine,
|
|||||||
|
|
||||||
/* severity */
|
/* severity */
|
||||||
|
|
||||||
static apr_status_t msre_action_severity_init(msre_engine *engine,
|
static apr_status_t msre_action_severity_init(msre_engine *engine, apr_pool_t *mp,
|
||||||
msre_actionset *actionset, msre_action *action)
|
msre_actionset *actionset, msre_action *action)
|
||||||
{
|
{
|
||||||
if (strcasecmp(action->param, "emergency") == 0) {
|
if (strcasecmp(action->param, "emergency") == 0) {
|
||||||
@ -515,7 +515,7 @@ static apr_status_t msre_action_severity_init(msre_engine *engine,
|
|||||||
|
|
||||||
/* chain */
|
/* chain */
|
||||||
|
|
||||||
static apr_status_t msre_action_chain_init(msre_engine *engine, msre_actionset *actionset,
|
static apr_status_t msre_action_chain_init(msre_engine *engine, apr_pool_t *mp, msre_actionset *actionset,
|
||||||
msre_action *action)
|
msre_action *action)
|
||||||
{
|
{
|
||||||
actionset->is_chained = 1;
|
actionset->is_chained = 1;
|
||||||
@ -523,7 +523,7 @@ static apr_status_t msre_action_chain_init(msre_engine *engine, msre_actionset *
|
|||||||
}
|
}
|
||||||
|
|
||||||
/* log */
|
/* log */
|
||||||
static apr_status_t msre_action_log_init(msre_engine *engine, msre_actionset *actionset,
|
static apr_status_t msre_action_log_init(msre_engine *engine, apr_pool_t *mp, msre_actionset *actionset,
|
||||||
msre_action *action)
|
msre_action *action)
|
||||||
{
|
{
|
||||||
actionset->log = 1;
|
actionset->log = 1;
|
||||||
@ -531,7 +531,7 @@ static apr_status_t msre_action_log_init(msre_engine *engine, msre_actionset *ac
|
|||||||
}
|
}
|
||||||
|
|
||||||
/* nolog */
|
/* nolog */
|
||||||
static apr_status_t msre_action_nolog_init(msre_engine *engine, msre_actionset *actionset,
|
static apr_status_t msre_action_nolog_init(msre_engine *engine, apr_pool_t *mp, msre_actionset *actionset,
|
||||||
msre_action *action)
|
msre_action *action)
|
||||||
{
|
{
|
||||||
actionset->log = 0;
|
actionset->log = 0;
|
||||||
@ -540,7 +540,7 @@ static apr_status_t msre_action_nolog_init(msre_engine *engine, msre_actionset *
|
|||||||
}
|
}
|
||||||
|
|
||||||
/* auditlog */
|
/* auditlog */
|
||||||
static apr_status_t msre_action_auditlog_init(msre_engine *engine, msre_actionset *actionset,
|
static apr_status_t msre_action_auditlog_init(msre_engine *engine, apr_pool_t *mp, msre_actionset *actionset,
|
||||||
msre_action *action)
|
msre_action *action)
|
||||||
{
|
{
|
||||||
actionset->auditlog = 1;
|
actionset->auditlog = 1;
|
||||||
@ -548,7 +548,7 @@ static apr_status_t msre_action_auditlog_init(msre_engine *engine, msre_actionse
|
|||||||
}
|
}
|
||||||
|
|
||||||
/* noauditlog */
|
/* noauditlog */
|
||||||
static apr_status_t msre_action_noauditlog_init(msre_engine *engine, msre_actionset *actionset,
|
static apr_status_t msre_action_noauditlog_init(msre_engine *engine, apr_pool_t *mp, msre_actionset *actionset,
|
||||||
msre_action *action)
|
msre_action *action)
|
||||||
{
|
{
|
||||||
actionset->auditlog = 0;
|
actionset->auditlog = 0;
|
||||||
@ -556,7 +556,7 @@ static apr_status_t msre_action_noauditlog_init(msre_engine *engine, msre_action
|
|||||||
}
|
}
|
||||||
|
|
||||||
/* block */
|
/* block */
|
||||||
static apr_status_t msre_action_block_init(msre_engine *engine, msre_actionset *actionset,
|
static apr_status_t msre_action_block_init(msre_engine *engine, apr_pool_t *mp, msre_actionset *actionset,
|
||||||
msre_action *action)
|
msre_action *action)
|
||||||
{
|
{
|
||||||
/* Right now we just set a flag and inherit the real disruptive action */
|
/* Right now we just set a flag and inherit the real disruptive action */
|
||||||
@ -565,7 +565,7 @@ static apr_status_t msre_action_block_init(msre_engine *engine, msre_actionset *
|
|||||||
}
|
}
|
||||||
|
|
||||||
/* deny */
|
/* deny */
|
||||||
static apr_status_t msre_action_deny_init(msre_engine *engine, msre_actionset *actionset,
|
static apr_status_t msre_action_deny_init(msre_engine *engine, apr_pool_t *mp, msre_actionset *actionset,
|
||||||
msre_action *action)
|
msre_action *action)
|
||||||
{
|
{
|
||||||
actionset->intercept_action = ACTION_DENY;
|
actionset->intercept_action = ACTION_DENY;
|
||||||
@ -574,12 +574,12 @@ static apr_status_t msre_action_deny_init(msre_engine *engine, msre_actionset *a
|
|||||||
}
|
}
|
||||||
|
|
||||||
/* status */
|
/* status */
|
||||||
static char *msre_action_status_validate(msre_engine *engine, msre_action *action) {
|
static char *msre_action_status_validate(msre_engine *engine, apr_pool_t *mp, msre_action *action) {
|
||||||
/* ENH action->param must be a valid HTTP status code. */
|
/* ENH action->param must be a valid HTTP status code. */
|
||||||
return NULL;
|
return NULL;
|
||||||
}
|
}
|
||||||
|
|
||||||
static apr_status_t msre_action_status_init(msre_engine *engine, msre_actionset *actionset,
|
static apr_status_t msre_action_status_init(msre_engine *engine, apr_pool_t *mp, msre_actionset *actionset,
|
||||||
msre_action *action)
|
msre_action *action)
|
||||||
{
|
{
|
||||||
actionset->intercept_status = atoi(action->param);
|
actionset->intercept_status = atoi(action->param);
|
||||||
@ -587,7 +587,7 @@ static apr_status_t msre_action_status_init(msre_engine *engine, msre_actionset
|
|||||||
}
|
}
|
||||||
|
|
||||||
/* drop */
|
/* drop */
|
||||||
static apr_status_t msre_action_drop_init(msre_engine *engine, msre_actionset *actionset,
|
static apr_status_t msre_action_drop_init(msre_engine *engine, apr_pool_t *mp, msre_actionset *actionset,
|
||||||
msre_action *action)
|
msre_action *action)
|
||||||
{
|
{
|
||||||
actionset->intercept_action = ACTION_DROP;
|
actionset->intercept_action = ACTION_DROP;
|
||||||
@ -596,12 +596,12 @@ static apr_status_t msre_action_drop_init(msre_engine *engine, msre_actionset *a
|
|||||||
}
|
}
|
||||||
|
|
||||||
/* pause */
|
/* pause */
|
||||||
static char *msre_action_pause_validate(msre_engine *engine, msre_action *action) {
|
static char *msre_action_pause_validate(msre_engine *engine, apr_pool_t *mp, msre_action *action) {
|
||||||
/* ENH Validate a positive number. */
|
/* ENH Validate a positive number. */
|
||||||
return NULL;
|
return NULL;
|
||||||
}
|
}
|
||||||
|
|
||||||
static apr_status_t msre_action_pause_init(msre_engine *engine, msre_actionset *actionset,
|
static apr_status_t msre_action_pause_init(msre_engine *engine, apr_pool_t *mp, msre_actionset *actionset,
|
||||||
msre_action *action)
|
msre_action *action)
|
||||||
{
|
{
|
||||||
actionset->intercept_action = ACTION_PAUSE;
|
actionset->intercept_action = ACTION_PAUSE;
|
||||||
@ -611,12 +611,12 @@ static apr_status_t msre_action_pause_init(msre_engine *engine, msre_actionset *
|
|||||||
|
|
||||||
/* redirect */
|
/* redirect */
|
||||||
|
|
||||||
static char *msre_action_redirect_validate(msre_engine *engine, msre_action *action) {
|
static char *msre_action_redirect_validate(msre_engine *engine, apr_pool_t *mp, msre_action *action) {
|
||||||
/* ENH Add validation. */
|
/* ENH Add validation. */
|
||||||
return NULL;
|
return NULL;
|
||||||
}
|
}
|
||||||
|
|
||||||
static apr_status_t msre_action_redirect_init(msre_engine *engine, msre_actionset *actionset,
|
static apr_status_t msre_action_redirect_init(msre_engine *engine, apr_pool_t *mp, msre_actionset *actionset,
|
||||||
msre_action *action)
|
msre_action *action)
|
||||||
{
|
{
|
||||||
actionset->intercept_action = ACTION_REDIRECT;
|
actionset->intercept_action = ACTION_REDIRECT;
|
||||||
@ -643,12 +643,12 @@ static apr_status_t msre_action_redirect_execute(modsec_rec *msr, apr_pool_t *mp
|
|||||||
|
|
||||||
/* proxy */
|
/* proxy */
|
||||||
|
|
||||||
static char *msre_action_proxy_validate(msre_engine *engine, msre_action *action) {
|
static char *msre_action_proxy_validate(msre_engine *engine, apr_pool_t *mp, msre_action *action) {
|
||||||
/* ENH Add validation. */
|
/* ENH Add validation. */
|
||||||
return NULL;
|
return NULL;
|
||||||
}
|
}
|
||||||
|
|
||||||
static apr_status_t msre_action_proxy_init(msre_engine *engine, msre_actionset *actionset,
|
static apr_status_t msre_action_proxy_init(msre_engine *engine, apr_pool_t *mp, msre_actionset *actionset,
|
||||||
msre_action *action)
|
msre_action *action)
|
||||||
{
|
{
|
||||||
actionset->intercept_action = ACTION_PROXY;
|
actionset->intercept_action = ACTION_PROXY;
|
||||||
@ -675,7 +675,7 @@ static apr_status_t msre_action_proxy_execute(modsec_rec *msr, apr_pool_t *mptmp
|
|||||||
|
|
||||||
/* pass */
|
/* pass */
|
||||||
|
|
||||||
static apr_status_t msre_action_pass_init(msre_engine *engine, msre_actionset *actionset,
|
static apr_status_t msre_action_pass_init(msre_engine *engine, apr_pool_t *mp, msre_actionset *actionset,
|
||||||
msre_action *action)
|
msre_action *action)
|
||||||
{
|
{
|
||||||
actionset->intercept_action = ACTION_NONE;
|
actionset->intercept_action = ACTION_NONE;
|
||||||
@ -685,12 +685,12 @@ static apr_status_t msre_action_pass_init(msre_engine *engine, msre_actionset *a
|
|||||||
|
|
||||||
/* skip */
|
/* skip */
|
||||||
|
|
||||||
static char *msre_action_skip_validate(msre_engine *engine, msre_action *action) {
|
static char *msre_action_skip_validate(msre_engine *engine, apr_pool_t *mp, msre_action *action) {
|
||||||
/* ENH Add validation. */
|
/* ENH Add validation. */
|
||||||
return NULL;
|
return NULL;
|
||||||
}
|
}
|
||||||
|
|
||||||
static apr_status_t msre_action_skip_init(msre_engine *engine, msre_actionset *actionset,
|
static apr_status_t msre_action_skip_init(msre_engine *engine, apr_pool_t *mp, msre_actionset *actionset,
|
||||||
msre_action *action)
|
msre_action *action)
|
||||||
{
|
{
|
||||||
actionset->skip_count = atoi(action->param);
|
actionset->skip_count = atoi(action->param);
|
||||||
@ -700,12 +700,12 @@ static apr_status_t msre_action_skip_init(msre_engine *engine, msre_actionset *a
|
|||||||
|
|
||||||
/* skipAfter */
|
/* skipAfter */
|
||||||
|
|
||||||
static char *msre_action_skipAfter_validate(msre_engine *engine, msre_action *action) {
|
static char *msre_action_skipAfter_validate(msre_engine *engine, apr_pool_t *mp, msre_action *action) {
|
||||||
/* ENH Add validation. */
|
/* ENH Add validation. */
|
||||||
return NULL;
|
return NULL;
|
||||||
}
|
}
|
||||||
|
|
||||||
static apr_status_t msre_action_skipAfter_init(msre_engine *engine, msre_actionset *actionset,
|
static apr_status_t msre_action_skipAfter_init(msre_engine *engine, apr_pool_t *mp, msre_actionset *actionset,
|
||||||
msre_action *action)
|
msre_action *action)
|
||||||
{
|
{
|
||||||
actionset->skip_after = action->param;
|
actionset->skip_after = action->param;
|
||||||
@ -714,7 +714,7 @@ static apr_status_t msre_action_skipAfter_init(msre_engine *engine, msre_actions
|
|||||||
|
|
||||||
/* allow */
|
/* allow */
|
||||||
|
|
||||||
static apr_status_t msre_action_allow_init(msre_engine *engine, msre_actionset *actionset,
|
static apr_status_t msre_action_allow_init(msre_engine *engine, apr_pool_t *mp, msre_actionset *actionset,
|
||||||
msre_action *action)
|
msre_action *action)
|
||||||
{
|
{
|
||||||
actionset->intercept_action = ACTION_ALLOW;
|
actionset->intercept_action = ACTION_ALLOW;
|
||||||
@ -732,7 +732,7 @@ static apr_status_t msre_action_allow_init(msre_engine *engine, msre_actionset *
|
|||||||
return 1;
|
return 1;
|
||||||
}
|
}
|
||||||
|
|
||||||
static char *msre_action_allow_validate(msre_engine *engine, msre_action *action) {
|
static char *msre_action_allow_validate(msre_engine *engine, apr_pool_t *mp, msre_action *action) {
|
||||||
if (action->param != NULL) {
|
if (action->param != NULL) {
|
||||||
if (strcasecmp(action->param, "phase") == 0) {
|
if (strcasecmp(action->param, "phase") == 0) {
|
||||||
return NULL;
|
return NULL;
|
||||||
@ -740,7 +740,7 @@ static char *msre_action_allow_validate(msre_engine *engine, msre_action *action
|
|||||||
if (strcasecmp(action->param, "request") == 0) {
|
if (strcasecmp(action->param, "request") == 0) {
|
||||||
return NULL;
|
return NULL;
|
||||||
} else {
|
} else {
|
||||||
return apr_psprintf(engine->mp, "Invalid parameter for allow: %s", action->param);
|
return apr_psprintf(mp, "Invalid parameter for allow: %s", action->param);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -749,12 +749,12 @@ static char *msre_action_allow_validate(msre_engine *engine, msre_action *action
|
|||||||
|
|
||||||
/* phase */
|
/* phase */
|
||||||
|
|
||||||
static char *msre_action_phase_validate(msre_engine *engine, msre_action *action) {
|
static char *msre_action_phase_validate(msre_engine *engine, apr_pool_t *mp, msre_action *action) {
|
||||||
/* ENH Add validation. */
|
/* ENH Add validation. */
|
||||||
return NULL;
|
return NULL;
|
||||||
}
|
}
|
||||||
|
|
||||||
static apr_status_t msre_action_phase_init(msre_engine *engine, msre_actionset *actionset,
|
static apr_status_t msre_action_phase_init(msre_engine *engine, apr_pool_t *mp, msre_actionset *actionset,
|
||||||
msre_action *action)
|
msre_action *action)
|
||||||
{
|
{
|
||||||
if(strcasecmp(action->param,"request") == 0)
|
if(strcasecmp(action->param,"request") == 0)
|
||||||
@ -771,16 +771,16 @@ static apr_status_t msre_action_phase_init(msre_engine *engine, msre_actionset *
|
|||||||
|
|
||||||
/* t */
|
/* t */
|
||||||
|
|
||||||
static char *msre_action_t_validate(msre_engine *engine, msre_action *action) {
|
static char *msre_action_t_validate(msre_engine *engine, apr_pool_t *mp, msre_action *action) {
|
||||||
msre_tfn_metadata *metadata = NULL;
|
msre_tfn_metadata *metadata = NULL;
|
||||||
metadata = msre_engine_tfn_resolve(engine, action->param);
|
metadata = msre_engine_tfn_resolve(engine, action->param);
|
||||||
if (metadata == NULL) return apr_psprintf(engine->mp, "Invalid transformation function: %s",
|
if (metadata == NULL) return apr_psprintf(mp, "Invalid transformation function: %s",
|
||||||
action->param);
|
action->param);
|
||||||
action->param_data = metadata;
|
action->param_data = metadata;
|
||||||
return NULL;
|
return NULL;
|
||||||
}
|
}
|
||||||
|
|
||||||
static apr_status_t msre_action_t_init(msre_engine *engine, msre_actionset *actionset,
|
static apr_status_t msre_action_t_init(msre_engine *engine, apr_pool_t *mp, msre_actionset *actionset,
|
||||||
msre_action *action)
|
msre_action *action)
|
||||||
{
|
{
|
||||||
msre_tfn_metadata *metadata = (msre_tfn_metadata *)action->param_data;
|
msre_tfn_metadata *metadata = (msre_tfn_metadata *)action->param_data;
|
||||||
@ -789,16 +789,16 @@ static apr_status_t msre_action_t_init(msre_engine *engine, msre_actionset *acti
|
|||||||
}
|
}
|
||||||
|
|
||||||
/* ctl */
|
/* ctl */
|
||||||
static char *msre_action_ctl_validate(msre_engine *engine, msre_action *action) {
|
static char *msre_action_ctl_validate(msre_engine *engine, apr_pool_t *mp, msre_action *action) {
|
||||||
char *name = NULL;
|
char *name = NULL;
|
||||||
char *value = NULL;
|
char *value = NULL;
|
||||||
|
|
||||||
/* Parse first. */
|
/* Parse first. */
|
||||||
if (parse_name_eq_value(engine->mp, action->param, &name, &value) < 0) {
|
if (parse_name_eq_value(mp, action->param, &name, &value) < 0) {
|
||||||
return FATAL_ERROR;
|
return FATAL_ERROR;
|
||||||
}
|
}
|
||||||
if (value == NULL) {
|
if (value == NULL) {
|
||||||
return apr_psprintf(engine->mp, "Missing ctl value for name: %s", name);
|
return apr_psprintf(mp, "Missing ctl value for name: %s", name);
|
||||||
}
|
}
|
||||||
|
|
||||||
/* Validate value. */
|
/* Validate value. */
|
||||||
@ -806,25 +806,25 @@ static char *msre_action_ctl_validate(msre_engine *engine, msre_action *action)
|
|||||||
if (strcasecmp(value, "on") == 0) return NULL;
|
if (strcasecmp(value, "on") == 0) return NULL;
|
||||||
if (strcasecmp(value, "off") == 0) return NULL;
|
if (strcasecmp(value, "off") == 0) return NULL;
|
||||||
if (strcasecmp(value, "detectiononly") == 0) return NULL;
|
if (strcasecmp(value, "detectiononly") == 0) return NULL;
|
||||||
return apr_psprintf(engine->mp, "Invalid setting for ctl name ruleEngine: %s", value);
|
return apr_psprintf(mp, "Invalid setting for ctl name ruleEngine: %s", value);
|
||||||
} else
|
} else
|
||||||
if (strcasecmp(name, "ruleRemoveById") == 0) {
|
if (strcasecmp(name, "ruleRemoveById") == 0) {
|
||||||
/* ENH nothing yet */
|
/* ENH nothing yet */
|
||||||
return NULL;
|
return NULL;
|
||||||
} else
|
} else
|
||||||
if (strcasecmp(name, "ruleRemoveByTag") == 0) {
|
if (strcasecmp(name, "ruleRemoveByTag") == 0) {
|
||||||
if (!msc_pregcomp(engine->mp, value, 0, NULL, NULL))
|
if (!msc_pregcomp(mp, value, 0, NULL, NULL))
|
||||||
return apr_psprintf(engine->mp, "ModSecurity: Invalid regular expression \"%s\"", value);
|
return apr_psprintf(mp, "ModSecurity: Invalid regular expression \"%s\"", value);
|
||||||
return NULL;
|
return NULL;
|
||||||
} else
|
} else
|
||||||
if (strcasecmp(name, "ruleRemoveByMsg") == 0) {
|
if (strcasecmp(name, "ruleRemoveByMsg") == 0) {
|
||||||
if (!msc_pregcomp(engine->mp, value, 0, NULL, NULL))
|
if (!msc_pregcomp(mp, value, 0, NULL, NULL))
|
||||||
return apr_psprintf(engine->mp, "ModSecurity: Invalid regular expression \"%s\"", value);
|
return apr_psprintf(mp, "ModSecurity: Invalid regular expression \"%s\"", value);
|
||||||
return NULL;
|
return NULL;
|
||||||
} else
|
} else
|
||||||
if (strcasecmp(name, "requestBodyAccess") == 0) {
|
if (strcasecmp(name, "requestBodyAccess") == 0) {
|
||||||
if (parse_boolean(value) == -1) {
|
if (parse_boolean(value) == -1) {
|
||||||
return apr_psprintf(engine->mp, "Invalid setting for ctl name "
|
return apr_psprintf(mp, "Invalid setting for ctl name "
|
||||||
" requestBodyAccess: %s", value);
|
" requestBodyAccess: %s", value);
|
||||||
}
|
}
|
||||||
return NULL;
|
return NULL;
|
||||||
@ -838,12 +838,12 @@ static char *msre_action_ctl_validate(msre_engine *engine, msre_action *action)
|
|||||||
if (strcasecmp(name, "forceRequestBodyVariable") == 0) {
|
if (strcasecmp(name, "forceRequestBodyVariable") == 0) {
|
||||||
if (strcasecmp(value, "on") == 0) return NULL;
|
if (strcasecmp(value, "on") == 0) return NULL;
|
||||||
if (strcasecmp(value, "off") == 0) return NULL;
|
if (strcasecmp(value, "off") == 0) return NULL;
|
||||||
return apr_psprintf(engine->mp, "Invalid setting for ctl name "
|
return apr_psprintf(mp, "Invalid setting for ctl name "
|
||||||
" forceRequestBodyVariable: %s", value);
|
" forceRequestBodyVariable: %s", value);
|
||||||
} else
|
} else
|
||||||
if (strcasecmp(name, "responseBodyAccess") == 0) {
|
if (strcasecmp(name, "responseBodyAccess") == 0) {
|
||||||
if (parse_boolean(value) == -1) {
|
if (parse_boolean(value) == -1) {
|
||||||
return apr_psprintf(engine->mp, "Invalid setting for ctl name "
|
return apr_psprintf(mp, "Invalid setting for ctl name "
|
||||||
" responseBodyAccess: %s", value);
|
" responseBodyAccess: %s", value);
|
||||||
}
|
}
|
||||||
return NULL;
|
return NULL;
|
||||||
@ -852,38 +852,38 @@ static char *msre_action_ctl_validate(msre_engine *engine, msre_action *action)
|
|||||||
if (strcasecmp(value, "on") == 0) return NULL;
|
if (strcasecmp(value, "on") == 0) return NULL;
|
||||||
if (strcasecmp(value, "off") == 0) return NULL;
|
if (strcasecmp(value, "off") == 0) return NULL;
|
||||||
if (strcasecmp(value, "relevantonly") == 0) return NULL;
|
if (strcasecmp(value, "relevantonly") == 0) return NULL;
|
||||||
return apr_psprintf(engine->mp, "Invalid setting for ctl name "
|
return apr_psprintf(mp, "Invalid setting for ctl name "
|
||||||
" auditEngine: %s", value);
|
" auditEngine: %s", value);
|
||||||
} else
|
} else
|
||||||
if (strcasecmp(name, "auditLogParts") == 0) {
|
if (strcasecmp(name, "auditLogParts") == 0) {
|
||||||
if ((value[0] == '+')||(value[0] == '-')) {
|
if ((value[0] == '+')||(value[0] == '-')) {
|
||||||
if (is_valid_parts_specification(value + 1) != 1) {
|
if (is_valid_parts_specification(value + 1) != 1) {
|
||||||
return apr_psprintf(engine->mp, "Invalid setting for ctl name "
|
return apr_psprintf(mp, "Invalid setting for ctl name "
|
||||||
"auditLogParts: %s", value);
|
"auditLogParts: %s", value);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
else
|
else
|
||||||
if (is_valid_parts_specification(value) != 1) {
|
if (is_valid_parts_specification(value) != 1) {
|
||||||
return apr_psprintf(engine->mp, "Invalid setting for ctl name "
|
return apr_psprintf(mp, "Invalid setting for ctl name "
|
||||||
"auditLogParts: %s", value);
|
"auditLogParts: %s", value);
|
||||||
}
|
}
|
||||||
return NULL;
|
return NULL;
|
||||||
} else
|
} else
|
||||||
if (strcasecmp(name, "debugLogLevel") == 0) {
|
if (strcasecmp(name, "debugLogLevel") == 0) {
|
||||||
if ((atoi(value) >= 0)&&(atoi(value) <= 9)) return NULL;
|
if ((atoi(value) >= 0)&&(atoi(value) <= 9)) return NULL;
|
||||||
return apr_psprintf(engine->mp, "Invalid setting for ctl name "
|
return apr_psprintf(mp, "Invalid setting for ctl name "
|
||||||
"debugLogLevel: %s", value);
|
"debugLogLevel: %s", value);
|
||||||
} else
|
} else
|
||||||
if (strcasecmp(name, "requestBodyLimit") == 0) {
|
if (strcasecmp(name, "requestBodyLimit") == 0) {
|
||||||
long int limit = strtol(value, NULL, 10);
|
long int limit = strtol(value, NULL, 10);
|
||||||
|
|
||||||
if ((limit == LONG_MAX)||(limit == LONG_MIN)||(limit <= 0)) {
|
if ((limit == LONG_MAX)||(limit == LONG_MIN)||(limit <= 0)) {
|
||||||
return apr_psprintf(engine->mp, "Invalid setting for ctl name "
|
return apr_psprintf(mp, "Invalid setting for ctl name "
|
||||||
"requestBodyLimit: %s", value);
|
"requestBodyLimit: %s", value);
|
||||||
}
|
}
|
||||||
|
|
||||||
if (limit > REQUEST_BODY_HARD_LIMIT) {
|
if (limit > REQUEST_BODY_HARD_LIMIT) {
|
||||||
return apr_psprintf(engine->mp, "Request size limit cannot exceed "
|
return apr_psprintf(mp, "Request size limit cannot exceed "
|
||||||
"the hard limit: %ld", RESPONSE_BODY_HARD_LIMIT);
|
"the hard limit: %ld", RESPONSE_BODY_HARD_LIMIT);
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -893,12 +893,12 @@ static char *msre_action_ctl_validate(msre_engine *engine, msre_action *action)
|
|||||||
long int limit = strtol(value, NULL, 10);
|
long int limit = strtol(value, NULL, 10);
|
||||||
|
|
||||||
if ((limit == LONG_MAX)||(limit == LONG_MIN)||(limit <= 0)) {
|
if ((limit == LONG_MAX)||(limit == LONG_MIN)||(limit <= 0)) {
|
||||||
return apr_psprintf(engine->mp, "Invalid setting for ctl name "
|
return apr_psprintf(mp, "Invalid setting for ctl name "
|
||||||
"responseBodyLimit: %s", value);
|
"responseBodyLimit: %s", value);
|
||||||
}
|
}
|
||||||
|
|
||||||
if (limit > RESPONSE_BODY_HARD_LIMIT) {
|
if (limit > RESPONSE_BODY_HARD_LIMIT) {
|
||||||
return apr_psprintf(engine->mp, "Response size limit cannot exceed "
|
return apr_psprintf(mp, "Response size limit cannot exceed "
|
||||||
"the hard limit: %ld", RESPONSE_BODY_HARD_LIMIT);
|
"the hard limit: %ld", RESPONSE_BODY_HARD_LIMIT);
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -911,7 +911,7 @@ static char *msre_action_ctl_validate(msre_engine *engine, msre_action *action)
|
|||||||
parm = apr_strtok(value,";",&savedptr);
|
parm = apr_strtok(value,";",&savedptr);
|
||||||
|
|
||||||
if(parm == NULL && savedptr == NULL)
|
if(parm == NULL && savedptr == NULL)
|
||||||
return apr_psprintf(engine->mp, "ruleRemoveTargetById must has at least id;VARIABLE");
|
return apr_psprintf(mp, "ruleRemoveTargetById must has at least id;VARIABLE");
|
||||||
|
|
||||||
return NULL;
|
return NULL;
|
||||||
} else
|
} else
|
||||||
@ -921,9 +921,9 @@ static char *msre_action_ctl_validate(msre_engine *engine, msre_action *action)
|
|||||||
|
|
||||||
parm = apr_strtok(value,";",&savedptr);
|
parm = apr_strtok(value,";",&savedptr);
|
||||||
if(parm == NULL && savedptr == NULL)
|
if(parm == NULL && savedptr == NULL)
|
||||||
return apr_psprintf(engine->mp, "ruleRemoveTargetByTag must has at least tag;VARIABLE");
|
return apr_psprintf(mp, "ruleRemoveTargetByTag must has at least tag;VARIABLE");
|
||||||
if (!msc_pregcomp(engine->mp, parm, 0, NULL, NULL)) {
|
if (!msc_pregcomp(mp, parm, 0, NULL, NULL)) {
|
||||||
return apr_psprintf(engine->mp, "ModSecurity: Invalid regular expression \"%s\"", parm);
|
return apr_psprintf(mp, "ModSecurity: Invalid regular expression \"%s\"", parm);
|
||||||
}
|
}
|
||||||
return NULL;
|
return NULL;
|
||||||
} else
|
} else
|
||||||
@ -933,27 +933,27 @@ static char *msre_action_ctl_validate(msre_engine *engine, msre_action *action)
|
|||||||
|
|
||||||
parm = apr_strtok(value,";",&savedptr);
|
parm = apr_strtok(value,";",&savedptr);
|
||||||
if(parm == NULL && savedptr == NULL)
|
if(parm == NULL && savedptr == NULL)
|
||||||
return apr_psprintf(engine->mp, "ruleRemoveTargetByMsg must has at least msg;VARIABLE");
|
return apr_psprintf(mp, "ruleRemoveTargetByMsg must has at least msg;VARIABLE");
|
||||||
if (!msc_pregcomp(engine->mp, parm, 0, NULL, NULL)) {
|
if (!msc_pregcomp(mp, parm, 0, NULL, NULL)) {
|
||||||
return apr_psprintf(engine->mp, "ModSecurity: Invalid regular expression \"%s\"", parm);
|
return apr_psprintf(mp, "ModSecurity: Invalid regular expression \"%s\"", parm);
|
||||||
}
|
}
|
||||||
return NULL;
|
return NULL;
|
||||||
} else
|
} else
|
||||||
if (strcasecmp(name, "HashEnforcement") == 0) {
|
if (strcasecmp(name, "HashEnforcement") == 0) {
|
||||||
if (strcasecmp(value, "on") == 0) return NULL;
|
if (strcasecmp(value, "on") == 0) return NULL;
|
||||||
if (strcasecmp(value, "off") == 0) return NULL;
|
if (strcasecmp(value, "off") == 0) return NULL;
|
||||||
return apr_psprintf(engine->mp, "Invalid setting for ctl name HashEnforcement: %s", value);
|
return apr_psprintf(mp, "Invalid setting for ctl name HashEnforcement: %s", value);
|
||||||
} else
|
} else
|
||||||
if (strcasecmp(name, "HashEngine") == 0) {
|
if (strcasecmp(name, "HashEngine") == 0) {
|
||||||
if (strcasecmp(value, "on") == 0) return NULL;
|
if (strcasecmp(value, "on") == 0) return NULL;
|
||||||
if (strcasecmp(value, "off") == 0) return NULL;
|
if (strcasecmp(value, "off") == 0) return NULL;
|
||||||
return apr_psprintf(engine->mp, "Invalid setting for ctl name HashEngine: %s", value);
|
return apr_psprintf(mp, "Invalid setting for ctl name HashEngine: %s", value);
|
||||||
} else {
|
} else {
|
||||||
return apr_psprintf(engine->mp, "Invalid ctl name setting: %s", name);
|
return apr_psprintf(mp, "Invalid ctl name setting: %s", name);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
static apr_status_t msre_action_ctl_init(msre_engine *engine, msre_actionset *actionset,
|
static apr_status_t msre_action_ctl_init(msre_engine *engine, apr_pool_t *mp, msre_actionset *actionset,
|
||||||
msre_action *action)
|
msre_action *action)
|
||||||
{
|
{
|
||||||
/* Do nothing. */
|
/* Do nothing. */
|
||||||
@ -1294,16 +1294,16 @@ static apr_status_t msre_action_ctl_execute(modsec_rec *msr, apr_pool_t *mptmp,
|
|||||||
}
|
}
|
||||||
|
|
||||||
/* xmlns */
|
/* xmlns */
|
||||||
static char *msre_action_xmlns_validate(msre_engine *engine, msre_action *action) {
|
static char *msre_action_xmlns_validate(msre_engine *engine, apr_pool_t *mp, msre_action *action) {
|
||||||
char *name = NULL;
|
char *name = NULL;
|
||||||
char *value = NULL;
|
char *value = NULL;
|
||||||
|
|
||||||
/* Parse first. */
|
/* Parse first. */
|
||||||
if (parse_name_eq_value(engine->mp, action->param, &name, &value) < 0) {
|
if (parse_name_eq_value(mp, action->param, &name, &value) < 0) {
|
||||||
return FATAL_ERROR;
|
return FATAL_ERROR;
|
||||||
}
|
}
|
||||||
if (value == NULL) {
|
if (value == NULL) {
|
||||||
return apr_psprintf(engine->mp, "Missing xmlns href for prefix: %s", name);
|
return apr_psprintf(mp, "Missing xmlns href for prefix: %s", name);
|
||||||
}
|
}
|
||||||
|
|
||||||
/* Don't do anything else right now, we are just storing
|
/* Don't do anything else right now, we are just storing
|
||||||
@ -2165,7 +2165,7 @@ static apr_status_t msre_action_setrsc_execute(modsec_rec *msr, apr_pool_t *mptm
|
|||||||
}
|
}
|
||||||
|
|
||||||
/* exec */
|
/* exec */
|
||||||
static char *msre_action_exec_validate(msre_engine *engine, msre_action *action) {
|
static char *msre_action_exec_validate(msre_engine *engine, apr_pool_t *mp, msre_action *action) {
|
||||||
#if defined(WITH_LUA)
|
#if defined(WITH_LUA)
|
||||||
char *filename = (char *)action->param;
|
char *filename = (char *)action->param;
|
||||||
|
|
||||||
@ -2179,7 +2179,7 @@ static char *msre_action_exec_validate(msre_engine *engine, msre_action *action)
|
|||||||
msc_script *script = NULL;
|
msc_script *script = NULL;
|
||||||
|
|
||||||
/* Compile script. */
|
/* Compile script. */
|
||||||
char *msg = lua_compile(&script, filename, engine->mp);
|
char *msg = lua_compile(&script, filename, mp);
|
||||||
if (msg != NULL) return msg;
|
if (msg != NULL) return msg;
|
||||||
|
|
||||||
action->param_data = script;
|
action->param_data = script;
|
||||||
|
|||||||
@ -266,7 +266,7 @@ const char *modsecProcessConfig(directory_config *config, const char *file, cons
|
|||||||
incpath = file;
|
incpath = file;
|
||||||
|
|
||||||
/* locate the start of the directories proper */
|
/* locate the start of the directories proper */
|
||||||
status = apr_filepath_root(&rootpath, &incpath, APR_FILEPATH_TRUENAME | APR_FILEPATH_NATIVE, pool);
|
status = apr_filepath_root(&rootpath, &incpath, APR_FILEPATH_TRUENAME | APR_FILEPATH_NATIVE, config->mp);
|
||||||
|
|
||||||
/* we allow APR_SUCCESS and APR_EINCOMPLETE */
|
/* we allow APR_SUCCESS and APR_EINCOMPLETE */
|
||||||
if (APR_ERELATIVE == status) {
|
if (APR_ERELATIVE == status) {
|
||||||
@ -274,20 +274,20 @@ const char *modsecProcessConfig(directory_config *config, const char *file, cons
|
|||||||
|
|
||||||
if(dir[li] != '/' && dir[li] != '\\')
|
if(dir[li] != '/' && dir[li] != '\\')
|
||||||
#ifdef WIN32
|
#ifdef WIN32
|
||||||
file = apr_pstrcat(pool, dir, "\\", file, NULL);
|
file = apr_pstrcat(config->mp, dir, "\\", file, NULL);
|
||||||
#else
|
#else
|
||||||
file = apr_pstrcat(pool, dir, "/", file, NULL);
|
file = apr_pstrcat(config->mp, dir, "/", file, NULL);
|
||||||
#endif
|
#endif
|
||||||
else
|
else
|
||||||
file = apr_pstrcat(pool, dir, file, NULL);
|
file = apr_pstrcat(config->mp, dir, file, NULL);
|
||||||
}
|
}
|
||||||
else if (APR_EBADPATH == status) {
|
else if (APR_EBADPATH == status) {
|
||||||
return apr_pstrcat(pool, "Config file has a bad path, ", file, NULL);
|
return apr_pstrcat(config->mp, "Config file has a bad path, ", file, NULL);
|
||||||
}
|
}
|
||||||
|
|
||||||
apr_pool_create(&ptemp, pool);
|
apr_pool_create(&ptemp, config->mp);
|
||||||
|
|
||||||
err = process_command_config(server, config, pool, ptemp, file);
|
err = process_command_config(server, config, config->mp, ptemp, file);
|
||||||
|
|
||||||
apr_pool_destroy(ptemp);
|
apr_pool_destroy(ptemp);
|
||||||
|
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user