github_mirrors/ModSecurity
3
0
Fork 1
mirror of https://github.com/owasp-modsecurity/ModSecurity.git synced 2025-09-29 11:16:33 +03:00
Code Issues Packages Projects Releases Wiki Activity

Let body parsers observe SecRequestBodyNoFilesLimit

Browse Source 
Previously, modsecurity_request_body_store would keep feeding the body parsers (JSON/XML/Multipart) even after the SecRequestBodyNoFilesLimit limit was met. This change prevents this. Also, modsecurity_request_body_end now returns an error code when the limit is met, so that a message can be logged for this event.
This commit is contained in:
Allan Boll
2017-11-06 14:03:25 -08:00
committed by Felipe Zimmerle
parent 89f5427c1c
commit 2ae357be88
2 changed files with 17 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
apache2/apache2_io.c
View File

@@ -335,8 +335,7 @@ apr_status_t read_request_body(modsec_rec *msr, char **error_msg) {
apr_brigade_cleanup(bb_in);
} while(!finished_reading);
// TODO: Why ignore the return code here?
modsecurity_request_body_end(msr, error_msg);
apr_status_t rcbe = modsecurity_request_body_end(msr, error_msg);
if (msr->txcfg->debuglog_level >= 4) {
msr_log(msr, 4, "Input filter: Completed receiving request body (length %" APR_SIZE_T_FMT ").",
@@ -345,7 +344,7 @@ apr_status_t read_request_body(modsec_rec *msr, char **error_msg) {
msr->if_status = IF_STATUS_WANTS_TO_RUN;
return 1;
return rcbe;
}