From 3afae2ff91bfc687a42a9a818ca94799362f6f0d Mon Sep 17 00:00:00 2001
From: b1v1r <b1v1r@9017d574-64ec-4062-9424-5e00b32a252b>
Date: Thu, 27 Aug 2009 07:38:26 +0000
Subject: [PATCH] Attempt to handle Apache filter error codes instead of
 incorrectly looking them up as APR error codes.

---
 CHANGES              | 14 ++++----------
 apache2/apache2_io.c | 26 +++++++++++++++++++++-----
 2 files changed, 25 insertions(+), 15 deletions(-)

diff --git a/CHANGES b/CHANGES
index b3c1a642..598fcbeb 100644
--- a/CHANGES
+++ b/CHANGES
@@ -1,5 +1,7 @@
-24 Aug 2009 - 2.5.10-dev3
--------------------------
+26 Aug 2009 - 2.5.10
+--------------------
+
+ * Added more detailed messages to replace "Unknown error" in filters.
 
  * Added SecAuditLogDirMode and SecAuditLogFileMode to allow fine tuning
    auditlog permissions (especially with mpm-itk).
@@ -8,20 +10,12 @@
 
  * Cleanup build scripts.
 
-
-12 Aug 2009 - 2.5.10-dev2
--------------------------
-
  * Fixed crash on configuration if SecMarker is used before any rules.
 
  * Fixed SecRuleUpdateActionById so that it will work on chain starters.
 
  * Cleanup build system for mlogc.
 
-
-03 Aug 2009 - 2.5.10-dev1
--------------------------
-
  * Allow mlogc to periodically flush memory pools.
 
  * Using nolog,auditlog will now log the "Message:" line to the auditlog, but
diff --git a/apache2/apache2_io.c b/apache2/apache2_io.c
index 85964c49..ac072a89 100644
--- a/apache2/apache2_io.c
+++ b/apache2/apache2_io.c
@@ -16,6 +16,8 @@
  * directly using the email address support@breach.com.
  *
  */
+#include <util_filter.h>
+
 #include "modsecurity.h"
 #include "apache2.h"
 
@@ -182,14 +184,14 @@ apr_status_t read_request_body(modsec_rec *msr, char **error_msg) {
 
         rc = ap_get_brigade(r->input_filters, bb_in, AP_MODE_READBYTES, APR_BLOCK_READ, HUGE_STRING_LEN);
         if (rc != APR_SUCCESS) {
-            /* NOTE Apache returns -3 here when the request is too large
-             *      and APR_EGENERAL when the client disconnects.
+            /* NOTE Apache returns AP_FILTER_ERROR here when the request is
+             *      too large and APR_EGENERAL when the client disconnects.
              */
             switch(rc) {
                 case APR_TIMEUP :
                     *error_msg = apr_psprintf(msr->mp, "Error reading request body: %s", get_apr_error(msr->mp, rc));
                     return -4;
-                case -3 :
+                case AP_FILTER_ERROR :
                     *error_msg = apr_psprintf(msr->mp, "Error reading request body: HTTP Error 413 - Request entity too large. (Most likely.)");
                     return -3;
                 case APR_EGENERAL :
@@ -417,8 +419,22 @@ static apr_status_t send_of_brigade(modsec_rec *msr, ap_filter_t *f) {
         }
 
         if (msr->txcfg->debuglog_level >= log_level) {
-            msr_log(msr, log_level, "Output filter: Error while forwarding response data (%d): %s",
-                rc, get_apr_error(msr->mp, rc));
+            switch(rc) {
+                case AP_NOBODY_WROTE :
+                    msr_log(msr, log_level, "Output filter: Error while forwarding response data (%d): No data", rc);
+                    break;
+                case AP_FILTER_ERROR :
+                    /* Look like this is caused by the error
+                     * already being handled, so we should ignore it
+                     *
+                    msr_log(msr, log_level, "Output filter: Error while forwarding response data (%d): Filter error", rc);
+                     */
+                    break;
+                default :
+                    msr_log(msr, log_level, "Output filter: Error while forwarding response data (%d): %s",
+                        rc, get_apr_error(msr->mp, rc));
+                    break;
+            }
         }
 
         return rc;