github_mirrors/ModSecurity
3
0
Fork 1
mirror of https://github.com/owasp-modsecurity/ModSecurity.git synced 2026-01-13 06:57:10 +03:00
Code Issues Packages Projects Releases Wiki Activity

Attempt to handle Apache filter error codes instead of incorrectly looking them up as APR error codes.

Browse Source
This commit is contained in:
b1v1r
2009-08-27 07:38:26 +00:00
parent 13f35361a0
commit 3afae2ff91
2 changed files with 25 additions and 15 deletions
Download Patch File Download Diff File Expand all files Collapse all files

14
CHANGES
View File

@@ -1,5 +1,7 @@
24 Aug 2009 - 2.5.10-dev3 26 Aug 2009 - 2.5.10
------------------------- --------------------
* Added more detailed messages to replace "Unknown error" in filters.
* Added SecAuditLogDirMode and SecAuditLogFileMode to allow fine tuning * Added SecAuditLogDirMode and SecAuditLogFileMode to allow fine tuning
auditlog permissions (especially with mpm-itk). auditlog permissions (especially with mpm-itk).
@@ -8,20 +10,12 @@
* Cleanup build scripts. * Cleanup build scripts.
12 Aug 2009 - 2.5.10-dev2
-------------------------
* Fixed crash on configuration if SecMarker is used before any rules. * Fixed crash on configuration if SecMarker is used before any rules.
* Fixed SecRuleUpdateActionById so that it will work on chain starters. * Fixed SecRuleUpdateActionById so that it will work on chain starters.
* Cleanup build system for mlogc. * Cleanup build system for mlogc.
03 Aug 2009 - 2.5.10-dev1
-------------------------
* Allow mlogc to periodically flush memory pools. * Allow mlogc to periodically flush memory pools.
* Using nolog,auditlog will now log the "Message:" line to the auditlog, but * Using nolog,auditlog will now log the "Message:" line to the auditlog, but

26
apache2/apache2_io.c
View File

@@ -16,6 +16,8 @@
* directly using the email address support@breach.com. * directly using the email address support@breach.com.
* *
*/ */
#include <util_filter.h>
#include "modsecurity.h" #include "modsecurity.h"
#include "apache2.h" #include "apache2.h"
@@ -182,14 +184,14 @@ apr_status_t read_request_body(modsec_rec *msr, char **error_msg) {
rc = ap_get_brigade(r->input_filters, bb_in, AP_MODE_READBYTES, APR_BLOCK_READ, HUGE_STRING_LEN); rc = ap_get_brigade(r->input_filters, bb_in, AP_MODE_READBYTES, APR_BLOCK_READ, HUGE_STRING_LEN);
if (rc != APR_SUCCESS) { if (rc != APR_SUCCESS) {
/* NOTE Apache returns -3 here when the request is too large /* NOTE Apache returns AP_FILTER_ERROR here when the request is
* and APR_EGENERAL when the client disconnects. * too large and APR_EGENERAL when the client disconnects.
*/ */
switch(rc) { switch(rc) {
case APR_TIMEUP : case APR_TIMEUP :
*error_msg = apr_psprintf(msr->mp, "Error reading request body: %s", get_apr_error(msr->mp, rc)); *error_msg = apr_psprintf(msr->mp, "Error reading request body: %s", get_apr_error(msr->mp, rc));
return -4; return -4;
case -3 : case AP_FILTER_ERROR :
*error_msg = apr_psprintf(msr->mp, "Error reading request body: HTTP Error 413 - Request entity too large. (Most likely.)"); *error_msg = apr_psprintf(msr->mp, "Error reading request body: HTTP Error 413 - Request entity too large. (Most likely.)");
return -3; return -3;
case APR_EGENERAL : case APR_EGENERAL :
@@ -417,8 +419,22 @@ static apr_status_t send_of_brigade(modsec_rec *msr, ap_filter_t *f) {
} }
if (msr->txcfg->debuglog_level >= log_level) { if (msr->txcfg->debuglog_level >= log_level) {
msr_log(msr, log_level, "Output filter: Error while forwarding response data (%d): %s", switch(rc) {
rc, get_apr_error(msr->mp, rc)); case AP_NOBODY_WROTE :
msr_log(msr, log_level, "Output filter: Error while forwarding response data (%d): No data", rc);
break;
case AP_FILTER_ERROR :
/* Look like this is caused by the error
* already being handled, so we should ignore it
*
msr_log(msr, log_level, "Output filter: Error while forwarding response data (%d): Filter error", rc);
*/
break;
default :
msr_log(msr, log_level, "Output filter: Error while forwarding response data (%d): %s",
rc, get_apr_error(msr->mp, rc));
break;
}
} }
return rc; return rc;