merge upstream & update configs

2025-11-16 17:41:52 +03:00 · 2013-08-23 13:54:30 +03:00
parent 7ff4e465bf
commit 3b92a030c7
97 changed files with 223 additions and 28 deletions
--- a/java/Makefile.am
+++ b/java/Makefile.am
@@ -1,5 +1,9 @@
 pkglibdir = $(prefix)/lib
 pkglib_LTLIBRARIES = libModSecurityJNI.la
+#include_HEADERS = re.h modsecurity.h msc_logging.h msc_multipart.h \
+#                  msc_parsers.h msc_pcre.h msc_util.h msc_xml.h \
+#                  persist_dbm.h apache2.h msc_geo.h acmp.h utf8tables.h \
+#                  msc_lua.h msc_release.h

 libModSecurityJNI_la_SOURCES = ../apache2/mod_security2.c \
                           ../apache2/apache2_config.c ../apache2/apache2_io.c ../apache2/apache2_util.c \
@@ -7,19 +11,19 @@ libModSecurityJNI_la_SOURCES = ../apache2/mod_security2.c \
                           ../apache2/re_variables.c ../apache2/msc_logging.c ../apache2/msc_xml.c \
                           ../apache2/msc_multipart.c ../apache2/modsecurity.c ../apache2/msc_parsers.c \
                           ../apache2/msc_util.c ../apache2/msc_pcre.c ../apache2/persist_dbm.c ../apache2/msc_reqbody.c \
-     			   ../apache2/msc_geo.c ../apache2/msc_gsb.c ../apache2/msc_unicode.c \
-     			   ../apache2/acmp.c ../apache2/msc_lua.c ../apache2/msc_release.c \
-     			   ../apache2/msc_crypt.c ../apache2/msc_tree.c
-                           ../standalone/api.c ../standalone/buckets.c \
-                           ../standalone/config.c ../standalone/filters.c \
-                           ../standalone/hooks.c ../standalone/regex.c ../standalone/server.c \
-                           org_modsecurity_ModSecurity.c
+      ../apache2/msc_geo.c ../apache2/msc_gsb.c ../apache2/msc_unicode.c \
+      ../apache2/acmp.c ../apache2/msc_lua.c ../apache2/msc_release.c \
+      ../apache2/msc_crypt.c ../apache2/msc_tree.c ../apache2/libinjection/libinjection_sqli.c \
+      ../standalone/api.c ../standalone/buckets.c \
+      ../standalone/config.c ../standalone/filters.c \
+      ../standalone/hooks.c ../standalone/regex.c ../standalone/server.c \
+      org_modsecurity_ModSecurity.c

 libModSecurityJNI_la_CFLAGS = @APXS_CFLAGS@ @APR_CFLAGS@ @APU_CFLAGS@ \
-                          @PCRE_CFLAGS@ @LIBXML2_CFLAGS@ @LUA_CFLAGS@ @MODSEC_EXTRA_CFLAGS@  @CURL_CFLAGS@
+                          @PCRE_CFLAGS@ @LIBXML2_CFLAGS@ @LUA_CFLAGS@ @MODSEC_EXTRA_CFLAGS@  @CURL_CFLAGS@ -DVERSION_NGINX
 #libModSecurityJNI_la_CXXFLAGS = @APXS_CFLAGS@ @APR_CFLAGS@ @APU_CFLAGS@ \
 #                          @PCRE_CFLAGS@ @LIBXML2_CFLAGS@ @LUA_CFLAGS@ @MODSEC_EXTRA_CFLAGS@  @CURL_CFLAGS@
-libModSecurityJNI_la_CPPFLAGS = @APR_CPPFLAGS@ @PCRE_CPPFLAGS@ @LIBXML2_CPPFLAGS@ @JNI_CPPFLAGS@
+libModSecurityJNI_la_CPPFLAGS = @APR_CPPFLAGS@ @PCRE_CPPFLAGS@ @LIBXML2_CPPFLAGS@ @JNI_CPPFLAGS@ @STANDALONE_CPPFLAGS@
 libModSecurityJNI_la_LIBADD = @APR_LDADD@ @APU_LDADD@ @PCRE_LDADD@ @LIBXML2_LDADD@ @LUA_LDADD@

 if AIX
--- a/java/ModSecurityJNI.vcxproj
+++ b/java/ModSecurityJNI.vcxproj
@@ -71,7 +71,7 @@
    <ClCompile>
      <WarningLevel>Level3</WarningLevel>
      <Optimization>Disabled</Optimization>
-      <AdditionalIncludeDirectories>..\standalone;c:\Program Files (x86)\Java\jdk1.7.0_21\include\win32;c:\Program Files (x86)\Java\jdk1.7.0_21\include;C:\work\pcre-8.30\include;C:\work\pcre-8.30;C:\work\libxml2-2.7.7\include;C:\apache22\include;..\apache2;c:\work\httpd-2.2.24\include</AdditionalIncludeDirectories>
+      <AdditionalIncludeDirectories>..\standalone;c:\Program Files (x86)\Java\jdk1.7.0_21\include\win32;c:\Program Files (x86)\Java\jdk1.7.0_21\include;C:\work\pcre-8.30\include;C:\work\pcre-8.30;C:\work\libxml2-2.7.7\include;C:\apache22\include;..\apache2;..\apache\libinjection\;c:\work\httpd-2.2.24\include</AdditionalIncludeDirectories>
      <PreprocessorDefinitions>_MBCS;%(PreprocessorDefinitions);WIN32;WINNT;inline=APR_INLINE;AP_DECLARE_STATIC;VERSION_STANDALONE</PreprocessorDefinitions>
      <DisableSpecificWarnings>4244;4018</DisableSpecificWarnings>
    </ClCompile>
--- a/java/ModSecurityLoader/dist/ModSecurityLoader.jar
+++ b/java/ModSecurityLoader/dist/ModSecurityLoader.jar
--- a/java/ModSecurityLoader/src/org/modsecurity/loader/ModSecurityLoader.java
+++ b/java/ModSecurityLoader/src/org/modsecurity/loader/ModSecurityLoader.java
@@ -46,7 +46,7 @@ public class ModSecurityLoader {
        }
    }
    
-    public void main(String[] args) {
+    public static void main(String[] args) {
        
    }
 }
--- a/java/ModSecurityTestApp/dist/ModSecurityTestApp.war
+++ b/java/ModSecurityTestApp/dist/ModSecurityTestApp.war
--- a/java/ModSecurityTestApp/src/java/org/modsecurity/ModSecurity.java
+++ b/java/ModSecurityTestApp/src/java/org/modsecurity/ModSecurity.java
@@ -22,7 +22,6 @@ public final class ModSecurity {
        //ModSecurityLoader calls System.load() for every native library needed by ModSecurity.
 //        try {
 //            Class.forName("org.modsecurity.loader.ModSecurityLoader");
-//            System.out.println("ModSecurity libraries loaded.");
 //        } catch (ClassNotFoundException ex) {
 //            java.util.logging.Logger.getLogger(ModSecurity.class.getName()).log(java.util.logging.Level.SEVERE,
 //                    "ModSecurityLoader was not found, please make sure that you have \"ModSecurityLoader.jar\" in your server lib folder.", ex);
@@ -30,13 +29,6 @@ public final class ModSecurity {

        //If the ModSecurityLoader is not used, native libraries can be loaded here, however this is bad practice since this will raise UnsatisfiedLinkError if 
        //ModSecurity is used in multiple webapps. This will also will raise problems when the web-app is redeployed and the server is running.
-//        System.load("c:\\work\\mod_security\\java\\libs\\zlib1.dll");
-//        System.load("c:\\work\\mod_security\\java\\libs\\libxml2.dll");
-//        System.load("c:\\work\\mod_security\\java\\libs\\pcre.dll");
-//        System.load("c:\\work\\mod_security\\java\\libs\\libapr-1.dll");
-//        System.load("c:\\work\\mod_security\\java\\libs\\libapriconv-1.dll");
-//        System.load("c:\\work\\mod_security\\java\\libs\\libaprutil-1.dll");
-//        System.load("c:\\work\\mod_security\\java\\Debug\\ModSecurityJNI.dll");
        try {
        System.loadLibrary("zlib1"); //needed for libxml2 in Windows
        } catch(UnsatisfiedLinkError ex) {
@@ -45,11 +37,20 @@ public final class ModSecurity {
        System.loadLibrary("pcre");
        System.loadLibrary("libapr-1");
        try {
-        System.loadLibrary("libapriconv-1");
-        } catch(UnsatisfiedLinkError ex) { //needed for libaprutil-1 in Windows
+        System.loadLibrary("libapriconv-1"); //needed for libaprutil-1 in Windows
+        } catch(UnsatisfiedLinkError ex) {
        }
        System.loadLibrary("libaprutil-1");
        System.loadLibrary("ModSecurityJNI");
+        //System.loadLibrary tries to resolve native libraries from java.library.path variable. If this fails, absolute path to libraries
+        //can be specified using System.load("/path/lib.so")
+//        try { System.load("c:\\work\\mod_security\\java\\libs\\zlib1.dll"); } catch(UnsatisfiedLinkError ex) {}
+//        System.load("c:\\work\\mod_security\\java\\libs\\libxml2.dll");
+//        System.load("c:\\work\\mod_security\\java\\libs\\pcre.dll");
+//        System.load("c:\\work\\mod_security\\java\\libs\\libapr-1.dll");
+//        try { System.load("c:\\work\\mod_security\\java\\libs\\libapriconv-1.dll"); } catch(UnsatisfiedLinkError ex) {}
+//        System.load("c:\\work\\mod_security\\java\\libs\\libaprutil-1.dll");
+//        System.load("c:\\work\\mod_security\\java\\Debug\\ModSecurityJNI.dll");
    }

    public ModSecurity(FilterConfig fc, String confFile) throws ServletException {
--- a/java/org_modsecurity_ModSecurity.c
+++ b/java/org_modsecurity_ModSecurity.c
@@ -214,8 +214,14 @@ void logSec(void *obj, int level, char *str)

 apr_status_t ReadBodyCallback(request_rec *r, char *buf, unsigned int length, unsigned int *readcnt, int *is_eos)
 {
-	jobject inputStream = getJavaServletContext(r, JAVASERVLET_INSTREAM); //servlet request input stream
 	JNIEnv *env;
+	jclass inputStreamClass;
+	jmethodID read;
+	jbyteArray byteArrayBuf;
+	jint count;
+	jbyte *bufferPtr;
+	jobject inputStream = getJavaServletContext(r, JAVASERVLET_INSTREAM); //servlet request input stream
+	

 	*readcnt = 0;

@@ -228,13 +234,13 @@ apr_status_t ReadBodyCallback(request_rec *r, char *buf, unsigned int length, un
 	if (!(*jvm)->AttachCurrentThread(jvm, (void **)&env, NULL))
 	{
 		//read request body from the servlet input stream using 'read' method
-		jclass inputStreamClass = (*env)->FindClass(env, SERVLETINPUTSTREAM_JAVACLASS); 
-		jmethodID read = (*env)->GetMethodID(env, inputStreamClass, INPUTSTREAM_READ_MET, INPUTSTREAM_READ_SIG);
+		inputStreamClass = (*env)->FindClass(env, SERVLETINPUTSTREAM_JAVACLASS); 
+		read = (*env)->GetMethodID(env, inputStreamClass, INPUTSTREAM_READ_MET, INPUTSTREAM_READ_SIG);

-		jbyteArray byteArrayBuf = (*env)->NewByteArray(env, length);
+		byteArrayBuf = (*env)->NewByteArray(env, length);

-		jint count = (*env)->CallIntMethod(env, inputStream, read, byteArrayBuf, 0, length);
-		jbyte* bufferPtr = (*env)->GetByteArrayElements(env, byteArrayBuf, NULL);
+		count = (*env)->CallIntMethod(env, inputStream, read, byteArrayBuf, 0, length);
+		bufferPtr = (*env)->GetByteArrayElements(env, byteArrayBuf, NULL);

 		if (count == -1 || count > length || (*env)->ExceptionCheck(env) == JNI_TRUE) //end of stream
 		{