Handle out-of-disk-space conditions gracefully when writing to audit log.

2025-08-13 21:36:00 +03:00 · 2007-11-27 10:52:14 +00:00 · 2007-11-27 10:52:14 +00:00 · 4a08d7e6bf
commit 4a08d7e6bf
parent 800cfc2cc2
2 changed files with 31 additions and 11 deletions
--- a/3
+++ b/3
@ -2,6 +2,9 @@
 26 Nov 2007 - 2.5.0-dev3
 ------------------------

+ * Enhance handling of the case where we run out of disk space while
+   writing to audit log entry.
+
 * Renamed SecGeoLookupsDb to SecGeoLookupDB.

 * Implement SecComponentSignature.
--- a/apache2/msc_logging.c
+++ b/apache2/msc_logging.c
@ -23,22 +23,39 @@ static int sec_auditlog_write(modsec_rec *msr, const char *data, unsigned int le
    apr_size_t nbytes_written, nbytes = len;
    apr_status_t rc;

-    if ((msr->new_auditlog_fd == NULL)||(data == NULL)) return -1;
+    /* Do nothing if there's no data. */
+    if (data == NULL) return -1;

-    rc = apr_file_write_full(msr->new_auditlog_fd, data, nbytes, &nbytes_written);
-    if (rc != APR_SUCCESS) {
-        msr_log(msr, 1, "Audit log: Failed writing (requested %" APR_SIZE_T_FMT
-            " bytes, written %" APR_SIZE_T_FMT ")", nbytes, nbytes_written);
-        return -1;
-    }
-
-    /* Note the following will only take into account the actual
-     * amount of bytes we've written.
+    /* Update size counters and the hash calculation. We always do this,
+     * even in cases where write fails. That will make it easier to detect
+     * problems with partial writes.
     */
    msr->new_auditlog_size += nbytes_written;
    apr_md5_update(&msr->new_auditlog_md5ctx, data, nbytes_written);

-    return rc;
+    /* Do not write if we do not have a file descriptor. */
+    if (msr->new_auditlog_fd == NULL) return -1;
+
+    /* Write data to file. */
+    rc = apr_file_write_full(msr->new_auditlog_fd, data, nbytes, &nbytes_written);
+    if (rc != APR_SUCCESS) {
+        msr_log(msr, 1, "Audit log: Failed writing (requested %" APR_SIZE_T_FMT
+            " bytes, written %" APR_SIZE_T_FMT ")", nbytes, nbytes_written);
+
+        /* Set to NULL to prevent more than one error message on
+         * out-of-disk-space events and to prevent further attempts
+         * to write to the same file in this request.
+         *
+         * Note that, as we opened the file throught the pool mechanism of
+         * the APR, we do not need to close the file here. It will be closed
+         * automatically at the end of the request.
+         */
+        msr->new_auditlog_fd = NULL;
+
+        return -1;
+    }    
+
+    return 1;
 }

 /**