From 549f059480075d031386e87b54aa9f164b8a2a3f Mon Sep 17 00:00:00 2001 From: brenosilva Date: Wed, 8 Dec 2010 18:58:18 +0000 Subject: [PATCH] move 2.5.13 into trunk --- MODSECURITY_LICENSING_EXCEPTION | 4 +- README.TXT | 2 +- alp2/alp2.c | 6 +-- alp2/alp2.h | 6 +-- alp2/alp2_pp.c | 6 +-- alp2/alp2_pp.h | 6 +-- apache2/acmp.c | 6 +-- apache2/acmp.h | 6 +-- apache2/apache2.h | 6 +-- apache2/apache2_config.c | 8 ++- apache2/apache2_io.c | 6 +-- apache2/apache2_util.c | 6 +-- apache2/mod_security2.c | 78 +++++++++++++++++++++++++-- apache2/modsecurity.c | 27 ++++++++-- apache2/modsecurity.h | 9 ++-- apache2/msc_geo.c | 34 ++++++++++-- apache2/msc_geo.h | 6 +-- apache2/msc_logging.c | 6 +-- apache2/msc_logging.h | 6 +-- apache2/msc_lua.c | 53 +++++++++++++++++-- apache2/msc_lua.h | 6 +-- apache2/msc_multipart.c | 6 +-- apache2/msc_multipart.h | 6 +-- apache2/msc_parsers.c | 6 +-- apache2/msc_parsers.h | 6 +-- apache2/msc_pcre.c | 6 +-- apache2/msc_pcre.h | 6 +-- apache2/msc_release.c | 8 +-- apache2/msc_release.h | 6 +-- apache2/msc_reqbody.c | 6 +-- apache2/msc_util.c | 94 +++++++++++++++++++++++++++++++-- apache2/msc_util.h | 8 +-- apache2/msc_xml.c | 6 +-- apache2/msc_xml.h | 6 +-- apache2/persist_dbm.c | 6 +-- apache2/persist_dbm.h | 6 +-- apache2/re.c | 69 +++++++++++++++++++++--- apache2/re.h | 6 +-- apache2/re_actions.c | 72 ++++++++++++++++--------- apache2/re_operators.c | 13 +++-- apache2/re_tfns.c | 35 ++++++++++-- apache2/re_variables.c | 6 +-- apache2/utf8tables.h | 6 +-- ext/mod_op_strstr.c | 6 +-- ext/mod_reqbody_example.c | 6 +-- ext/mod_tfn_reverse.c | 6 +-- ext/mod_var_remote_addr_port.c | 6 +-- mlogc/mlogc-batch-load.pl.in | 6 +-- mlogc/mlogc.c | 10 ++-- tests/msc_test.c | 6 +-- 50 files changed, 550 insertions(+), 178 deletions(-) diff --git a/MODSECURITY_LICENSING_EXCEPTION b/MODSECURITY_LICENSING_EXCEPTION index 1e99ad2c..78ef0116 100644 --- a/MODSECURITY_LICENSING_EXCEPTION +++ b/MODSECURITY_LICENSING_EXCEPTION @@ -5,7 +5,7 @@ MODSECURITY LICENSING EXCEPTION Version 1.0, 29 July 2008 As a special exception ("Exception") to the terms and conditions of version 2 -of the GPL, Breach Security, Inc. hereby grants you the rights described +of the GPL, Trustwave Holdings, Inc. hereby grants you the rights described below, provided you agree to the terms and conditions in this Exception, including its obligations and restrictions on use. @@ -54,7 +54,7 @@ following conditions are met: If the above conditions are not met, then the Program may only be copied, modified, distributed or used under the terms and conditions of the GPLv2 -or another valid licensing option from Breach Security, Inc. +or another valid licensing option from Trustwave Holdings, Inc. FLOSS License List diff --git a/README.TXT b/README.TXT index d6ede95f..152a7619 100644 --- a/README.TXT +++ b/README.TXT @@ -1,5 +1,5 @@ ModSecurity for Apache 2.x, http://www.modsecurity.org/ -Copyright (c) 2004-2010 Breach Security, Inc. (http://www.breach.com/) +Copyright (c) 2004-2010 Trustwave Holdings, Inc. (http://www.trustwave.com/) ModSecurity for Apache is an open source product, released under terms of the General Public Licence, Version 2 (GPLv2). Please refer to the diff --git a/alp2/alp2.c b/alp2/alp2.c index f3797d0f..6046a0ac 100755 --- a/alp2/alp2.c +++ b/alp2/alp2.c @@ -1,6 +1,6 @@ /* * ModSecurity for Apache 2.x, http://www.modsecurity.org/ - * Copyright (c) 2004-2010 Breach Security, Inc. (http://www.breach.com/) + * Copyright (c) 2004-2010 Trustwave Holdings, Inc. (http://www.trustwave.com/) * * This product is released under the terms of the General Public Licence, * version 2 (GPLv2). Please refer to the file LICENSE (included with this @@ -12,8 +12,8 @@ * distribution. * * If any of the files related to licensing are missing or if you have any - * other questions related to licensing please contact Breach Security, Inc. - * directly using the email address support@breach.com. + * other questions related to licensing please contact Trustwave Holdings, Inc. + * directly using the email address support@trustwave.com. * */ diff --git a/alp2/alp2.h b/alp2/alp2.h index 30878107..40e381f6 100644 --- a/alp2/alp2.h +++ b/alp2/alp2.h @@ -1,6 +1,6 @@ /* * ModSecurity for Apache 2.x, http://www.modsecurity.org/ - * Copyright (c) 2004-2010 Breach Security, Inc. (http://www.breach.com/) + * Copyright (c) 2004-2010 Trustwave Holdings, Inc. (http://www.trustwave.com/) * * This product is released under the terms of the General Public Licence, * version 2 (GPLv2). Please refer to the file LICENSE (included with this @@ -12,8 +12,8 @@ * distribution. * * If any of the files related to licensing are missing or if you have any - * other questions related to licensing please contact Breach Security, Inc. - * directly using the email address support@breach.com. + * other questions related to licensing please contact Trustwave Holdings, Inc. + * directly using the email address support@trustwave.com. * */ diff --git a/alp2/alp2_pp.c b/alp2/alp2_pp.c index 853bb054..b9299f22 100755 --- a/alp2/alp2_pp.c +++ b/alp2/alp2_pp.c @@ -1,6 +1,6 @@ /* * ModSecurity for Apache 2.x, http://www.modsecurity.org/ - * Copyright (c) 2004-2010 Breach Security, Inc. (http://www.breach.com/) + * Copyright (c) 2004-2010 Trustwave Holdings, Inc. (http://www.trustwave.com/) * * This product is released under the terms of the General Public Licence, * version 2 (GPLv2). Please refer to the file LICENSE (included with this @@ -12,8 +12,8 @@ * distribution. * * If any of the files related to licensing are missing or if you have any - * other questions related to licensing please contact Breach Security, Inc. - * directly using the email address support@breach.com. + * other questions related to licensing please contact Trustwave Holdings, Inc. + * directly using the email address support@trustwave.com. * */ diff --git a/alp2/alp2_pp.h b/alp2/alp2_pp.h index 149477a1..7bbc21ff 100644 --- a/alp2/alp2_pp.h +++ b/alp2/alp2_pp.h @@ -1,6 +1,6 @@ /* * ModSecurity for Apache 2.x, http://www.modsecurity.org/ - * Copyright (c) 2004-2010 Breach Security, Inc. (http://www.breach.com/) + * Copyright (c) 2004-2010 Trustwave Holdings, Inc. (http://www.trustwave.com/) * * This product is released under the terms of the General Public Licence, * version 2 (GPLv2). Please refer to the file LICENSE (included with this @@ -12,8 +12,8 @@ * distribution. * * If any of the files related to licensing are missing or if you have any - * other questions related to licensing please contact Breach Security, Inc. - * directly using the email address support@breach.com. + * other questions related to licensing please contact Trustwave Holdings, Inc. + * directly using the email address support@trustwave.com. * */ diff --git a/apache2/acmp.c b/apache2/acmp.c index f52a48a5..a8fae4af 100644 --- a/apache2/acmp.c +++ b/apache2/acmp.c @@ -1,6 +1,6 @@ /* * ModSecurity for Apache 2.x, http://www.modsecurity.org/ - * Copyright (c) 2004-2010 Breach Security, Inc. (http://www.breach.com/) + * Copyright (c) 2004-2010 Trustwave Holdings, Inc. (http://www.trustwave.com/) * * This product is released under the terms of the General Public Licence, * version 2 (GPLv2). Please refer to the file LICENSE (included with this @@ -12,8 +12,8 @@ * distribution. * * If any of the files related to licensing are missing or if you have any - * other questions related to licensing please contact Breach Security, Inc. - * directly using the email address support@breach.com. + * other questions related to licensing please contact Trustwave Holdings, Inc. + * directly using the email address support@trustwave.com. * */ diff --git a/apache2/acmp.h b/apache2/acmp.h index c4652223..dcd473d9 100644 --- a/apache2/acmp.h +++ b/apache2/acmp.h @@ -1,6 +1,6 @@ /* * ModSecurity for Apache 2.x, http://www.modsecurity.org/ - * Copyright (c) 2004-2010 Breach Security, Inc. (http://www.breach.com/) + * Copyright (c) 2004-2010 Trustwave Holdings, Inc. (http://www.trustwave.com/) * * This product is released under the terms of the General Public Licence, * version 2 (GPLv2). Please refer to the file LICENSE (included with this @@ -12,8 +12,8 @@ * distribution. * * If any of the files related to licensing are missing or if you have any - * other questions related to licensing please contact Breach Security, Inc. - * directly using the email address support@breach.com. + * other questions related to licensing please contact Trustwave Holdings, Inc. + * directly using the email address support@trustwave.com. * */ #ifndef ACMP_H_ diff --git a/apache2/apache2.h b/apache2/apache2.h index 511deed1..024ab4c1 100644 --- a/apache2/apache2.h +++ b/apache2/apache2.h @@ -1,6 +1,6 @@ /* * ModSecurity for Apache 2.x, http://www.modsecurity.org/ - * Copyright (c) 2004-2010 Breach Security, Inc. (http://www.breach.com/) + * Copyright (c) 2004-2010 Trustwave Holdings, Inc. (http://www.trustwave.com/) * * This product is released under the terms of the General Public Licence, * version 2 (GPLv2). Please refer to the file LICENSE (included with this @@ -12,8 +12,8 @@ * distribution. * * If any of the files related to licensing are missing or if you have any - * other questions related to licensing please contact Breach Security, Inc. - * directly using the email address support@breach.com. + * other questions related to licensing please contact Trustwave Holdings, Inc. + * directly using the email address support@trustwave.com. * */ #ifndef _APACHE2_H_ diff --git a/apache2/apache2_config.c b/apache2/apache2_config.c index a5b42c93..b4f3c207 100644 --- a/apache2/apache2_config.c +++ b/apache2/apache2_config.c @@ -1,6 +1,6 @@ /* * ModSecurity for Apache 2.x, http://www.modsecurity.org/ - * Copyright (c) 2004-2010 Breach Security, Inc. (http://www.breach.com/) + * Copyright (c) 2004-2010 Trustwave Holdings, Inc. (http://www.trustwave.com/) * * This product is released under the terms of the General Public Licence, * version 2 (GPLv2). Please refer to the file LICENSE (included with this @@ -605,6 +605,12 @@ static const char *add_rule(cmd_parms *cmd, directory_config *dcfg, int type, "be specified by chain starter rules."); } + /* Must NOT specify a skipafter action. */ + if (rule->actionset->skip_after != NOT_SET_P) { + return apr_psprintf(cmd->pool, "ModSecurity: SkipAfter actions can only " + "be specified by chain starter rules."); + } + /* Must NOT specify a phase. */ if (rule->actionset->phase != NOT_SET) { return apr_psprintf(cmd->pool, "ModSecurity: Execution phases can only be " diff --git a/apache2/apache2_io.c b/apache2/apache2_io.c index 1438590d..1e605c96 100644 --- a/apache2/apache2_io.c +++ b/apache2/apache2_io.c @@ -1,6 +1,6 @@ /* * ModSecurity for Apache 2.x, http://www.modsecurity.org/ - * Copyright (c) 2004-2010 Breach Security, Inc. (http://www.breach.com/) + * Copyright (c) 2004-2010 Trustwave Holdings, Inc. (http://www.trustwave.com/) * * This product is released under the terms of the General Public Licence, * version 2 (GPLv2). Please refer to the file LICENSE (included with this @@ -12,8 +12,8 @@ * distribution. * * If any of the files related to licensing are missing or if you have any - * other questions related to licensing please contact Breach Security, Inc. - * directly using the email address support@breach.com. + * other questions related to licensing please contact Trustwave Holdings, Inc. + * directly using the email address support@trustwave.com. * */ #include diff --git a/apache2/apache2_util.c b/apache2/apache2_util.c index 870e641d..0c89bc2e 100644 --- a/apache2/apache2_util.c +++ b/apache2/apache2_util.c @@ -1,6 +1,6 @@ /* * ModSecurity for Apache 2.x, http://www.modsecurity.org/ - * Copyright (c) 2004-2010 Breach Security, Inc. (http://www.breach.com/) + * Copyright (c) 2004-2010 Trustwave Holdings, Inc. (http://www.trustwave.com/) * * This product is released under the terms of the General Public Licence, * version 2 (GPLv2). Please refer to the file LICENSE (included with this @@ -12,8 +12,8 @@ * distribution. * * If any of the files related to licensing are missing or if you have any - * other questions related to licensing please contact Breach Security, Inc. - * directly using the email address support@breach.com. + * other questions related to licensing please contact Trustwave Holdings, Inc. + * directly using the email address support@trustwave.com. * */ #include "modsecurity.h" diff --git a/apache2/mod_security2.c b/apache2/mod_security2.c index d14b2f44..1f067632 100644 --- a/apache2/mod_security2.c +++ b/apache2/mod_security2.c @@ -1,6 +1,6 @@ /* * ModSecurity for Apache 2.x, http://www.modsecurity.org/ - * Copyright (c) 2004-2010 Breach Security, Inc. (http://www.breach.com/) + * Copyright (c) 2004-2010 Trustwave Holdings, Inc. (http://www.trustwave.com/) * * This product is released under the terms of the General Public Licence, * version 2 (GPLv2). Please refer to the file LICENSE (included with this @@ -12,8 +12,8 @@ * distribution. * * If any of the files related to licensing are missing or if you have any - * other questions related to licensing please contact Breach Security, Inc. - * directly using the email address support@breach.com. + * other questions related to licensing please contact Trustwave Holdings, Inc. + * directly using the email address support@trustwave.com. * */ #include @@ -31,6 +31,8 @@ #include "msc_logging.h" #include "msc_util.h" +#include "ap_mpm.h" +#include "scoreboard.h" /* ModSecurity structure */ @@ -56,6 +58,15 @@ unsigned long int DSOLOCAL msc_pcre_match_limit = 0; unsigned long int DSOLOCAL msc_pcre_match_limit_recursion = 0; +unsigned long int DSOLOCAL conn_read_state_limit = 0; + +static int server_limit, thread_limit; + +typedef struct { + int child_num; + int thread_num; +} sb_handle; + /* -- Miscellaneous functions -- */ /** @@ -1101,6 +1112,60 @@ static void modsec_register_operator(const char *name, void *fn_init, void *fn_e } } +/* +* \brief Connetion hook to limit the number of +* connections in BUSY state +* +* \param conn Pointer to connection struct +* +* \retval DECLINED On failure +* \retval OK On Success +*/ +static int hook_connection_early(conn_rec *conn) +{ + sb_handle *sb = conn->sbh; + int i, j; + unsigned long int ip_count = 0; + worker_score *ws_record = NULL; + + if(sb != NULL && conn_read_state_limit > 0) { + + ws_record = &ap_scoreboard_image->servers[sb->child_num][sb->thread_num]; + if(ws_record == NULL) + return DECLINED; + + apr_cpystrn(ws_record->client, conn->remote_ip, sizeof(ws_record->client)); + for (i = 0; i < server_limit; ++i) { + for (j = 0; j < thread_limit; ++j) { + + ws_record = ap_get_scoreboard_worker(i, j); + + if(ws_record == NULL) + return DECLINED; + + switch (ws_record->status) { + case SERVER_BUSY_READ: + if (strcmp(conn->remote_ip, ws_record->client) == 0) + ip_count++; + break; + default: + break; + } + } + } + + if (ip_count > conn_read_state_limit) { + ap_log_error(APLOG_MARK, APLOG_WARNING, 0, NULL, "ModSecurity: Access denied with code 400. Too many threads [%ld] of %ld allowed in READ state from %s - Possible DoS Consumption Attack [Rejected]", ip_count,conn_read_state_limit,conn->remote_ip); + return OK; + } else { + return DECLINED; + } + } + + return DECLINED; +} + + /** * This function is exported for other Apache modules to * register new variables. @@ -1191,6 +1256,10 @@ static void register_hooks(apr_pool_t *mp) { APR_REGISTER_OPTIONAL_FN(modsec_register_reqbody_processor); #endif + /* For connection level hook */ + ap_mpm_query(AP_MPMQ_HARD_LIMIT_THREADS, &thread_limit); + ap_mpm_query(AP_MPMQ_HARD_LIMIT_DAEMONS, &server_limit); + /* Main hooks */ ap_hook_pre_config(hook_pre_config, NULL, NULL, APR_HOOK_FIRST); ap_hook_post_config(hook_post_config, postconfig_beforeme_list, @@ -1201,6 +1270,9 @@ static void register_hooks(apr_pool_t *mp) { * // ap_hook_handler(hook_handler, NULL, NULL, APR_HOOK_MIDDLE); */ + /* Connection processing hooks */ + ap_hook_process_connection(hook_connection_early, NULL, NULL, APR_HOOK_FIRST); + /* Transaction processing hooks */ ap_hook_post_read_request(hook_request_early, postread_beforeme_list, postread_afterme_list, APR_HOOK_REALLY_FIRST); diff --git a/apache2/modsecurity.c b/apache2/modsecurity.c index 8d988e66..8f81da1e 100644 --- a/apache2/modsecurity.c +++ b/apache2/modsecurity.c @@ -1,6 +1,6 @@ /* * ModSecurity for Apache 2.x, http://www.modsecurity.org/ - * Copyright (c) 2004-2010 Breach Security, Inc. (http://www.breach.com/) + * Copyright (c) 2004-2010 Trustwave Holdings, Inc. (http://www.trustwave.com/) * * This product is released under the terms of the General Public Licence, * version 2 (GPLv2). Please refer to the file LICENSE (included with this @@ -12,8 +12,8 @@ * distribution. * * If any of the files related to licensing are missing or if you have any - * other questions related to licensing please contact Breach Security, Inc. - * directly using the email address support@breach.com. + * other questions related to licensing please contact Trustwave Holdings, Inc. + * directly using the email address support@trustwave.com. * */ #include @@ -133,6 +133,19 @@ int modsecurity_init(msc_engine *msce, apr_pool_t *mp) { } #endif + rc = apr_global_mutex_create(&msce->geo_lock, NULL, APR_LOCK_DEFAULT, mp); + if (rc != APR_SUCCESS) { + return -1; + } + + #ifdef __SET_MUTEX_PERMS + rc = unixd_set_global_mutex_perms(msce->geo_lock); + if (rc != APR_SUCCESS) { + return -1; + } + #endif + + return 1; } @@ -149,6 +162,14 @@ void modsecurity_child_init(msc_engine *msce) { // ap_log_error(APLOG_MARK, APLOG_ERR, rs, s, "Failed to child-init auditlog mutex"); } } + + if (msce->geo_lock != NULL) { + apr_status_t rc = apr_global_mutex_child_init(&msce->geo_lock, NULL, msce->mp); + if (rc != APR_SUCCESS) { + // ap_log_error(APLOG_MARK, APLOG_ERR, rs, s, "Failed to child-init geo mutex"); + } + } + } /** diff --git a/apache2/modsecurity.h b/apache2/modsecurity.h index 623fa662..cb357cf1 100644 --- a/apache2/modsecurity.h +++ b/apache2/modsecurity.h @@ -1,6 +1,6 @@ /* * ModSecurity for Apache 2.x, http://www.modsecurity.org/ - * Copyright (c) 2004-2010 Breach Security, Inc. (http://www.breach.com/) + * Copyright (c) 2004-2010 Trustwave Holdings, Inc. (http://www.trustwave.com/) * * This product is released under the terms of the General Public Licence, * version 2 (GPLv2). Please refer to the file LICENSE (included with this @@ -12,8 +12,8 @@ * distribution. * * If any of the files related to licensing are missing or if you have any - * other questions related to licensing please contact Breach Security, Inc. - * directly using the email address support@breach.com. + * other questions related to licensing please contact Trustwave Holdings, Inc. + * directly using the email address support@trustwave.com. * */ #ifndef _MODSECURITY_H_ @@ -132,6 +132,8 @@ extern DSOLOCAL unsigned long int msc_pcre_match_limit; extern DSOLOCAL unsigned long int msc_pcre_match_limit_recursion; +extern DSOLOCAL unsigned long int conn_read_state_limit; + #define RESBODY_STATUS_NOT_READ 0 /* we were not configured to read the body */ #define RESBODY_STATUS_ERROR 1 /* error occured while we were reading the body */ #define RESBODY_STATUS_PARTIAL 2 /* partial body content available in the brigade */ @@ -496,6 +498,7 @@ struct error_message { struct msc_engine { apr_pool_t *mp; apr_global_mutex_t *auditlog_lock; + apr_global_mutex_t *geo_lock; msre_engine *msre; unsigned int processing_mode; }; diff --git a/apache2/msc_geo.c b/apache2/msc_geo.c index 7909e86f..061340db 100644 --- a/apache2/msc_geo.c +++ b/apache2/msc_geo.c @@ -1,6 +1,6 @@ /* * ModSecurity for Apache 2.x, http://www.modsecurity.org/ - * Copyright (c) 2004-2010 Breach Security, Inc. (http://www.breach.com/) + * Copyright (c) 2004-2010 Trustwave Holdings, Inc. (http://www.trustwave.com/) * * This product is released under the terms of the General Public Licence, * version 2 (GPLv2). Please refer to the file LICENSE (included with this @@ -12,8 +12,8 @@ * distribution. * * If any of the files related to licensing are missing or if you have any - * other questions related to licensing please contact Breach Security, Inc. - * directly using the email address support@breach.com. + * other questions related to licensing please contact Trustwave Holdings, Inc. + * directly using the email address support@trustwave.com. * */ #include "msc_geo.h" @@ -287,6 +287,7 @@ int geo_lookup(modsec_rec *msr, geo_rec *georec, const char *target, char **erro apr_size_t nbytes; unsigned int rec_val = 0; apr_off_t seekto = 0; + apr_status_t ret; int rc; int country = 0; int level; @@ -332,6 +333,12 @@ int geo_lookup(modsec_rec *msr, geo_rec *georec, const char *target, char **erro msr_log(msr, 9, "GEO: Using address \"%s\" (0x%08lx).", targetip, ipnum); } + ret = apr_global_mutex_lock(msr->modsecurity->geo_lock); + if (ret != APR_SUCCESS) { + msr_log(msr, 1, "Geo Lookup: Failed to lock proc mutex: %s", + get_apr_error(msr->mp, ret)); + } + for (level = 31; level >= 0; level--) { /* Read the record */ seekto = 2 * reclen * rec_val; @@ -365,6 +372,13 @@ int geo_lookup(modsec_rec *msr, geo_rec *georec, const char *target, char **erro if ((country <= 0) || (country > GEO_COUNTRY_LAST)) { *error_msg = apr_psprintf(msr->mp, "No geo data for \"%s\" (country %d).", log_escape(msr->mp, target), country); msr_log(msr, 4, "%s", *error_msg); + + ret = apr_global_mutex_unlock(msr->modsecurity->geo_lock); + if (ret != APR_SUCCESS) { + msr_log(msr, 1, "Geo Lookup: Failed to lock proc mutex: %s", + get_apr_error(msr->mp, ret)); + } + return 0; } @@ -389,6 +403,13 @@ int geo_lookup(modsec_rec *msr, geo_rec *georec, const char *target, char **erro if ((country <= 0) || (country > GEO_COUNTRY_LAST)) { *error_msg = apr_psprintf(msr->mp, "No geo data for \"%s\" (country %d).", log_escape(msr->mp, target), country); msr_log(msr, 4, "%s", *error_msg); + + ret = apr_global_mutex_unlock(msr->modsecurity->geo_lock); + if (ret != APR_SUCCESS) { + msr_log(msr, 1, "Geo Lookup: Failed to lock proc mutex: %s", + get_apr_error(msr->mp, ret)); + } + return 0; } if (msr->txcfg->debuglog_level >= 9) { @@ -477,6 +498,13 @@ int geo_lookup(modsec_rec *msr, geo_rec *georec, const char *target, char **erro } *error_msg = apr_psprintf(msr->mp, "Geo lookup for \"%s\" succeeded.", log_escape(msr->mp, target)); + + ret = apr_global_mutex_unlock(msr->modsecurity->geo_lock); + if (ret != APR_SUCCESS) { + msr_log(msr, 1, "Geo Lookup: Failed to lock proc mutex: %s", + get_apr_error(msr->mp, ret)); + } + return 1; } diff --git a/apache2/msc_geo.h b/apache2/msc_geo.h index 26bee2ef..e97d5a1a 100644 --- a/apache2/msc_geo.h +++ b/apache2/msc_geo.h @@ -1,6 +1,6 @@ /* * ModSecurity for Apache 2.x, http://www.modsecurity.org/ - * Copyright (c) 2004-2010 Breach Security, Inc. (http://www.breach.com/) + * Copyright (c) 2004-2010 Trustwave Holdings, Inc. (http://www.trustwave.com/) * * This product is released under the terms of the General Public Licence, * version 2 (GPLv2). Please refer to the file LICENSE (included with this @@ -12,8 +12,8 @@ * distribution. * * If any of the files related to licensing are missing or if you have any - * other questions related to licensing please contact Breach Security, Inc. - * directly using the email address support@breach.com. + * other questions related to licensing please contact Trustwave Holdings, Inc. + * directly using the email address support@trustwave.com. * */ #ifndef _MSC_GEO_H_ diff --git a/apache2/msc_logging.c b/apache2/msc_logging.c index 5af1e6f1..059a4270 100644 --- a/apache2/msc_logging.c +++ b/apache2/msc_logging.c @@ -1,6 +1,6 @@ /* * ModSecurity for Apache 2.x, http://www.modsecurity.org/ - * Copyright (c) 2004-2010 Breach Security, Inc. (http://www.breach.com/) + * Copyright (c) 2004-2010 Trustwave Holdings, Inc. (http://www.trustwave.com/) * * This product is released under the terms of the General Public Licence, * version 2 (GPLv2). Please refer to the file LICENSE (included with this @@ -12,8 +12,8 @@ * distribution. * * If any of the files related to licensing are missing or if you have any - * other questions related to licensing please contact Breach Security, Inc. - * directly using the email address support@breach.com. + * other questions related to licensing please contact Trustwave Holdings, Inc. + * directly using the email address support@trustwave.com. * */ diff --git a/apache2/msc_logging.h b/apache2/msc_logging.h index ee9b399d..f0abb091 100644 --- a/apache2/msc_logging.h +++ b/apache2/msc_logging.h @@ -1,6 +1,6 @@ /* * ModSecurity for Apache 2.x, http://www.modsecurity.org/ - * Copyright (c) 2004-2010 Breach Security, Inc. (http://www.breach.com/) + * Copyright (c) 2004-2010 Trustwave Holdings, Inc. (http://www.trustwave.com/) * * This product is released under the terms of the General Public Licence, * version 2 (GPLv2). Please refer to the file LICENSE (included with this @@ -12,8 +12,8 @@ * distribution. * * If any of the files related to licensing are missing or if you have any - * other questions related to licensing please contact Breach Security, Inc. - * directly using the email address support@breach.com. + * other questions related to licensing please contact Trustwave Holdings, Inc. + * directly using the email address support@trustwave.com. * */ #ifndef _MSC_LOGGING_H_ diff --git a/apache2/msc_lua.c b/apache2/msc_lua.c index c278c9df..1a09c4e4 100644 --- a/apache2/msc_lua.c +++ b/apache2/msc_lua.c @@ -1,6 +1,6 @@ /* * ModSecurity for Apache 2.x, http://www.modsecurity.org/ - * Copyright (c) 2004-2010 Breach Security, Inc. (http://www.breach.com/) + * Copyright (c) 2004-2010 Trustwave Holdings, Inc. (http://www.trustwave.com/) * * This product is released under the terms of the General Public Licence, * version 2 (GPLv2). Please refer to the file LICENSE (included with this @@ -12,8 +12,8 @@ * distribution. * * If any of the files related to licensing are missing or if you have any - * other questions related to licensing please contact Breach Security, Inc. - * directly using the email address support@breach.com. + * other questions related to licensing please contact Trustwave Holdings, Inc. + * directly using the email address support@trustwave.com. * */ #if defined(WITH_LUA) @@ -337,10 +337,57 @@ static int l_getvars(lua_State *L) { return 1; } +/* +* \brief New setvar function for Lua API. Users can put back +* data in modsecurity core via new variables +* +* \param L Pointer to Lua state +* +* \retval -1 On failure +* \retval 0 On Collection failure +* \retval 1 On Success +*/ +static int l_setvar(lua_State *L) { + modsec_rec *msr = NULL; + msre_rule *rule = NULL; + const char *var_value = NULL; + const char *var_name = NULL; + int nargs = lua_gettop(L); + char *chr = NULL; + + lua_getglobal(L, "__msr"); + msr = (modsec_rec *)lua_topointer(L, -1); + + lua_getglobal(L, "__rule"); + rule = (msre_rule *)lua_topointer(L, -1); + + if(nargs != 2) { + msr_log(msr, 8, "m.setvar: Failed m.setvar funtion must has 2 arguments"); + return -1; + } + var_value = luaL_checkstring (L, 2); + var_name = luaL_checkstring (L, 1); + + lua_pop(L,2); + + if(var_value == NULL || var_name == NULL) + return -1; + + chr = strchr((char *)var_name,0x2e); + + if(chr == NULL) { + msr_log(msr, 8, "m.setvar: Must specify a collection using dot character - ie m.setvar(tx.myvar,mydata)"); + return -1; + } + + return msre_action_setvar_execute(msr,msr->msc_rule_mptmp,rule,(char *)var_name,(char *)var_value); +} + static const struct luaL_Reg mylib[] = { { "log", l_log }, { "getvar", l_getvar }, { "getvars", l_getvars }, + { "setvar", l_setvar }, { NULL, NULL } }; diff --git a/apache2/msc_lua.h b/apache2/msc_lua.h index 04e72556..cd60e17a 100644 --- a/apache2/msc_lua.h +++ b/apache2/msc_lua.h @@ -1,6 +1,6 @@ /* * ModSecurity for Apache 2.x, http://www.modsecurity.org/ - * Copyright (c) 2004-2010 Breach Security, Inc. (http://www.breach.com/) + * Copyright (c) 2004-2010 Trustwave Holdings, Inc. (http://www.trustwave.com/) * * This product is released under the terms of the General Public Licence, * version 2 (GPLv2). Please refer to the file LICENSE (included with this @@ -12,8 +12,8 @@ * distribution. * * If any of the files related to licensing are missing or if you have any - * other questions related to licensing please contact Breach Security, Inc. - * directly using the email address support@breach.com. + * other questions related to licensing please contact Trustwave Holdings, Inc. + * directly using the email address support@trustwave.com. * */ #if defined(WITH_LUA) diff --git a/apache2/msc_multipart.c b/apache2/msc_multipart.c index 004b4528..343dda5b 100644 --- a/apache2/msc_multipart.c +++ b/apache2/msc_multipart.c @@ -1,6 +1,6 @@ /* * ModSecurity for Apache 2.x, http://www.modsecurity.org/ - * Copyright (c) 2004-2010 Breach Security, Inc. (http://www.breach.com/) + * Copyright (c) 2004-2010 Trustwave Holdings, Inc. (http://www.trustwave.com/) * * This product is released under the terms of the General Public Licence, * version 2 (GPLv2). Please refer to the file LICENSE (included with this @@ -12,8 +12,8 @@ * distribution. * * If any of the files related to licensing are missing or if you have any - * other questions related to licensing please contact Breach Security, Inc. - * directly using the email address support@breach.com. + * other questions related to licensing please contact Trustwave Holdings, Inc. + * directly using the email address support@trustwave.com. * */ #include "modsecurity_config.h" diff --git a/apache2/msc_multipart.h b/apache2/msc_multipart.h index ac28ee59..9321acbc 100644 --- a/apache2/msc_multipart.h +++ b/apache2/msc_multipart.h @@ -1,6 +1,6 @@ /* * ModSecurity for Apache 2.x, http://www.modsecurity.org/ - * Copyright (c) 2004-2010 Breach Security, Inc. (http://www.breach.com/) + * Copyright (c) 2004-2010 Trustwave Holdings, Inc. (http://www.trustwave.com/) * * This product is released under the terms of the General Public Licence, * version 2 (GPLv2). Please refer to the file LICENSE (included with this @@ -12,8 +12,8 @@ * distribution. * * If any of the files related to licensing are missing or if you have any - * other questions related to licensing please contact Breach Security, Inc. - * directly using the email address support@breach.com. + * other questions related to licensing please contact Trustwave Holdings, Inc. + * directly using the email address support@trustwave.com. * */ #ifndef _MSC_MULTIPART_H_ diff --git a/apache2/msc_parsers.c b/apache2/msc_parsers.c index c61ebc25..83736f62 100644 --- a/apache2/msc_parsers.c +++ b/apache2/msc_parsers.c @@ -1,6 +1,6 @@ /* * ModSecurity for Apache 2.x, http://www.modsecurity.org/ - * Copyright (c) 2004-2010 Breach Security, Inc. (http://www.breach.com/) + * Copyright (c) 2004-2010 Trustwave Holdings, Inc. (http://www.trustwave.com/) * * This product is released under the terms of the General Public Licence, * version 2 (GPLv2). Please refer to the file LICENSE (included with this @@ -12,8 +12,8 @@ * distribution. * * If any of the files related to licensing are missing or if you have any - * other questions related to licensing please contact Breach Security, Inc. - * directly using the email address support@breach.com. + * other questions related to licensing please contact Trustwave Holdings, Inc. + * directly using the email address support@trustwave.com. * */ #include "msc_parsers.h" diff --git a/apache2/msc_parsers.h b/apache2/msc_parsers.h index a5dac5b6..30ff6bca 100644 --- a/apache2/msc_parsers.h +++ b/apache2/msc_parsers.h @@ -1,6 +1,6 @@ /* * ModSecurity for Apache 2.x, http://www.modsecurity.org/ - * Copyright (c) 2004-2010 Breach Security, Inc. (http://www.breach.com/) + * Copyright (c) 2004-2010 Trustwave Holdings, Inc. (http://www.trustwave.com/) * * This product is released under the terms of the General Public Licence, * version 2 (GPLv2). Please refer to the file LICENSE (included with this @@ -12,8 +12,8 @@ * distribution. * * If any of the files related to licensing are missing or if you have any - * other questions related to licensing please contact Breach Security, Inc. - * directly using the email address support@breach.com. + * other questions related to licensing please contact Trustwave Holdings, Inc. + * directly using the email address support@trustwave.com. * */ #ifndef _MSC_PARSERS_H_ diff --git a/apache2/msc_pcre.c b/apache2/msc_pcre.c index 84f63801..32cce44a 100644 --- a/apache2/msc_pcre.c +++ b/apache2/msc_pcre.c @@ -1,6 +1,6 @@ /* * ModSecurity for Apache 2.x, http://www.modsecurity.org/ - * Copyright (c) 2004-2010 Breach Security, Inc. (http://www.breach.com/) + * Copyright (c) 2004-2010 Trustwave Holdings, Inc. (http://www.trustwave.com/) * * This product is released under the terms of the General Public Licence, * version 2 (GPLv2). Please refer to the file LICENSE (included with this @@ -12,8 +12,8 @@ * distribution. * * If any of the files related to licensing are missing or if you have any - * other questions related to licensing please contact Breach Security, Inc. - * directly using the email address support@breach.com. + * other questions related to licensing please contact Trustwave Holdings, Inc. + * directly using the email address support@trustwave.com. * */ #include "msc_pcre.h" diff --git a/apache2/msc_pcre.h b/apache2/msc_pcre.h index 63a8f8c5..a8c2e18a 100644 --- a/apache2/msc_pcre.h +++ b/apache2/msc_pcre.h @@ -1,6 +1,6 @@ /* * ModSecurity for Apache 2.x, http://www.modsecurity.org/ - * Copyright (c) 2004-2010 Breach Security, Inc. (http://www.breach.com/) + * Copyright (c) 2004-2010 Trustwave Holdings, Inc. (http://www.trustwave.com/) * * This product is released under the terms of the General Public Licence, * version 2 (GPLv2). Please refer to the file LICENSE (included with this @@ -12,8 +12,8 @@ * distribution. * * If any of the files related to licensing are missing or if you have any - * other questions related to licensing please contact Breach Security, Inc. - * directly using the email address support@breach.com. + * other questions related to licensing please contact Trustwave Holdings, Inc. + * directly using the email address support@trustwave.com. * */ #ifndef _MSC_PCRE_H_ diff --git a/apache2/msc_release.c b/apache2/msc_release.c index 2ce72334..97160d8d 100644 --- a/apache2/msc_release.c +++ b/apache2/msc_release.c @@ -1,6 +1,6 @@ /* * ModSecurity for Apache 2.x, http://www.modsecurity.org/ - * Copyright (c) 2004-2010 Breach Security, Inc. (http://www.breach.com/) + * Copyright (c) 2004-2010 Trustwave Holdings, Inc. (http://www.trustwave.com/) * * This product is released under the terms of the General Public Licence, * version 2 (GPLv2). Please refer to the file LICENSE (included with this @@ -12,8 +12,8 @@ * distribution. * * If any of the files related to licensing are missing or if you have any - * other questions related to licensing please contact Breach Security, Inc. - * directly using the email address support@breach.com. + * other questions related to licensing please contact Trustwave Holdings, Inc. + * directly using the email address support@trustwave.com. * */ @@ -23,7 +23,7 @@ modsec_build_type_rec modsec_build_type[] = { { "-dev", 1 }, /* Development build */ { "-rc", 3 }, /* Release Candidate build */ { "", 9 }, /* Production build */ - { "-breach", 9 }, /* Breach build */ + { "-tw", 9 }, /* Truswave Holdings build */ { "-trunk", 9 }, /* Trunk build */ { NULL, -1 } /* terminator */ }; diff --git a/apache2/msc_release.h b/apache2/msc_release.h index dc4a0388..a8dc772d 100644 --- a/apache2/msc_release.h +++ b/apache2/msc_release.h @@ -1,6 +1,6 @@ /* * ModSecurity for Apache 2.x, http://www.modsecurity.org/ - * Copyright (c) 2004-2010 Breach Security, Inc. (http://www.breach.com/) + * Copyright (c) 2004-2010 Trustwave Holdings, Inc. (http://www.trustwave.com/) * * This product is released under the terms of the General Public Licence, * version 2 (GPLv2). Please refer to the file LICENSE (included with this @@ -12,8 +12,8 @@ * distribution. * * If any of the files related to licensing are missing or if you have any - * other questions related to licensing please contact Breach Security, Inc. - * directly using the email address support@breach.com. + * other questions related to licensing please contact Trustwave Holdings, Inc. + * directly using the email address support@trustwave.com. * */ #ifndef _MSC_RELEASE_H_ diff --git a/apache2/msc_reqbody.c b/apache2/msc_reqbody.c index 9f40268b..fe5b46bc 100644 --- a/apache2/msc_reqbody.c +++ b/apache2/msc_reqbody.c @@ -1,6 +1,6 @@ /* * ModSecurity for Apache 2.x, http://www.modsecurity.org/ - * Copyright (c) 2004-2010 Breach Security, Inc. (http://www.breach.com/) + * Copyright (c) 2004-2010 Trustwave Holdings, Inc. (http://www.trustwave.com/) * * This product is released under the terms of the General Public Licence, * version 2 (GPLv2). Please refer to the file LICENSE (included with this @@ -12,8 +12,8 @@ * distribution. * * If any of the files related to licensing are missing or if you have any - * other questions related to licensing please contact Breach Security, Inc. - * directly using the email address support@breach.com. + * other questions related to licensing please contact Trustwave Holdings, Inc. + * directly using the email address support@trustwave.com. * */ #include "modsecurity.h" diff --git a/apache2/msc_util.c b/apache2/msc_util.c index 576e25a9..7857cdcf 100644 --- a/apache2/msc_util.c +++ b/apache2/msc_util.c @@ -1,6 +1,6 @@ /* * ModSecurity for Apache 2.x, http://www.modsecurity.org/ - * Copyright (c) 2004-2010 Breach Security, Inc. (http://www.breach.com/) + * Copyright (c) 2004-2010 Trustwave Holdings, Inc. (http://www.trustwave.com/) * * This product is released under the terms of the General Public Licence, * version 2 (GPLv2). Please refer to the file LICENSE (included with this @@ -12,8 +12,8 @@ * distribution. * * If any of the files related to licensing are missing or if you have any - * other questions related to licensing please contact Breach Security, Inc. - * directly using the email address support@breach.com. + * other questions related to licensing please contact Trustwave Holdings, Inc. + * directly using the email address support@trustwave.com. * */ #include "modsecurity_config.h" @@ -52,6 +52,28 @@ #define S_ISUID 04000 #endif /* defined(WIN32 || NETWARE) */ +/* Base64 tables used in decodeBase64Ext */ +static const char b64_pad = '='; + +static const short b64_reverse_t[256] = { + -2, -2, -2, -2, -2, -2, -2, -2, -2, -1, -1, -2, -2, -1, -2, -2, + -2, -2, -2, -2, -2, -2, -2, -2, -2, -2, -2, -2, -2, -2, -2, -2, + -1, -2, -2, -2, -2, -2, -2, -2, -2, -2, -2, 62, -2, -2, -2, 63, + 52, 53, 54, 55, 56, 57, 58, 59, 60, 61, -2, -2, -2, -2, -2, -2, + -2, 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, + 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, -2, -2, -2, -2, -2, + -2, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, + 41, 42, 43, 44, 45, 46, 47, 48, 49, 50, 51, -2, -2, -2, -2, -2, + -2, -2, -2, -2, -2, -2, -2, -2, -2, -2, -2, -2, -2, -2, -2, -2, + -2, -2, -2, -2, -2, -2, -2, -2, -2, -2, -2, -2, -2, -2, -2, -2, + -2, -2, -2, -2, -2, -2, -2, -2, -2, -2, -2, -2, -2, -2, -2, -2, + -2, -2, -2, -2, -2, -2, -2, -2, -2, -2, -2, -2, -2, -2, -2, -2, + -2, -2, -2, -2, -2, -2, -2, -2, -2, -2, -2, -2, -2, -2, -2, -2, + -2, -2, -2, -2, -2, -2, -2, -2, -2, -2, -2, -2, -2, -2, -2, -2, + -2, -2, -2, -2, -2, -2, -2, -2, -2, -2, -2, -2, -2, -2, -2, -2, + -2, -2, -2, -2, -2, -2, -2, -2, -2, -2, -2, -2, -2, -2, -2, -2 +}; + /** * */ @@ -67,6 +89,72 @@ int parse_boolean(const char *input) { return -1; } +/* \brief Decode Base64 data with special chars +* +* \param plain_text Pointer to plain text data +* \param input Pointer to input data +* \param input_len Input data length +* +* \retval 0 On failure +* \retval string length On Success +*/ +int decode_base64_ext(char *plain_text, const char *input, int input_len) +{ + const char *encoded = input; + int i = 0, j = 0, k = 0; + int ch = 0; + + while ((ch = *encoded++) != '\0' && input_len-- > 0) { + if (ch == b64_pad) { + if (*encoded != '=' && (i % 4) == 1) { + return 0; + } + continue; + } + + ch = b64_reverse_t[ch]; + if (ch < 0 || ch == -1) { + continue; + } else if (ch == -2) { + return 0; + } + switch(i % 4) { + case 0: + plain_text[j] = ch << 2; + break; + case 1: + plain_text[j++] |= ch >> 4; + plain_text[j] = (ch & 0x0f) << 4; + break; + case 2: + plain_text[j++] |= ch >>2; + plain_text[j] = (ch & 0x03) << 6; + break; + case 3: + plain_text[j++] |= ch; + break; + } + i++; + } + + k = j; + if (ch == b64_pad) { + switch(i % 4) { + case 1: + return 0; + case 2: + k++; + case 3: + plain_text[k] = 0; + } + } + + plain_text[j] = '\0'; + + return j; +} + + /** * Parses a string that contains a name-value pair in the form "name=value". * IMP1 It does not check for whitespace between tokens. diff --git a/apache2/msc_util.h b/apache2/msc_util.h index 9a34bce5..e89742dc 100644 --- a/apache2/msc_util.h +++ b/apache2/msc_util.h @@ -1,6 +1,6 @@ /* * ModSecurity for Apache 2.x, http://www.modsecurity.org/ - * Copyright (c) 2004-2010 Breach Security, Inc. (http://www.breach.com/) + * Copyright (c) 2004-2010 Trustwave Holdings, Inc. (http://www.trustwave.com/) * * This product is released under the terms of the General Public Licence, * version 2 (GPLv2). Please refer to the file LICENSE (included with this @@ -12,8 +12,8 @@ * distribution. * * If any of the files related to licensing are missing or if you have any - * other questions related to licensing please contact Breach Security, Inc. - * directly using the email address support@breach.com. + * other questions related to licensing please contact Trustwave Holdings, Inc. + * directly using the email address support@trustwave.com. * */ #ifndef _UTIL_H_ @@ -90,6 +90,8 @@ char DSOLOCAL *log_escape_nul(apr_pool_t *mp, const unsigned char *text, unsigne char DSOLOCAL *_log_escape(apr_pool_t *p, const unsigned char *input, unsigned long int input_length, int escape_quotes, int escape_colon); +int DSOLOCAL decode_base64_ext(char *plain_text, const char *input, int input_len); + int DSOLOCAL js_decode_nonstrict_inplace(unsigned char *input, long int input_len); int DSOLOCAL urldecode_uni_nonstrict_inplace_ex(unsigned char *input, long int input_length, int * changed); diff --git a/apache2/msc_xml.c b/apache2/msc_xml.c index c13d8331..7361f371 100644 --- a/apache2/msc_xml.c +++ b/apache2/msc_xml.c @@ -1,6 +1,6 @@ /* * ModSecurity for Apache 2.x, http://www.modsecurity.org/ - * Copyright (c) 2004-2010 Breach Security, Inc. (http://www.breach.com/) + * Copyright (c) 2004-2010 Trustwave Holdings, Inc. (http://www.trustwave.com/) * * This product is released under the terms of the General Public Licence, * version 2 (GPLv2). Please refer to the file LICENSE (included with this @@ -12,8 +12,8 @@ * distribution. * * If any of the files related to licensing are missing or if you have any - * other questions related to licensing please contact Breach Security, Inc. - * directly using the email address support@breach.com. + * other questions related to licensing please contact Trustwave Holdings, Inc. + * directly using the email address support@trustwave.com. * */ #include "msc_xml.h" diff --git a/apache2/msc_xml.h b/apache2/msc_xml.h index aaf00e95..9e27fe32 100644 --- a/apache2/msc_xml.h +++ b/apache2/msc_xml.h @@ -1,6 +1,6 @@ /* * ModSecurity for Apache 2.x, http://www.modsecurity.org/ - * Copyright (c) 2004-2010 Breach Security, Inc. (http://www.breach.com/) + * Copyright (c) 2004-2010 Trustwave Holdings, Inc. (http://www.trustwave.com/) * * This product is released under the terms of the General Public Licence, * version 2 (GPLv2). Please refer to the file LICENSE (included with this @@ -12,8 +12,8 @@ * distribution. * * If any of the files related to licensing are missing or if you have any - * other questions related to licensing please contact Breach Security, Inc. - * directly using the email address support@breach.com. + * other questions related to licensing please contact Trustwave Holdings, Inc. + * directly using the email address support@trustwave.com. * */ #ifndef _MSC_XML_H_ diff --git a/apache2/persist_dbm.c b/apache2/persist_dbm.c index 33e5934a..9fefa838 100644 --- a/apache2/persist_dbm.c +++ b/apache2/persist_dbm.c @@ -1,6 +1,6 @@ /* * ModSecurity for Apache 2.x, http://www.modsecurity.org/ - * Copyright (c) 2004-2010 Breach Security, Inc. (http://www.breach.com/) + * Copyright (c) 2004-2010 Trustwave Holdings, Inc. (http://www.trustwave.com/) * * This product is released under the terms of the General Public Licence, * version 2 (GPLv2). Please refer to the file LICENSE (included with this @@ -12,8 +12,8 @@ * distribution. * * If any of the files related to licensing are missing or if you have any - * other questions related to licensing please contact Breach Security, Inc. - * directly using the email address support@breach.com. + * other questions related to licensing please contact Trustwave Holdings, Inc. + * directly using the email address support@trustwave.com. * */ #include "persist_dbm.h" diff --git a/apache2/persist_dbm.h b/apache2/persist_dbm.h index 8d20a679..b94b58da 100644 --- a/apache2/persist_dbm.h +++ b/apache2/persist_dbm.h @@ -1,6 +1,6 @@ /* * ModSecurity for Apache 2.x, http://www.modsecurity.org/ - * Copyright (c) 2004-2010 Breach Security, Inc. (http://www.breach.com/) + * Copyright (c) 2004-2010 Trustwave Holdings, Inc. (http://www.trustwave.com/) * * This product is released under the terms of the General Public Licence, * version 2 (GPLv2). Please refer to the file LICENSE (included with this @@ -12,8 +12,8 @@ * distribution. * * If any of the files related to licensing are missing or if you have any - * other questions related to licensing please contact Breach Security, Inc. - * directly using the email address support@breach.com. + * other questions related to licensing please contact Trustwave Holdings, Inc. + * directly using the email address support@trustwave.com. * */ #ifndef _PERSIST_DBM_H_ diff --git a/apache2/re.c b/apache2/re.c index 2368ebaf..2b2a6a1a 100644 --- a/apache2/re.c +++ b/apache2/re.c @@ -1,6 +1,6 @@ /* * ModSecurity for Apache 2.x, http://www.modsecurity.org/ - * Copyright (c) 2004-2010 Breach Security, Inc. (http://www.breach.com/) + * Copyright (c) 2004-2010 Trustwave Holdings, Inc. (http://www.trustwave.com/) * * This product is released under the terms of the General Public Licence, * version 2 (GPLv2). Please refer to the file LICENSE (included with this @@ -857,7 +857,9 @@ apr_status_t msre_ruleset_process_phase(msre_ruleset *ruleset, modsec_rec *msr) msre_rule **rules; apr_status_t rc; const char *skip_after = NULL; - int i, mode, skip; + msre_rule *last_rule = NULL; + msre_rule *rule_starter = NULL; + int i, mode, skip, skipped, saw_starter; /* First determine which set of rules we need to use. */ switch (msr->phase) { @@ -887,6 +889,8 @@ apr_status_t msre_ruleset_process_phase(msre_ruleset *ruleset, modsec_rec *msr) /* Loop through the rules in the selected set. */ skip = 0; + skipped = 0; + saw_starter = 0; mode = NEXT_RULE; rules = (msre_rule **)arr->elts; for (i = 0; i < arr->nelts; i++) { @@ -903,19 +907,32 @@ apr_status_t msre_ruleset_process_phase(msre_ruleset *ruleset, modsec_rec *msr) */ if (mode == SKIP_RULES) { /* Go to the next rule if we have not yet hit the skip_after ID */ + if ((rule->placeholder == RULE_PH_NONE) || (rule->actionset->id == NULL) || (strcmp(skip_after, rule->actionset->id) != 0)) { - if (msr->txcfg->debuglog_level >= 9) { - if (rule->chain_starter != NULL) { - msr_log(msr, 9, "Skipping chain rule %pp id=\"%s\" until after id=\"%s\"", rule, (rule->chain_starter->actionset->id ? rule->chain_starter->actionset->id : "(none)"), skip_after); - } - else { - msr_log(msr, 9, "Skipping rule %pp id=\"%s\" until after id=\"%s\"", rule, (rule->actionset->id ? rule->actionset->id : "(none)"), skip_after); + if(i-1 >=0) + last_rule = rules[i-1]; + else + last_rule = rules[0]; + if((last_rule != NULL) && (last_rule->actionset != NULL) && last_rule->actionset->is_chained && (saw_starter == 1)) { + mode = NEXT_RULE; + skipped = 1; + --i; + } else { + mode = SKIP_RULES; + skipped = 0; + saw_starter = 0; + + if (msr->txcfg->debuglog_level >= 9) { + msr_log(msr, 9, "Current rule is id=\"%s\" [chained %d] is trying to find the SecMarker=\"%s\" [stater %d]",rule->actionset->id,last_rule->actionset->is_chained,skip_after,saw_starter); } + } + continue; } + if (msr->txcfg->debuglog_level >= 9) { msr_log(msr, 9, "Found rule %pp id=\"%s\".", rule, skip_after); } @@ -925,6 +942,8 @@ apr_status_t msre_ruleset_process_phase(msre_ruleset *ruleset, modsec_rec *msr) msr_log(msr, 4, "Continuing execution after rule id=\"%s\".", skip_after); } + saw_starter = 0; + skipped = 0; skip_after = NULL; mode = NEXT_RULE; continue; @@ -1004,6 +1023,8 @@ apr_status_t msre_ruleset_process_phase(msre_ruleset *ruleset, modsec_rec *msr) mode = NEXT_CHAIN; } + skipped = 0; + saw_starter = 0; continue; } } @@ -1063,6 +1084,9 @@ apr_status_t msre_ruleset_process_phase(msre_ruleset *ruleset, modsec_rec *msr) msr_log(msr, 9, "No match, not chained -> mode NEXT_RULE."); } } + + skipped = 0; + saw_starter = 0; } else if (rc == RULE_MATCH) { if (msr->rule_was_intercepted) { @@ -1074,12 +1098,36 @@ apr_status_t msre_ruleset_process_phase(msre_ruleset *ruleset, modsec_rec *msr) if (msr->txcfg->debuglog_level >= 9) { msr_log(msr, 9, "Match, intercepted -> returning."); } + + if(i-1 >= 0) + last_rule = rules[i-1]; + else + last_rule = rules[0]; + + if((last_rule != NULL) && (last_rule->actionset != NULL) && last_rule->actionset->is_chained) { + + int st = 0; + + for(st=i;st>=0;st--) { + + rule_starter = rules[st]; + + if(rule_starter != NULL && rule_starter->chain_starter != NULL) { + if((msr != NULL) && (msr->intercept_actionset != NULL) && (rule_starter->actionset != NULL)) + msr->intercept_actionset->intercept_uri = rule_starter->actionset->intercept_uri; + break; + } + } + + } + return 1; } if (rule->actionset->skip_after != NULL) { skip_after = rule->actionset->skip_after; mode = SKIP_RULES; + saw_starter = 1; if (msr->txcfg->debuglog_level >= 9) { msr_log(msr, 9, "Skipping after rule %pp id=\"%s\" -> mode SKIP_RULES.", rule, skip_after); @@ -1088,6 +1136,11 @@ apr_status_t msre_ruleset_process_phase(msre_ruleset *ruleset, modsec_rec *msr) continue; } + if(skipped == 1) { + mode = SKIP_RULES; + continue; + } + /* We had a match but the transaction was not * intercepted. In that case we proceed with the * next rule... diff --git a/apache2/re.h b/apache2/re.h index cb58ab2e..6f3aa622 100644 --- a/apache2/re.h +++ b/apache2/re.h @@ -1,6 +1,6 @@ /* * ModSecurity for Apache 2.x, http://www.modsecurity.org/ - * Copyright (c) 2004-2010 Breach Security, Inc. (http://www.breach.com/) + * Copyright (c) 2004-2010 Trustwave Holdings, Inc. (http://www.trustwave.com/) * * This product is released under the terms of the General Public Licence, * version 2 (GPLv2). Please refer to the file LICENSE (included with this @@ -12,8 +12,8 @@ * distribution. * * If any of the files related to licensing are missing or if you have any - * other questions related to licensing please contact Breach Security, Inc. - * directly using the email address support@breach.com. + * other questions related to licensing please contact Trustwave Holdings, Inc. + * directly using the email address support@trustwave.com. * */ #ifndef _MSC_RE_H_ diff --git a/apache2/re_actions.c b/apache2/re_actions.c index 54932e95..ed526a68 100644 --- a/apache2/re_actions.c +++ b/apache2/re_actions.c @@ -1,6 +1,6 @@ /* * ModSecurity for Apache 2.x, http://www.modsecurity.org/ - * Copyright (c) 2004-2008 Breach Security, Inc. (http://www.breach.com/) + * Copyright (c) 2004-2008 Trustwave Holdings, Inc. (http://www.trustwave.com/) * * This product is released under the terms of the General Public Licence, * version 2 (GPLv2). Please refer to the file LICENSE (included with this @@ -12,8 +12,8 @@ * distribution. * * If any of the files related to licensing are missing or if you have any - * other questions related to licensing please contact Breach Security, Inc. - * directly using the email address support@breach.com. + * other questions related to licensing please contact Trustwave Holdings, Inc. + * directly using the email address support@trustwave.com. * */ #include "re.h" @@ -1212,35 +1212,19 @@ static apr_status_t msre_action_setenv_execute(modsec_rec *msr, apr_pool_t *mptm } /* setvar */ -static apr_status_t msre_action_setvar_execute(modsec_rec *msr, apr_pool_t *mptmp, - msre_rule *rule, msre_action *action) +apr_status_t msre_action_setvar_execute(modsec_rec *msr, apr_pool_t *mptmp, + msre_rule *rule, char *var_name, char *var_value) { - char *data = apr_pstrdup(mptmp, action->param); - char *col_name = NULL, *var_name = NULL, *var_value = NULL; + char *col_name = NULL; char *s = NULL; apr_table_t *target_col = NULL; int is_negated = 0; msc_string *var = NULL; - /* Extract the name and the value. */ - /* IMP1 We have a function for this now, parse_name_eq_value? */ - s = strstr(data, "="); - if (s == NULL) { - var_name = data; - var_value = "1"; - } else { - var_name = data; - var_value = s + 1; - *s = '\0'; - - while ((*var_value != '\0')&&(isspace(*var_value))) var_value++; - } - if (msr->txcfg->debuglog_level >= 9) { msr_log(msr, 9, "Setting variable: %s=%s", var_name, var_value); } - /* Expand and escape any macros in the name */ var = apr_palloc(msr->mp, sizeof(msc_string)); if (var == NULL) { @@ -1269,10 +1253,10 @@ static apr_status_t msre_action_setvar_execute(modsec_rec *msr, apr_pool_t *mptm msr_log(msr, 3, "Asked to set variable \"%s\", but no collection name specified. ", log_escape(msr->mp, var_name)); } - + return 0; } - + col_name = var_name; var_name = s + 1; *s = '\0'; @@ -1287,7 +1271,7 @@ static apr_status_t msre_action_setvar_execute(modsec_rec *msr, apr_pool_t *mptm msr_log(msr, 3, "Could not set variable \"%s.%s\" as the collection does not exist.", log_escape(msr->mp, col_name), log_escape(msr->mp, var_name)); } - + return 0; } } @@ -1386,6 +1370,42 @@ static apr_status_t msre_action_setvar_execute(modsec_rec *msr, apr_pool_t *mptm return 1; } +/* +* \brief Parse fuction for setvar input +* +* \param msr Pointer to the engine +* \param mptmp Pointer to the pool +* \param rule Pointer to rule struct +* \param action input data +* +* \retval -1 On failure +* \retval 0 On Collection failure +* \retval 1 On Success +*/ +static apr_status_t msre_action_setvar_parse(modsec_rec *msr, apr_pool_t *mptmp, + msre_rule *rule, msre_action *action) +{ + char *data = apr_pstrdup(mptmp, action->param); + char *var_name = NULL, *var_value = NULL; + char *s = NULL; + + /* Extract the name and the value. */ + /* IMP1 We have a function for this now, parse_name_eq_value? */ + s = strstr(data, "="); + if (s == NULL) { + var_name = data; + var_value = "1"; + } else { + var_name = data; + var_value = s + 1; + *s = '\0'; + + while ((*var_value != '\0')&&(isspace(*var_value))) var_value++; + } + + return msre_action_setvar_execute(msr,mptmp,rule,var_name,var_value); +} + /* expirevar */ static apr_status_t msre_action_expirevar_execute(modsec_rec *msr, apr_pool_t *mptmp, msre_rule *rule, msre_action *action) @@ -2388,7 +2408,7 @@ void msre_engine_register_default_actions(msre_engine *engine) { ACTION_CGROUP_NONE, NULL, NULL, - msre_action_setvar_execute + msre_action_setvar_parse ); /* expirevar */ diff --git a/apache2/re_operators.c b/apache2/re_operators.c index a1684a19..9e6e07a0 100644 --- a/apache2/re_operators.c +++ b/apache2/re_operators.c @@ -1,6 +1,6 @@ /* * ModSecurity for Apache 2.x, http://www.modsecurity.org/ - * Copyright (c) 2004-2010 Breach Security, Inc. (http://www.breach.com/) + * Copyright (c) 2004-2010 Trustwave Holdings, Inc. (http://www.trustwave.com/) * * This product is released under the terms of the General Public Licence, * version 2 (GPLv2). Please refer to the file LICENSE (included with this @@ -12,8 +12,8 @@ * distribution. * * If any of the files related to licensing are missing or if you have any - * other questions related to licensing please contact Breach Security, Inc. - * directly using the email address support@breach.com. + * other questions related to licensing please contact Trustwave Holdings, Inc. + * directly using the email address support@trustwave.com. * */ #include "re.h" @@ -155,9 +155,12 @@ static int msre_op_rx_execute(modsec_rec *msr, msre_rule *rule, msre_var *var, c apr_table_setn(msr->tx_vars, s->name, (void *)s); *error_msg = apr_psprintf(msr->mp, - "Rule execution error - " + "Rule %pp [id \"%s\"][file \"%s\"][line \"%d\"] - " + "Execution error - " "PCRE limits exceeded (%d): %s", - rc, my_error_msg); + rule,((rule->actionset != NULL)&&(rule->actionset->id != NULL)) ? rule->actionset->id : "-", + rule->filename != NULL ? rule->filename : "-", + rule->line_num,rc, my_error_msg); msr_log(msr, 3, "%s.", *error_msg); diff --git a/apache2/re_tfns.c b/apache2/re_tfns.c index 18bb9dad..3f1d4190 100644 --- a/apache2/re_tfns.c +++ b/apache2/re_tfns.c @@ -1,6 +1,6 @@ /* * ModSecurity for Apache 2.x, http://www.modsecurity.org/ - * Copyright (c) 2004-2010 Breach Security, Inc. (http://www.breach.com/) + * Copyright (c) 2004-2010 Trustwave Holdings, Inc. (http://www.trustwave.com/) * * This product is released under the terms of the General Public Licence, * version 2 (GPLv2). Please refer to the file LICENSE (included with this @@ -12,8 +12,8 @@ * distribution. * * If any of the files related to licensing are missing or if you have any - * other questions related to licensing please contact Breach Security, Inc. - * directly using the email address support@breach.com. + * other questions related to licensing please contact Trustwave Holdings, Inc. + * directly using the email address support@trustwave.com. * */ #include @@ -572,6 +572,28 @@ static int msre_fn_parityOdd7bit_execute(apr_pool_t *mptmp, unsigned char *input return changed; } +/* +* \brief Base64 transformation function based on RFC2045 +* +* \param mptmp Pointer to resource poil +* \param input Pointer to input data +* \param input_len Input data length +* \param rval Pointer to decoded buffer +* \param rval_len Decoded buffer length +* +* \retval 0 On failure +* \retval 1 On Success +*/ +static int msre_fn_decodeBase64Ext_execute(apr_pool_t *mptmp, unsigned char *input, long int input_len, char **rval, long int *rval_len) +{ + *rval_len = input_len; + *rval = apr_palloc(mptmp, *rval_len); + *rval_len = decode_base64_ext(*rval, (const char *)input, input_len); + + return *rval_len ? 1 : 0; +} + + /* ------------------------------------------------------------------------------ */ /** @@ -787,4 +809,11 @@ void msre_engine_register_default_tfns(msre_engine *engine) { "urlEncode", msre_fn_urlEncode_execute ); + + /* decodeBase64Ext */ + msre_engine_tfn_register(engine, + "decodeBase64Ext", + msre_fn_decodeBase64Ext_execute + ); + } diff --git a/apache2/re_variables.c b/apache2/re_variables.c index 68ee861e..baa48c8a 100644 --- a/apache2/re_variables.c +++ b/apache2/re_variables.c @@ -1,6 +1,6 @@ /* * ModSecurity for Apache 2.x, http://www.modsecurity.org/ - * Copyright (c) 2004-2010 Breach Security, Inc. (http://www.breach.com/) + * Copyright (c) 2004-2010 Trustwave Holdings, Inc. (http://www.trustwave.com/) * * This product is released under the terms of the General Public Licence, * version 2 (GPLv2). Please refer to the file LICENSE (included with this @@ -12,8 +12,8 @@ * distribution. * * If any of the files related to licensing are missing or if you have any - * other questions related to licensing please contact Breach Security, Inc. - * directly using the email address support@breach.com. + * other questions related to licensing please contact Trustwave Holdings, Inc. + * directly using the email address support@trustwave.com. * */ #include "http_core.h" diff --git a/apache2/utf8tables.h b/apache2/utf8tables.h index 80a20902..d88809d8 100644 --- a/apache2/utf8tables.h +++ b/apache2/utf8tables.h @@ -1,6 +1,6 @@ /* * ModSecurity for Apache 2.x, http://www.modsecurity.org/ - * Copyright (c) 2004-2010 Breach Security, Inc. (http://www.breach.com/) + * Copyright (c) 2004-2010 Trustwave Holdings, Inc. (http://www.trustwave.com/) * * This product is released under the terms of the General Public Licence, * version 2 (GPLv2). Please refer to the file LICENSE (included with this @@ -12,8 +12,8 @@ * distribution. * * If any of the files related to licensing are missing or if you have any - * other questions related to licensing please contact Breach Security, Inc. - * directly using the email address support@breach.com. + * other questions related to licensing please contact Trustwave Holdings, Inc. + * directly using the email address support@trustwave.com. * */ #ifndef UTF8TABLES_H_ diff --git a/ext/mod_op_strstr.c b/ext/mod_op_strstr.c index 3074c8d6..c0524dc6 100644 --- a/ext/mod_op_strstr.c +++ b/ext/mod_op_strstr.c @@ -1,6 +1,6 @@ /* * ModSecurity for Apache 2.x, http://www.modsecurity.org/ - * Copyright (c) 2004-2010 Breach Security, Inc. (http://www.breach.com/) + * Copyright (c) 2004-2010 Trustwave Holdings, Inc. (http://www.trustwave.com/) * * This product is released under the terms of the General Public Licence, * version 2 (GPLv2). Please refer to the file LICENSE (included with this @@ -12,8 +12,8 @@ * distribution. * * If any of the files related to licensing are missing or if you have any - * other questions related to licensing please contact Breach Security, Inc. - * directly using the email address support@breach.com. + * other questions related to licensing please contact Trustwave Holdings, Inc. + * directly using the email address support@trustwave.com. * */ diff --git a/ext/mod_reqbody_example.c b/ext/mod_reqbody_example.c index 23772ceb..c9ad62b8 100644 --- a/ext/mod_reqbody_example.c +++ b/ext/mod_reqbody_example.c @@ -1,6 +1,6 @@ /* * ModSecurity for Apache 2.x, http://www.modsecurity.org/ - * Copyright (c) 2004-2010 Breach Security, Inc. (http://www.breach.com/) + * Copyright (c) 2004-2010 Trustwave Holdings, Inc. (http://www.trustwave.com/) * * This product is released under the terms of the General Public Licence, * version 2 (GPLv2). Please refer to the file LICENSE (included with this @@ -12,8 +12,8 @@ * distribution. * * If any of the files related to licensing are missing or if you have any - * other questions related to licensing please contact Breach Security, Inc. - * directly using the email address support@breach.com. + * other questions related to licensing please contact Trustwave Holdings, Inc. + * directly using the email address support@trustwave.com. * */ diff --git a/ext/mod_tfn_reverse.c b/ext/mod_tfn_reverse.c index 22f54e97..048c800b 100644 --- a/ext/mod_tfn_reverse.c +++ b/ext/mod_tfn_reverse.c @@ -1,6 +1,6 @@ /* * ModSecurity for Apache 2.x, http://www.modsecurity.org/ - * Copyright (c) 2004-2010 Breach Security, Inc. (http://www.breach.com/) + * Copyright (c) 2004-2010 Trustwave Holdings, Inc. (http://www.trustwave.com/) * * This product is released under the terms of the General Public Licence, * version 2 (GPLv2). Please refer to the file LICENSE (included with this @@ -12,8 +12,8 @@ * distribution. * * If any of the files related to licensing are missing or if you have any - * other questions related to licensing please contact Breach Security, Inc. - * directly using the email address support@breach.com. + * other questions related to licensing please contact Trustwave Holdings, Inc. + * directly using the email address support@trustwave.com. * */ diff --git a/ext/mod_var_remote_addr_port.c b/ext/mod_var_remote_addr_port.c index 491db50d..2a787c13 100644 --- a/ext/mod_var_remote_addr_port.c +++ b/ext/mod_var_remote_addr_port.c @@ -1,6 +1,6 @@ /* * ModSecurity for Apache 2.x, http://www.modsecurity.org/ - * Copyright (c) 2004-2010 Breach Security, Inc. (http://www.breach.com/) + * Copyright (c) 2004-2010 Trustwave Holdings, Inc. (http://www.trustwave.com/) * * This product is released under the terms of the General Public Licence, * version 2 (GPLv2). Please refer to the file LICENSE (included with this @@ -12,8 +12,8 @@ * distribution. * * If any of the files related to licensing are missing or if you have any - * other questions related to licensing please contact Breach Security, Inc. - * directly using the email address support@breach.com. + * other questions related to licensing please contact Trustwave Holdings, Inc. + * directly using the email address support@trustwave.com. * */ diff --git a/mlogc/mlogc-batch-load.pl.in b/mlogc/mlogc-batch-load.pl.in index a32f57fa..f7bd240a 100755 --- a/mlogc/mlogc-batch-load.pl.in +++ b/mlogc/mlogc-batch-load.pl.in @@ -1,7 +1,7 @@ #!@PERL@ # # ModSecurity for Apache 2.x, http://www.modsecurity.org/ -# Copyright (c) 2004-2009 Breach Security, Inc. (http://www.breach.com/) +# Copyright (c) 2004-2009 Trustwave Holdings, Inc. (http://www.trustwave.com/) # # This product is released under the terms of the General Public Licence, # version 2 (GPLv2). Please refer to the file LICENSE (included with this @@ -13,8 +13,8 @@ # distribution. # # If any of the files related to licensing are missing or if you have any -# other questions related to licensing please contact Breach Security, Inc. -# directly using the email address support@breach.com. +# other questions related to licensing please contact Trustwave Holdings, Inc. +# directly using the email address support@trustwave.com. # use strict; diff --git a/mlogc/mlogc.c b/mlogc/mlogc.c index b22ec2d9..b4a4f428 100644 --- a/mlogc/mlogc.c +++ b/mlogc/mlogc.c @@ -1,6 +1,6 @@ /* * ModSecurity for Apache 2.x, http://www.modsecurity.org/ - * Copyright (c) 2004-2009 Breach Security, Inc. (http://www.breach.com/) + * Copyright (c) 2004-2009 Trustwave Holdings, Inc. (http://www.trustwave.com/) * * This product is released under the terms of the General Public Licence, * version 2 (GPLv2). Please refer to the file LICENSE (included with this @@ -12,8 +12,8 @@ * distribution. * * If any of the files related to licensing are missing or if you have any - * other questions related to licensing please contact Breach Security, Inc. - * directly using the email address support@breach.com. + * other questions related to licensing please contact Trustwave Holdings, Inc. + * directly using the email address support@trustwave.com. * */ @@ -1522,7 +1522,7 @@ static void * APR_THREAD_FUNC thread_worker(apr_thread_t *thread, void *data) if (finfo.size == 0) { error_log(LOG_WARNING, thread, - "File found (%" APR_SIZE_T_FMT + "File found (%" APR_OFF_T_FMT " bytes), skipping.", finfo.size); take_new = 1; nodelay = 1; @@ -1530,7 +1530,7 @@ static void * APR_THREAD_FUNC thread_worker(apr_thread_t *thread, void *data) } else { error_log(LOG_DEBUG, thread, - "File found (%" APR_SIZE_T_FMT + "File found (%" APR_OFF_T_FMT " bytes), activating cURL.", finfo.size); } diff --git a/tests/msc_test.c b/tests/msc_test.c index f8cf6750..227be85a 100644 --- a/tests/msc_test.c +++ b/tests/msc_test.c @@ -1,6 +1,6 @@ /* * ModSecurity for Apache 2.x, http://www.modsecurity.org/ - * Copyright (c) 2004-2010 Breach Security, Inc. (http://www.breach.com/) + * Copyright (c) 2004-2010 Trustwave Holdings, Inc. (http://www.trustwave.com/) * * This product is released under the terms of the General Public Licence, * version 2 (GPLv2). Please refer to the file LICENSE (included with this @@ -12,8 +12,8 @@ * distribution. * * If any of the files related to licensing are missing or if you have any - * other questions related to licensing please contact Breach Security, Inc. - * directly using the email address support@breach.com. + * other questions related to licensing please contact Trustwave Holdings, Inc. + * directly using the email address support@trustwave.com. * */ #include