Standalone: added Include command

IIS: added locking, response processing check, fixed file chunk reading bugs

iis/ModSecurityIIS/ModSecurityIIS/ModSecurityIIS.vdproj

@@ -45,6 +45,12 @@
         }
         "Entry"
         {
+        "MsmKey" = "8:_3CE93C3FC5AC3E954253889334FBCDA8"
+        "OwnerKey" = "8:_CB8446F7ADCD4E3DA3F2C6246FA844A0"
+        "MsmSig" = "8:_UNDEFINED"
+        }
+        "Entry"
+        {
         "MsmKey" = "8:_51AF671FCA3544DEA3E5756B5D450275"
         "OwnerKey" = "8:_UNDEFINED"
         "MsmSig" = "8:_UNDEFINED"
@@ -141,6 +147,12 @@
         }
         "Entry"
         {
+        "MsmKey" = "8:_CB8446F7ADCD4E3DA3F2C6246FA844A0"
+        "OwnerKey" = "8:_UNDEFINED"
+        "MsmSig" = "8:_UNDEFINED"
+        }
+        "Entry"
+        {
         "MsmKey" = "8:_CEB23D021A2E4EEF9245EEDC143AFBA8"
         "OwnerKey" = "8:_UNDEFINED"
         "MsmSig" = "8:_UNDEFINED"
@@ -187,6 +199,12 @@
         "OwnerKey" = "8:_764D5BE911464BEFBCC3BC3B25068987"
         "MsmSig" = "8:_UNDEFINED"
         }
+        "Entry"
+        {
+        "MsmKey" = "8:_UNDEFINED"
+        "OwnerKey" = "8:_CB8446F7ADCD4E3DA3F2C6246FA844A0"
+        "MsmSig" = "8:_UNDEFINED"
+        }
     }
     "Configurations"
     {
@@ -468,6 +486,26 @@
             "IsDependency" = "11:FALSE"
             "IsolateTo" = "8:"
             }
+            "{1FB2D0AE-D3B9-43D4-B9DD-F88EC61E35DE}:_3CE93C3FC5AC3E954253889334FBCDA8"
+            {
+            "SourcePath" = "8:nativerd.dll"
+            "TargetName" = "8:nativerd.dll"
+            "Tag" = "8:"
+            "Folder" = "8:_565C3432A64049EAA7CA6E8C007B2188"
+            "Condition" = "8:"
+            "Transitive" = "11:FALSE"
+            "Vital" = "11:TRUE"
+            "ReadOnly" = "11:FALSE"
+            "Hidden" = "11:FALSE"
+            "System" = "11:FALSE"
+            "Permanent" = "11:FALSE"
+            "SharedLegacy" = "11:FALSE"
+            "PackageAs" = "3:1"
+            "Register" = "3:1"
+            "Exclude" = "11:FALSE"
+            "IsDependency" = "11:TRUE"
+            "IsolateTo" = "8:"
+            }
             "{1FB2D0AE-D3B9-43D4-B9DD-F88EC61E35DE}:_51AF671FCA3544DEA3E5756B5D450275"
             {
             "SourcePath" = "8:x86\\ModSecurityIIS.dll"
@@ -768,6 +806,37 @@
             "IsDependency" = "11:FALSE"
             "IsolateTo" = "8:"
             }
+            "{9F6F8455-1EF1-4B85-886A-4223BCC8E7F7}:_CB8446F7ADCD4E3DA3F2C6246FA844A0"
+            {
+            "AssemblyRegister" = "3:1"
+            "AssemblyIsInGAC" = "11:FALSE"
+            "AssemblyAsmDisplayName" = "8:Interop.AppHostAdminLibrary, Version=1.0.0.0, Culture=neutral, processorArchitecture=x86"
+                "ScatterAssemblies"
+                {
+                    "_CB8446F7ADCD4E3DA3F2C6246FA844A0"
+                    {
+                    "Name" = "8:Interop.AppHostAdminLibrary.dll"
+                    "Attributes" = "3:512"
+                    }
+                }
+            "SourcePath" = "8:installer project\\bin\\Release\\Interop.AppHostAdminLibrary.dll"
+            "TargetName" = "8:"
+            "Tag" = "8:"
+            "Folder" = "8:_565C3432A64049EAA7CA6E8C007B2188"
+            "Condition" = "8:"
+            "Transitive" = "11:FALSE"
+            "Vital" = "11:TRUE"
+            "ReadOnly" = "11:FALSE"
+            "Hidden" = "11:FALSE"
+            "System" = "11:FALSE"
+            "Permanent" = "11:FALSE"
+            "SharedLegacy" = "11:FALSE"
+            "PackageAs" = "3:1"
+            "Register" = "3:1"
+            "Exclude" = "11:FALSE"
+            "IsDependency" = "11:FALSE"
+            "IsolateTo" = "8:"
+            }
             "{1FB2D0AE-D3B9-43D4-B9DD-F88EC61E35DE}:_CEB23D021A2E4EEF9245EEDC143AFBA8"
             {
             "SourcePath" = "8:amd64\\ModSecurityIIS.dll"
@@ -987,7 +1056,7 @@
         "Name" = "8:Microsoft Visual Studio"
         "ProductName" = "8:ModSecurity IIS"
         "ProductCode" = "8:{81EE8A4A-5128-4CDB-97B2-06B147E8B4B8}"
-        "PackageCode" = "8:{0E266CA7-97F3-4DCE-AC7B-5ECCAE18A108}"
+        "PackageCode" = "8:{B5E59B35-BF44-4075-B9F5-C251002DF58E}"
         "UpgradeCode" = "8:{7B32CF94-443C-47BB-91C3-0E9D3D12DF8B}"
         "AspNetVersion" = "8:4.0.30319.0"
         "RestartWWWService" = "11:FALSE"

iis/ModSecurityIIS/ModSecurityIIS/installer project/ModSecurityConfigurator.cs

@@ -16,6 +16,10 @@ namespace configure
             {
                 installDir = installDir.Substring(0, installDir.Length - 1);
             }
+            if (installDir.StartsWith("\""))
+            {
+                installDir = installDir.Substring(1);
+            }
 
             Console.WriteLine("Copying 32-bit binaries...");
             string dstpath = Environment.ExpandEnvironmentVariables("%windir%\\SysWow64");

iis/mymodule.cpp

@@ -76,8 +76,8 @@ class REQUEST_STORED_CONTEXT : public IHttpStoredContext
 	IHttpContext		*m_pHttpContext;
 	IHttpEventProvider	*m_pProvider;
 	char				*m_pResponseBuffer;
-	unsigned int		m_pResponseLength;
-	unsigned int		m_pResponsePosition;
+	ULONGLONG			m_pResponseLength;
+	ULONGLONG			m_pResponsePosition;
 };
 
 //----------------------------------------------------------------------------
@@ -94,39 +94,39 @@ char *GetIpAddr(apr_pool_t *pool, PSOCKADDR pAddr)
 
 apr_sockaddr_t *CopySockAddr(apr_pool_t *pool, PSOCKADDR pAddr)
 {
-    apr_sockaddr_t *addr = (apr_sockaddr_t *)apr_palloc(pool, sizeof(apr_sockaddr_t));
-	int adrlen = 16, iplen = 4;
-
-	if(pAddr->sa_family == AF_INET6)
-	{
-		adrlen = 46;
-		iplen = 16;
-	}
-
-	addr->addr_str_len = adrlen;
-	addr->family = pAddr->sa_family;
-
-	addr->hostname = "unknown";
-#ifdef WIN32
-    addr->ipaddr_len = sizeof(IN_ADDR);
-#else
-    addr->ipaddr_len = sizeof(struct in_addr);
-#endif
-    addr->ipaddr_ptr = &addr->sa.sin.sin_addr;
-    addr->pool = pool;
-    addr->port = 80;
-#ifdef WIN32
-	memcpy(&addr->sa.sin.sin_addr.S_un.S_addr, pAddr->sa_data, iplen);
-#else
-    memcpy(&addr->sa.sin.sin_addr.s_addr, pAddr->sa_data, iplen);
-#endif
-	addr->sa.sin.sin_family = pAddr->sa_family;
-    addr->sa.sin.sin_port = 80;
-    addr->salen = sizeof(addr->sa);
-	addr->servname = addr->hostname;
-
-	return addr;
-}
+    apr_sockaddr_t *addr = (apr_sockaddr_t *)apr_palloc(pool, sizeof(apr_sockaddr_t));
+	int adrlen = 16, iplen = 4;
+
+	if(pAddr->sa_family == AF_INET6)
+	{
+		adrlen = 46;
+		iplen = 16;
+	}
+
+	addr->addr_str_len = adrlen;
+	addr->family = pAddr->sa_family;
+
+	addr->hostname = "unknown";
+#ifdef WIN32
+    addr->ipaddr_len = sizeof(IN_ADDR);
+#else
+    addr->ipaddr_len = sizeof(struct in_addr);
+#endif
+    addr->ipaddr_ptr = &addr->sa.sin.sin_addr;
+    addr->pool = pool;
+    addr->port = 80;
+#ifdef WIN32
+	memcpy(&addr->sa.sin.sin_addr.S_un.S_addr, pAddr->sa_data, iplen);
+#else
+    memcpy(&addr->sa.sin.sin_addr.s_addr, pAddr->sa_data, iplen);
+#endif
+	addr->sa.sin.sin_family = pAddr->sa_family;
+    addr->sa.sin.sin_port = 80;
+    addr->salen = sizeof(addr->sa);
+	addr->servname = addr->hostname;
+
+	return addr;
+}
 
 //----------------------------------------------------------------------------
 
@@ -269,7 +269,7 @@ HRESULT CMyHttpModule::ReadFileChunk(HTTP_DATA_CHUNK *chunk, char *buf)
 {
     OVERLAPPED ovl;
     DWORD dwDataStartOffset;
-    DWORD bytesTotal = 0;
+    ULONGLONG bytesTotal = 0;
 	BYTE *	pIoBuffer = NULL;
 	HANDLE	hIoEvent = INVALID_HANDLE_VALUE;
 	HRESULT hr = S_OK;
@@ -332,6 +332,7 @@ HRESULT CMyHttpModule::ReadFileChunk(HTTP_DATA_CHUNK *chunk, char *buf)
 						 TRUE))
 				{
 					dwErr = GetLastError();
+
 					switch(dwErr)
 					{
 					case ERROR_HANDLE_EOF:
@@ -343,7 +344,6 @@ HRESULT CMyHttpModule::ReadFileChunk(HTTP_DATA_CHUNK *chunk, char *buf)
 						goto Done;
 					}
 				}
-
 				break;
 
 			case ERROR_HANDLE_EOF:
@@ -396,7 +396,9 @@ CMyHttpModule::OnSendResponse(
 
 	rsc = (REQUEST_STORED_CONTEXT *)pHttpContext->GetModuleContextContainer()->GetModuleContext(g_pModuleContext);
 
-	if(rsc == NULL || rsc->m_pRequestRec == NULL || rsc->m_pResponseBuffer != NULL)
+	EnterCriticalSection(&m_csLock);
+
+	if(rsc == NULL || rsc->m_pRequestRec == NULL || rsc->m_pResponseBuffer != NULL || !modsecIsResponseBodyAccessEnabled(rsc->m_pRequestRec))
 	{
 		goto Exit;
 	}
@@ -408,8 +410,8 @@ CMyHttpModule::OnSendResponse(
     HTTP_DATA_CHUNK *pSourceDataChunk = NULL;
     LARGE_INTEGER  lFileSize;
     REQUEST_NOTIFICATION_STATUS ret = RQ_NOTIFICATION_CONTINUE;
-	ULONG ulTotalLength = 0;
-	DWORD c, bytesRead;
+	ULONGLONG ulTotalLength = 0;
+	DWORD c;
 	request_rec *r = rsc->m_pRequestRec;
 
 	pHttpResponse = pHttpContext->GetResponse();
@@ -430,7 +432,6 @@ CMyHttpModule::OnSendResponse(
 
 	// assume HTML if content type not set
 	// without this output filter would not buffer response and processing would hang
-	// this needs further investigation (it did not repro on debug build)
 	//
 	if(ctz[0] == 0)
 		ctz = "text/html";
@@ -495,6 +496,9 @@ CMyHttpModule::OnSendResponse(
 		*(const char **)apr_array_push(r->content_languages) = lng;
 	}
 
+	// here we must check if response body processing is enabled
+	//
+
 	// Disable kernel caching for this response
 	// Probably we don't have to do it for ModSecurity
 
@@ -575,6 +579,7 @@ CMyHttpModule::OnSendResponse(
 			        DWORD dwErr = GetLastError();
 
 					hr = HRESULT_FROM_WIN32(dwErr);
+	                goto Finished;
 				}
 
                 ulTotalLength += pFileByteRange->Length.QuadPart;
@@ -639,6 +644,8 @@ Finished:
 		pHttpContext->SetRequestHandled();
 
 		rsc->FinishRequest();
+
+		LeaveCriticalSection(&m_csLock);
 		
 		return RQ_NOTIFICATION_FINISH_REQUEST;
 	}
@@ -648,6 +655,8 @@ Exit:
 	if(rsc != NULL)
 		rsc->FinishRequest();
 
+	LeaveCriticalSection(&m_csLock);
+		
 	return RQ_NOTIFICATION_CONTINUE;
 }
 
@@ -665,7 +674,11 @@ CMyHttpModule::OnPostEndRequest(
 	//
 	if(rsc != NULL && rsc->m_pResponseBuffer != NULL)
 	{
+		EnterCriticalSection(&m_csLock);
+
 		rsc->FinishRequest();
+
+		LeaveCriticalSection(&m_csLock);
 	}
 
 	return RQ_NOTIFICATION_CONTINUE;
@@ -683,6 +696,8 @@ CMyHttpModule::OnBeginRequest(
     
     UNREFERENCED_PARAMETER ( pProvider );
 
+	EnterCriticalSection(&m_csLock);
+
     if ( pHttpContext == NULL ) 
     {
         hr = E_UNEXPECTED;
@@ -996,14 +1011,14 @@ CMyHttpModule::OnBeginRequest(
 
 	PSOCKADDR pAddr = pRequest->GetRemoteAddress();
 
-#if AP_SERVER_MAJORVERSION_NUMBER > 1 && AP_SERVER_MINORVERSION_NUMBER < 3
-    c->remote_addr = CopySockAddr(r->pool, pAddr);
-    c->remote_ip = GetIpAddr(r->pool, pAddr);
-#else
-    c->client_addr = CopySockAddr(r->pool, pAddr);
-	c->client_ip = GetIpAddr(r->pool, pAddr);
-#endif
-	c->remote_host = NULL;
+#if AP_SERVER_MAJORVERSION_NUMBER > 1 && AP_SERVER_MINORVERSION_NUMBER < 3
+    c->remote_addr = CopySockAddr(r->pool, pAddr);
+    c->remote_ip = GetIpAddr(r->pool, pAddr);
+#else
+    c->client_addr = CopySockAddr(r->pool, pAddr);
+	c->client_ip = GetIpAddr(r->pool, pAddr);
+#endif
+	c->remote_host = NULL;
 
 	int status = modsecProcessRequest(r);
 
@@ -1012,10 +1027,12 @@ CMyHttpModule::OnBeginRequest(
 		pHttpContext->GetResponse()->SetStatus(status, "ModSecurity Action");
 		pHttpContext->SetRequestHandled();
 
-        return RQ_NOTIFICATION_FINISH_REQUEST;
+		hr = E_FAIL;
+		goto Finished;
 	}
 
 Finished:
+	LeaveCriticalSection(&m_csLock);
 
     if ( FAILED( hr )  )
     {
@@ -1201,6 +1218,8 @@ CMyHttpModule::CMyHttpModule()
     GetSystemInfo(&sysInfo);
     m_dwPageSize = sysInfo.dwPageSize;
 
+	InitializeCriticalSection(&m_csLock);
+
 	modsecSetLogHook(this, Log);
 
 	modsecSetReadBody(ReadBodyCallback);
@@ -1238,6 +1257,8 @@ CMyHttpModule::~CMyHttpModule()
         // Close the handle to the Event Viewer.
         DeregisterEventSource( m_hEventLog );
         m_hEventLog = NULL;
+
+		DeleteCriticalSection(&m_csLock);
     }
 }
 

iis/mymodule.h

@@ -22,8 +22,9 @@
 class CMyHttpModule : public CHttpModule
 {
 public:
-    HANDLE  m_hEventLog;
-    DWORD   m_dwPageSize;
+    HANDLE				m_hEventLog;
+    DWORD				m_dwPageSize;
+	CRITICAL_SECTION	m_csLock;
 
     REQUEST_NOTIFICATION_STATUS
     OnBeginRequest(