Standalone: added Include command

IIS: added locking, response processing check, fixed file chunk reading bugs
2025-09-29 19:24:29 +03:00 · 2012-10-12 06:27:22 +00:00
parent f00cb1a4e3
commit 6900616faf
7 changed files with 557 additions and 96 deletions
--- a/iis/mymodule.cpp
+++ b/iis/mymodule.cpp
@@ -76,8 +76,8 @@ class REQUEST_STORED_CONTEXT : public IHttpStoredContext
 	IHttpContext		*m_pHttpContext;
 	IHttpEventProvider	*m_pProvider;
 	char				*m_pResponseBuffer;
-	unsigned int		m_pResponseLength;
-	unsigned int		m_pResponsePosition;
+	ULONGLONG			m_pResponseLength;
+	ULONGLONG			m_pResponsePosition;
 };

 //----------------------------------------------------------------------------
@@ -94,39 +94,39 @@ char *GetIpAddr(apr_pool_t *pool, PSOCKADDR pAddr)

 apr_sockaddr_t *CopySockAddr(apr_pool_t *pool, PSOCKADDR pAddr)
 {
-    apr_sockaddr_t *addr = (apr_sockaddr_t *)apr_palloc(pool, sizeof(apr_sockaddr_t));
-	int adrlen = 16, iplen = 4;
-
-	if(pAddr->sa_family == AF_INET6)
-	{
-		adrlen = 46;
-		iplen = 16;
-	}
-
-	addr->addr_str_len = adrlen;
-	addr->family = pAddr->sa_family;
-
-	addr->hostname = "unknown";
-#ifdef WIN32
-    addr->ipaddr_len = sizeof(IN_ADDR);
-#else
-    addr->ipaddr_len = sizeof(struct in_addr);
-#endif
-    addr->ipaddr_ptr = &addr->sa.sin.sin_addr;
-    addr->pool = pool;
-    addr->port = 80;
-#ifdef WIN32
-	memcpy(&addr->sa.sin.sin_addr.S_un.S_addr, pAddr->sa_data, iplen);
-#else
-    memcpy(&addr->sa.sin.sin_addr.s_addr, pAddr->sa_data, iplen);
-#endif
-	addr->sa.sin.sin_family = pAddr->sa_family;
-    addr->sa.sin.sin_port = 80;
-    addr->salen = sizeof(addr->sa);
-	addr->servname = addr->hostname;
-
-	return addr;
-}
+    apr_sockaddr_t *addr = (apr_sockaddr_t *)apr_palloc(pool, sizeof(apr_sockaddr_t));
+	int adrlen = 16, iplen = 4;
+
+	if(pAddr->sa_family == AF_INET6)
+	{
+		adrlen = 46;
+		iplen = 16;
+	}
+
+	addr->addr_str_len = adrlen;
+	addr->family = pAddr->sa_family;
+
+	addr->hostname = "unknown";
+#ifdef WIN32
+    addr->ipaddr_len = sizeof(IN_ADDR);
+#else
+    addr->ipaddr_len = sizeof(struct in_addr);
+#endif
+    addr->ipaddr_ptr = &addr->sa.sin.sin_addr;
+    addr->pool = pool;
+    addr->port = 80;
+#ifdef WIN32
+	memcpy(&addr->sa.sin.sin_addr.S_un.S_addr, pAddr->sa_data, iplen);
+#else
+    memcpy(&addr->sa.sin.sin_addr.s_addr, pAddr->sa_data, iplen);
+#endif
+	addr->sa.sin.sin_family = pAddr->sa_family;
+    addr->sa.sin.sin_port = 80;
+    addr->salen = sizeof(addr->sa);
+	addr->servname = addr->hostname;
+
+	return addr;
+}

 //----------------------------------------------------------------------------

@@ -269,7 +269,7 @@ HRESULT CMyHttpModule::ReadFileChunk(HTTP_DATA_CHUNK *chunk, char *buf)
 {
    OVERLAPPED ovl;
    DWORD dwDataStartOffset;
-    DWORD bytesTotal = 0;
+    ULONGLONG bytesTotal = 0;
 	BYTE *	pIoBuffer = NULL;
 	HANDLE	hIoEvent = INVALID_HANDLE_VALUE;
 	HRESULT hr = S_OK;
@@ -332,6 +332,7 @@ HRESULT CMyHttpModule::ReadFileChunk(HTTP_DATA_CHUNK *chunk, char *buf)
 						 TRUE))
 				{
 					dwErr = GetLastError();
+
 					switch(dwErr)
 					{
 					case ERROR_HANDLE_EOF:
@@ -343,7 +344,6 @@ HRESULT CMyHttpModule::ReadFileChunk(HTTP_DATA_CHUNK *chunk, char *buf)
 						goto Done;
 					}
 				}
-
 				break;

 			case ERROR_HANDLE_EOF:
@@ -396,7 +396,9 @@ CMyHttpModule::OnSendResponse(

 	rsc = (REQUEST_STORED_CONTEXT *)pHttpContext->GetModuleContextContainer()->GetModuleContext(g_pModuleContext);

-	if(rsc == NULL || rsc->m_pRequestRec == NULL || rsc->m_pResponseBuffer != NULL)
+	EnterCriticalSection(&m_csLock);
+
+	if(rsc == NULL || rsc->m_pRequestRec == NULL || rsc->m_pResponseBuffer != NULL || !modsecIsResponseBodyAccessEnabled(rsc->m_pRequestRec))
 	{
 		goto Exit;
 	}
@@ -408,8 +410,8 @@ CMyHttpModule::OnSendResponse(
    HTTP_DATA_CHUNK *pSourceDataChunk = NULL;
    LARGE_INTEGER  lFileSize;
    REQUEST_NOTIFICATION_STATUS ret = RQ_NOTIFICATION_CONTINUE;
-	ULONG ulTotalLength = 0;
-	DWORD c, bytesRead;
+	ULONGLONG ulTotalLength = 0;
+	DWORD c;
 	request_rec *r = rsc->m_pRequestRec;

 	pHttpResponse = pHttpContext->GetResponse();
@@ -430,7 +432,6 @@ CMyHttpModule::OnSendResponse(

 	// assume HTML if content type not set
 	// without this output filter would not buffer response and processing would hang
-	// this needs further investigation (it did not repro on debug build)
 	//
 	if(ctz[0] == 0)
 		ctz = "text/html";
@@ -495,6 +496,9 @@ CMyHttpModule::OnSendResponse(
 		*(const char **)apr_array_push(r->content_languages) = lng;
 	}

+	// here we must check if response body processing is enabled
+	//
+
 	// Disable kernel caching for this response
 	// Probably we don't have to do it for ModSecurity

@@ -575,6 +579,7 @@ CMyHttpModule::OnSendResponse(
 			        DWORD dwErr = GetLastError();

 					hr = HRESULT_FROM_WIN32(dwErr);
+	                goto Finished;
 				}

                ulTotalLength += pFileByteRange->Length.QuadPart;
@@ -639,6 +644,8 @@ Finished:
 		pHttpContext->SetRequestHandled();

 		rsc->FinishRequest();
+
+		LeaveCriticalSection(&m_csLock);
 		
 		return RQ_NOTIFICATION_FINISH_REQUEST;
 	}
@@ -648,6 +655,8 @@ Exit:
 	if(rsc != NULL)
 		rsc->FinishRequest();

+	LeaveCriticalSection(&m_csLock);
+		
 	return RQ_NOTIFICATION_CONTINUE;
 }

@@ -665,7 +674,11 @@ CMyHttpModule::OnPostEndRequest(
 	//
 	if(rsc != NULL && rsc->m_pResponseBuffer != NULL)
 	{
+		EnterCriticalSection(&m_csLock);
+
 		rsc->FinishRequest();
+
+		LeaveCriticalSection(&m_csLock);
 	}

 	return RQ_NOTIFICATION_CONTINUE;
@@ -683,6 +696,8 @@ CMyHttpModule::OnBeginRequest(
    
    UNREFERENCED_PARAMETER ( pProvider );

+	EnterCriticalSection(&m_csLock);
+
    if ( pHttpContext == NULL ) 
    {
        hr = E_UNEXPECTED;
@@ -996,14 +1011,14 @@ CMyHttpModule::OnBeginRequest(

 	PSOCKADDR pAddr = pRequest->GetRemoteAddress();

-#if AP_SERVER_MAJORVERSION_NUMBER > 1 && AP_SERVER_MINORVERSION_NUMBER < 3
-    c->remote_addr = CopySockAddr(r->pool, pAddr);
-    c->remote_ip = GetIpAddr(r->pool, pAddr);
-#else
-    c->client_addr = CopySockAddr(r->pool, pAddr);
-	c->client_ip = GetIpAddr(r->pool, pAddr);
-#endif
-	c->remote_host = NULL;
+#if AP_SERVER_MAJORVERSION_NUMBER > 1 && AP_SERVER_MINORVERSION_NUMBER < 3
+    c->remote_addr = CopySockAddr(r->pool, pAddr);
+    c->remote_ip = GetIpAddr(r->pool, pAddr);
+#else
+    c->client_addr = CopySockAddr(r->pool, pAddr);
+	c->client_ip = GetIpAddr(r->pool, pAddr);
+#endif
+	c->remote_host = NULL;

 	int status = modsecProcessRequest(r);

@@ -1012,10 +1027,12 @@ CMyHttpModule::OnBeginRequest(
 		pHttpContext->GetResponse()->SetStatus(status, "ModSecurity Action");
 		pHttpContext->SetRequestHandled();

-        return RQ_NOTIFICATION_FINISH_REQUEST;
+		hr = E_FAIL;
+		goto Finished;
 	}

 Finished:
+	LeaveCriticalSection(&m_csLock);

    if ( FAILED( hr )  )
    {
@@ -1201,6 +1218,8 @@ CMyHttpModule::CMyHttpModule()
    GetSystemInfo(&sysInfo);
    m_dwPageSize = sysInfo.dwPageSize;

+	InitializeCriticalSection(&m_csLock);
+
 	modsecSetLogHook(this, Log);

 	modsecSetReadBody(ReadBodyCallback);
@@ -1238,6 +1257,8 @@ CMyHttpModule::~CMyHttpModule()
        // Close the handle to the Event Viewer.
        DeregisterEventSource( m_hEventLog );
        m_hEventLog = NULL;
+
+		DeleteCriticalSection(&m_csLock);
    }
 }