github_mirrors/ModSecurity
3
0
Fork 1
mirror of https://github.com/owasp-modsecurity/ModSecurity.git synced 2025-09-29 11:16:33 +03:00
Code Issues Packages Projects Releases Wiki Activity

nginx: Adds proper support to SecServerSignature

Browse Source 
SecServerSignature was leading nginx to crash. It was trying to write over a
memory area that it was not allowed to. In order to fix that a new function was
created on the standalone api. This function is called
modsecIsServerSignatureAvailale. Whenever it returns data it means that the
function SecServerSignature was used by the user. Nginx module was also patched
to support this new function.
This commit is contained in:
Felipe Zimmerle
2014-01-08 13:54:51 -08:00
parent 2a43589395
commit 7ac515ee29
4 changed files with 24 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
apache2/mod_security2.c
View File

@@ -537,6 +537,11 @@ static modsec_rec *create_tx_context(request_rec *r) {
static apr_status_t change_server_signature(server_rec *s) {
char *server_version = NULL;
/* This is a very particular way to handle the server banner. It is Apache
* only. Stanalone and descendants should address that in its specifics
* implementations, e.g. Nginx module.
*/
#if !(defined(VERSION_IIS)) && !(defined(VERSION_NGINX)) && !(defined(VERSION_STANDALONE))
if (new_server_signature == NULL) return 0;
server_version = (char *)apache_get_server_version();
@@ -568,7 +573,7 @@ static apr_status_t change_server_signature(server_rec *s) {
else {
ap_log_error(APLOG_MARK, APLOG_DEBUG | APLOG_NOERRNO, 0, s, "SecServerSignature: Changed server signature to \"%s\".", server_version);
}
#endif
return 1;
}