nginx: Adds proper support to SecServerSignature

SecServerSignature was leading nginx to crash. It was trying to write over a memory area that it was not allowed to. In order to fix that a new function was created on the standalone api. This function is called modsecIsServerSignatureAvailale. Whenever it returns data it means that the function SecServerSignature was used by the user. Nginx module was also patched to support this new function.
2025-09-29 19:24:29 +03:00 · 2014-01-08 13:54:51 -08:00
parent 2a43589395
commit 7ac515ee29
4 changed files with 24 additions and 1 deletions
--- a/standalone/api.c
+++ b/standalone/api.c
@@ -673,3 +673,11 @@ void modsecSetWriteResponse(apr_status_t (*func)(request_rec *r, char *buf, unsi
 void modsecSetDropAction(int (*func)(request_rec *r)) {
    modsecDropAction = func;
 }
+
+/*
+ * Case SecServerSignature was used, this function returns the banner that
+ * should be used, otherwise it returns NULL.
+ */
+const char *modsecIsServerSignatureAvailale(void) {
+    return new_server_signature;
+}
--- a/standalone/api.h
+++ b/standalone/api.h
@@ -114,6 +114,8 @@ int modsecIsRequestBodyAccessEnabled(request_rec *r);

 void modsecSetConfigForIISRequestBody(request_rec *r);

+const char *modsecIsServerSignatureAvailale(void);
+
 #ifdef __cplusplus
 }
 #endif