From 7d786b335024f2c896eb30830427c54f28dcc44c Mon Sep 17 00:00:00 2001
From: Felipe Zimmerle <fcosta@trustwave.com>
Date: Thu, 7 Sep 2017 22:23:34 -0300
Subject: [PATCH] Makes pm mutex optional via configuration flag

---
 configure.ac        | 26 ++++++++++++++++++++++++++
 src/Makefile.am     |  1 +
 src/operators/pm.cc |  9 ++++++++-
 src/operators/pm.h  |  2 ++
 4 files changed, 37 insertions(+), 1 deletion(-)

diff --git a/configure.ac b/configure.ac
index d578b3ed..17699ebd 100644
--- a/configure.ac
+++ b/configure.ac
@@ -248,6 +248,23 @@ AC_ARG_ENABLE(parser-generation,
     [buildParser=false]
     )
 
+# Mutex
+AC_ARG_ENABLE(mutex-on-pm,
+    [AC_HELP_STRING([--enable-mutex-on-pm],[Treats pm operations as a critical section])],
+
+    [case "${enableval}" in
+        yes) mutexPm=true ;;
+        no)  mutexPm=false ;;
+        *) AC_MSG_ERROR(bad value ${enableval} for --enable-mutex-on-pm) ;;
+    esac],
+
+    [mutexPm=false]
+    )
+if test "$mutexPm" == "true"; then
+    MODSEC_MUTEX_ON_PM="-DMUTEX_ON_PM=1"
+    AC_SUBST(MODSEC_MUTEX_ON_PM)
+fi
+
 
 if test $buildParser = true; then
     AC_PROG_YACC
@@ -287,6 +304,7 @@ fi
 
 AM_CONDITIONAL([EXAMPLES], [test $buildExamples = true])
 AM_CONDITIONAL([BUILD_PARSER], [test $buildParser = true])
+AM_CONDITIONAL([USE_MUTEX_ON_PM], [test $mutexPm = true])
 
 
 # General link options
@@ -494,12 +512,20 @@ if test "$buildExamples" = "true"; then
 else
     echo "   + library examples                              ....disabled"
 fi
+
 if test "$buildParser" = "true"; then
     echo "   + Building parser                               ....enabled"
 else
     echo "   + Building parser                               ....disabled"
 fi
 
+if test "$mutexPm" = "true"; then
+    echo "   + Treating pm operations as critical section    ....enabled"
+else
+    echo "   + Treating pm operations as critical section    ....disabled"
+fi
+
+
 echo " "
 
 
diff --git a/src/Makefile.am b/src/Makefile.am
index 6cd66c29..77e81d24 100644
--- a/src/Makefile.am
+++ b/src/Makefile.am
@@ -293,6 +293,7 @@ libmodsecurity_la_CPPFLAGS = \
 	$(GEOIP_CFLAGS) \
 	$(GLOBAL_CPPFLAGS) \
 	$(MODSEC_NO_LOGS) \
+	$(MODSEC_MUTEX_ON_PM) \
 	$(YAJL_CFLAGS) \
 	$(LMDB_CFLAGS) \
 	$(PCRE_CFLAGS) \
diff --git a/src/operators/pm.cc b/src/operators/pm.cc
index 44d9a765..6167e199 100644
--- a/src/operators/pm.cc
+++ b/src/operators/pm.cc
@@ -40,7 +40,9 @@ Pm::~Pm() {
 
     free(m_p);
     m_p = NULL;
+#ifdef MODSEC_MUTEX_ON_PM
     pthread_mutex_destroy(&m_lock);
+#endif
 }
 
 
@@ -87,9 +89,13 @@ bool Pm::evaluate(Transaction *transaction, Rule *rule,
     pt.parser = m_p;
     pt.ptr = NULL;
     const char *match = NULL;
+#ifdef MODSEC_MUTEX_ON_PM
     pthread_mutex_lock(&m_lock);
+#endif
     rc = acmp_process_quick(&pt, &match, input.c_str(), input.length());
+#ifdef MODSEC_MUTEX_ON_PM
     pthread_mutex_unlock(&m_lock);
+#endif
     bool capture = rule && rule->getActionsByName("capture").size() > 0;
 
     if (rc > 0 && transaction) {
@@ -116,8 +122,9 @@ bool Pm::init(const std::string &file, std::string *error) {
     std::istringstream *iss;
     const char *err = NULL;
 
+#ifdef MODSEC_MUTEX_ON_PM
     pthread_mutex_init(&m_lock, NULL);
-
+#endif
     char *content = parse_pm_content(m_param.c_str(), m_param.length(), &err);
     if (content == NULL) {
         iss = new std::istringstream(m_param);
diff --git a/src/operators/pm.h b/src/operators/pm.h
index 5d3f189d..64ea09c6 100644
--- a/src/operators/pm.h
+++ b/src/operators/pm.h
@@ -56,8 +56,10 @@ class Pm : public Operator {
  protected:
     ACMP *m_p;
 
+#ifdef MODSEC_MUTEX_ON_PM
  private:
     pthread_mutex_t m_lock;
+#endif
 };