github_mirrors/ModSecurity
3
0
Fork 1
mirror of https://github.com/owasp-modsecurity/ModSecurity.git synced 2025-08-14 05:45:59 +03:00
Code Issues Packages Projects Releases Wiki Activity

Fix remote resources download while hosting SSL site on Apache

Browse Source 
As reported by Christian Folin and Walter Hop on our dev mailing list, Apache
mod_ssl was failing if a remote resource was utilized. That was happening
because Curl clean up was also cleaning up the OpenSSL data used by mod_ssl.
This patch moves Curl initialization to happens while ModSecurity is
initialized.
This commit is contained in:
Felipe Zimmerle 2014-11-27 08:36:32 -08:00
parent 23823bb2c3
commit 87a401af05
3 changed files with 19 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
CHANGES
View File

@ -1,6 +1,11 @@
DD mmm YYYY - 2.9.????? (To be released) DD mmm YYYY - 2.9.????? (To be released)
----------------------- -----------------------
* Remote resources loading process is now failing in case of HTTP error.
[Walter Hop and ModSecurity team]
* Fixed start up crash on Apache with mod_ssl configured. Crash was happening
during the download of remote resources.
[Christian Folini, Walter Hop and ModSecurity team]
* Curl is not a mandatory dependency to ModSecurity core anymore. * Curl is not a mandatory dependency to ModSecurity core anymore.
[Rainer Jung and ModSecurity team] [Rainer Jung and ModSecurity team]

14
apache2/modsecurity.c
View File

@ -23,6 +23,10 @@
#include "msc_xml.h" #include "msc_xml.h"
#include "apr_version.h" #include "apr_version.h"
#ifdef WITH_CURL
#include <curl/curl.h>
#endif
unsigned long int DSOLOCAL unicode_codepage = 0; unsigned long int DSOLOCAL unicode_codepage = 0;
int DSOLOCAL *unicode_map_table = NULL; int DSOLOCAL *unicode_map_table = NULL;
@ -118,6 +122,16 @@ msc_engine *modsecurity_create(apr_pool_t *mp, int processing_mode) {
int modsecurity_init(msc_engine *msce, apr_pool_t *mp) { int modsecurity_init(msc_engine *msce, apr_pool_t *mp) {
apr_status_t rc; apr_status_t rc;
/**
* Notice that curl is initialized here but never cleaned up. First version
* of this implementation curl was initialized and cleaned for every
* utilization. Turns out that it was not only cleaning stuff that was
* utilized by Curl but also other OpenSSL stuff that was utilized by
* mod_ssl leading the SSL support to crash.
*/
#ifdef WITH_CURL
curl_global_init(CURL_GLOBAL_ALL);
#endif
/* Serial audit log mutext */ /* Serial audit log mutext */
rc = apr_global_mutex_create(&msce->auditlog_lock, NULL, APR_LOCK_DEFAULT, mp); rc = apr_global_mutex_create(&msce->auditlog_lock, NULL, APR_LOCK_DEFAULT, mp);
if (rc != APR_SUCCESS) { if (rc != APR_SUCCESS) {

2
apache2/msc_remote_rules.c
View File

@ -258,7 +258,6 @@ int msc_remote_download_content(apr_pool_t *mp, const char *uri, const char *key
apr_id = apr_psprintf(mp, "ModSec-unique-id: %s", id); apr_id = apr_psprintf(mp, "ModSec-unique-id: %s", id);
curl_global_init(CURL_GLOBAL_ALL);
curl = curl_easy_init(); curl = curl_easy_init();
beacon_str_len = msc_beacon_string(NULL, 0); beacon_str_len = msc_beacon_string(NULL, 0);
@ -348,7 +347,6 @@ int msc_remote_download_content(apr_pool_t *mp, const char *uri, const char *key
curl_easy_cleanup(curl); curl_easy_cleanup(curl);
curl_global_cleanup();
return 0; return 0;
#else #else
return -3; return -3;