From 896ae59e1f11a9c754b0dfa0c4b6e109976b2d15 Mon Sep 17 00:00:00 2001
From: brectanus <brectanus@9017d574-64ec-4062-9424-5e00b32a252b>
Date: Tue, 3 Jun 2008 20:28:05 +0000
Subject: [PATCH] Re-enable error output filter with a fix after more
 testing/tracing of code.  See #498. Update versions to ready for release of
 2.5.5.

---
 CHANGES                               |  4 ++--
 apache2/apache2_io.c                  |  7 +++++++
 apache2/mod_security2.c               | 14 ++++++++++----
 apache2/modsecurity.h                 |  2 +-
 doc/modsecurity2-apache-reference.xml |  4 ++--
 5 files changed, 22 insertions(+), 9 deletions(-)

diff --git a/CHANGES b/CHANGES
index 40074368..92b7d460 100644
--- a/CHANGES
+++ b/CHANGES
@@ -1,5 +1,5 @@
-02 Jun 2008 - 2.5.5-dev1
-------------------------
+03 Jun 2008 - 2.5.5
+-------------------
 
 * Fixed an issue where an alert was not logged in the error log
   unless "auditlog" was used.
diff --git a/apache2/apache2_io.c b/apache2/apache2_io.c
index cbfe3989..f4df75ed 100644
--- a/apache2/apache2_io.c
+++ b/apache2/apache2_io.c
@@ -39,6 +39,7 @@ apr_status_t input_filter(ap_filter_t *f, apr_bucket_brigade *bb_out,
         return APR_EGENERAL;
     }
 
+    /* Make sure we are using the current request */
     msr->r = f->r;
 
     if (msr->phase < PHASE_REQUEST_BODY) {
@@ -678,17 +679,20 @@ apr_status_t output_filter(ap_filter_t *f, apr_bucket_brigade *bb_in) {
         /* Do we need to process a partial response? */
         if (start_skipping) {
             if (flatten_response_body(msr) < 0) {
+                ap_remove_output_filter(f);
                 return send_error_bucket(msr, f, HTTP_INTERNAL_SERVER_ERROR);
             }
 
             /* Process phase RESPONSE_BODY */
             rc = modsecurity_process_phase(msr, PHASE_RESPONSE_BODY);
             if (rc < 0) {
+                ap_remove_output_filter(f);
                 return send_error_bucket(msr, f, HTTP_INTERNAL_SERVER_ERROR);
             }
             if (rc > 0) {
                 int status = perform_interception(msr);
                 if (status != DECLINED) { /* DECLINED means we allow-ed the request. */
+                    ap_remove_output_filter(f);
                     return send_error_bucket(msr, f, status);
                 }
             }
@@ -735,16 +739,19 @@ apr_status_t output_filter(ap_filter_t *f, apr_bucket_brigade *bb_in) {
      */
     if (msr->phase < PHASE_RESPONSE_BODY) {
         if (flatten_response_body(msr) < 0) {
+            ap_remove_output_filter(f);
             return send_error_bucket(msr, f, HTTP_INTERNAL_SERVER_ERROR);
         }
 
         rc = modsecurity_process_phase(msr, PHASE_RESPONSE_BODY);
         if (rc < 0) {
+            ap_remove_output_filter(f);
             return send_error_bucket(msr, f, HTTP_INTERNAL_SERVER_ERROR);
         }
         if (rc > 0) {
             int status = perform_interception(msr);
             if (status != DECLINED) { /* DECLINED means we allow-ed the request. */
+                ap_remove_output_filter(f);
                 return send_error_bucket(msr, f, status);
             }
         }
diff --git a/apache2/mod_security2.c b/apache2/mod_security2.c
index 5a6d7ac2..e513354c 100644
--- a/apache2/mod_security2.c
+++ b/apache2/mod_security2.c
@@ -962,7 +962,6 @@ static void hook_insert_filter(request_rec *r) {
 }
 
 /* NOTE: This is causing and endless loop when blocking in phase:3 */
-#if 0
 /**
  * Invoked whenever Apache starts processing an error. A chance
  * to insert ourselves into the output filter chain.
@@ -976,6 +975,16 @@ static void hook_insert_error_filter(request_rec *r) {
     msr = retrieve_tx_context(r);
     if (msr == NULL) return;
 
+    /* Do not run if we are already running, which may happen
+     * if we intercept in phase 3.
+     */
+    if (msr->of_is_error == 1) {
+        if (msr->txcfg->debuglog_level >= 4) {
+            msr_log(msr, 4, "Hook insert_error_filter: Already processing.");
+        }
+        return;
+    }
+
     /* Do not run if not enabled. */
     if (msr->txcfg->is_enabled == 0) {
         if (msr->txcfg->debuglog_level >= 4) {
@@ -1004,7 +1013,6 @@ static void hook_insert_error_filter(request_rec *r) {
         }
     }
 }
-#endif
 
 #if (!defined(NO_MODSEC_API))
 /**
@@ -1105,9 +1113,7 @@ static void register_hooks(apr_pool_t *mp) {
 
     /* Filter hooks */
     ap_hook_insert_filter(hook_insert_filter, NULL, NULL, APR_HOOK_FIRST);
-#if 0
     ap_hook_insert_error_filter(hook_insert_error_filter, NULL, NULL, APR_HOOK_FIRST);
-#endif
 
     ap_register_input_filter("MODSECURITY_IN", input_filter,
         NULL, AP_FTYPE_CONTENT_SET);
diff --git a/apache2/modsecurity.h b/apache2/modsecurity.h
index eabcc79a..7c946db6 100644
--- a/apache2/modsecurity.h
+++ b/apache2/modsecurity.h
@@ -62,7 +62,7 @@ extern DSOLOCAL modsec_build_type_rec modsec_build_type[];
 
 #define MODSEC_VERSION_MAJOR       "2"
 #define MODSEC_VERSION_MINOR       "5"
-#define MODSEC_VERSION_MAINT       "4"
+#define MODSEC_VERSION_MAINT       "5"
 #define MODSEC_VERSION_TYPE        ""
 #define MODSEC_VERSION_RELEASE     ""
 
diff --git a/doc/modsecurity2-apache-reference.xml b/doc/modsecurity2-apache-reference.xml
index 3ec74ee7..9b7e6273 100644
--- a/doc/modsecurity2-apache-reference.xml
+++ b/doc/modsecurity2-apache-reference.xml
@@ -4,7 +4,7 @@
   Manual</title>
 
   <articleinfo>
-    <releaseinfo>Version 2.5.5-dev1 (June 2, 2008)</releaseinfo>
+    <releaseinfo>Version 2.5.5 (June 3, 2008)</releaseinfo>
 
     <copyright>
       <year>2004-2008</year>
@@ -6110,4 +6110,4 @@ Server: Apache/2.x.x
       </section>
     </section>
   </section>
-</article>
\ No newline at end of file
+</article>