github_mirrors/ModSecurity
3
0
Fork 1
mirror of https://github.com/owasp-modsecurity/ModSecurity.git synced 2026-01-13 06:57:10 +03:00
Code Issues Packages Projects Releases Wiki Activity

Re-enable error output filter with a fix after more testing/tracing of code. See #498.

Browse Source 
Update versions to ready for release of 2.5.5.
This commit is contained in:
brectanus
2008-06-03 20:28:05 +00:00
parent 22f1c61f1d
commit 896ae59e1f
5 changed files with 22 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
CHANGES
View File

@@ -1,5 +1,5 @@
02 Jun 2008 - 2.5.5-dev1 03 Jun 2008 - 2.5.5
------------------------ -------------------
* Fixed an issue where an alert was not logged in the error log * Fixed an issue where an alert was not logged in the error log
unless "auditlog" was used. unless "auditlog" was used.

7
apache2/apache2_io.c
View File

@@ -39,6 +39,7 @@ apr_status_t input_filter(ap_filter_t *f, apr_bucket_brigade *bb_out,
return APR_EGENERAL; return APR_EGENERAL;
} }
/* Make sure we are using the current request */
msr->r = f->r; msr->r = f->r;
if (msr->phase < PHASE_REQUEST_BODY) { if (msr->phase < PHASE_REQUEST_BODY) {
@@ -678,17 +679,20 @@ apr_status_t output_filter(ap_filter_t *f, apr_bucket_brigade *bb_in) {
/* Do we need to process a partial response? */ /* Do we need to process a partial response? */
if (start_skipping) { if (start_skipping) {
if (flatten_response_body(msr) < 0) { if (flatten_response_body(msr) < 0) {
ap_remove_output_filter(f);
return send_error_bucket(msr, f, HTTP_INTERNAL_SERVER_ERROR); return send_error_bucket(msr, f, HTTP_INTERNAL_SERVER_ERROR);
} }
/* Process phase RESPONSE_BODY */ /* Process phase RESPONSE_BODY */
rc = modsecurity_process_phase(msr, PHASE_RESPONSE_BODY); rc = modsecurity_process_phase(msr, PHASE_RESPONSE_BODY);
if (rc < 0) { if (rc < 0) {
ap_remove_output_filter(f);
return send_error_bucket(msr, f, HTTP_INTERNAL_SERVER_ERROR); return send_error_bucket(msr, f, HTTP_INTERNAL_SERVER_ERROR);
} }
if (rc > 0) { if (rc > 0) {
int status = perform_interception(msr); int status = perform_interception(msr);
if (status != DECLINED) { /* DECLINED means we allow-ed the request. */ if (status != DECLINED) { /* DECLINED means we allow-ed the request. */
ap_remove_output_filter(f);
return send_error_bucket(msr, f, status); return send_error_bucket(msr, f, status);
} }
} }
@@ -735,16 +739,19 @@ apr_status_t output_filter(ap_filter_t *f, apr_bucket_brigade *bb_in) {
*/ */
if (msr->phase < PHASE_RESPONSE_BODY) { if (msr->phase < PHASE_RESPONSE_BODY) {
if (flatten_response_body(msr) < 0) { if (flatten_response_body(msr) < 0) {
ap_remove_output_filter(f);
return send_error_bucket(msr, f, HTTP_INTERNAL_SERVER_ERROR); return send_error_bucket(msr, f, HTTP_INTERNAL_SERVER_ERROR);
} }
rc = modsecurity_process_phase(msr, PHASE_RESPONSE_BODY); rc = modsecurity_process_phase(msr, PHASE_RESPONSE_BODY);
if (rc < 0) { if (rc < 0) {
ap_remove_output_filter(f);
return send_error_bucket(msr, f, HTTP_INTERNAL_SERVER_ERROR); return send_error_bucket(msr, f, HTTP_INTERNAL_SERVER_ERROR);
} }
if (rc > 0) { if (rc > 0) {
int status = perform_interception(msr); int status = perform_interception(msr);
if (status != DECLINED) { /* DECLINED means we allow-ed the request. */ if (status != DECLINED) { /* DECLINED means we allow-ed the request. */
ap_remove_output_filter(f);
return send_error_bucket(msr, f, status); return send_error_bucket(msr, f, status);
} }
} }

14
apache2/mod_security2.c
View File

@@ -962,7 +962,6 @@ static void hook_insert_filter(request_rec *r) {
} }
/* NOTE: This is causing and endless loop when blocking in phase:3 */ /* NOTE: This is causing and endless loop when blocking in phase:3 */
#if 0
/** /**
* Invoked whenever Apache starts processing an error. A chance * Invoked whenever Apache starts processing an error. A chance
* to insert ourselves into the output filter chain. * to insert ourselves into the output filter chain.
@@ -976,6 +975,16 @@ static void hook_insert_error_filter(request_rec *r) {
msr = retrieve_tx_context(r); msr = retrieve_tx_context(r);
if (msr == NULL) return; if (msr == NULL) return;
/* Do not run if we are already running, which may happen
* if we intercept in phase 3.
*/
if (msr->of_is_error == 1) {
if (msr->txcfg->debuglog_level >= 4) {
msr_log(msr, 4, "Hook insert_error_filter: Already processing.");
}
return;
}
/* Do not run if not enabled. */ /* Do not run if not enabled. */
if (msr->txcfg->is_enabled == 0) { if (msr->txcfg->is_enabled == 0) {
if (msr->txcfg->debuglog_level >= 4) { if (msr->txcfg->debuglog_level >= 4) {
@@ -1004,7 +1013,6 @@ static void hook_insert_error_filter(request_rec *r) {
} }
} }
} }
#endif
#if (!defined(NO_MODSEC_API)) #if (!defined(NO_MODSEC_API))
/** /**
@@ -1105,9 +1113,7 @@ static void register_hooks(apr_pool_t *mp) {
/* Filter hooks */ /* Filter hooks */
ap_hook_insert_filter(hook_insert_filter, NULL, NULL, APR_HOOK_FIRST); ap_hook_insert_filter(hook_insert_filter, NULL, NULL, APR_HOOK_FIRST);
#if 0
ap_hook_insert_error_filter(hook_insert_error_filter, NULL, NULL, APR_HOOK_FIRST); ap_hook_insert_error_filter(hook_insert_error_filter, NULL, NULL, APR_HOOK_FIRST);
#endif
ap_register_input_filter("MODSECURITY_IN", input_filter, ap_register_input_filter("MODSECURITY_IN", input_filter,
NULL, AP_FTYPE_CONTENT_SET); NULL, AP_FTYPE_CONTENT_SET);

2
apache2/modsecurity.h
View File

@@ -62,7 +62,7 @@ extern DSOLOCAL modsec_build_type_rec modsec_build_type[];
#define MODSEC_VERSION_MAJOR "2" #define MODSEC_VERSION_MAJOR "2"
#define MODSEC_VERSION_MINOR "5" #define MODSEC_VERSION_MINOR "5"
#define MODSEC_VERSION_MAINT "4" #define MODSEC_VERSION_MAINT "5"
#define MODSEC_VERSION_TYPE "" #define MODSEC_VERSION_TYPE ""
#define MODSEC_VERSION_RELEASE "" #define MODSEC_VERSION_RELEASE ""

2
doc/modsecurity2-apache-reference.xml
View File

@@ -4,7 +4,7 @@
Manual</title> Manual</title>
<articleinfo> <articleinfo>
<releaseinfo>Version 2.5.5-dev1 (June 2, 2008)</releaseinfo> <releaseinfo>Version 2.5.5 (June 3, 2008)</releaseinfo>
<copyright> <copyright>
<year>2004-2008</year> <year>2004-2008</year>