github_mirrors/ModSecurity
3
0
Fork 1
mirror of https://github.com/owasp-modsecurity/ModSecurity.git synced 2026-01-01 22:25:45 +03:00
Code Issues Packages Projects Releases Wiki Activity

merge upstream & update configs

Browse Source
This commit is contained in:
Mihai Pitu
2013-08-23 13:54:30 +03:00
parent 107ff9af8f
commit 9651da3d4c
192 changed files with 14497 additions and 439 deletions
Download Patch File Download Diff File Expand all files Collapse all files

72
apache2/msc_crypt.c
View File

@@ -1,6 +1,6 @@
/*
* ModSecurity for Apache 2.x, http://www.modsecurity.org/
* Copyright (c) 2004-2011 Trustwave Holdings, Inc. (http://www.trustwave.com/)
* Copyright (c) 2004-2013 Trustwave Holdings, Inc. (http://www.trustwave.com/)
*
* You may not use this file except in compliance with
* the License.  You may obtain a copy of the License at
@@ -68,10 +68,26 @@ char *normalize_path(modsec_rec *msr, char *input) {
char *Uri = NULL;
int bytes = 0;
int i;
char *relative_link = NULL;
char *filename = NULL;
char *relative_path = NULL;
char *relative_uri = NULL;
xmlNormalizeURIPath(uri->path);
Uri = apr_pstrdup(msr->mp, uri->path);
filename = file_basename(msr->mp, msr->r->parsed_uri.path);
if(filename == NULL || (strlen(msr->r->parsed_uri.path) - strlen(filename) < 0))
return NULL;
relative_path = apr_pstrndup(msr->mp, msr->r->parsed_uri.path, strlen(msr->r->parsed_uri.path) - strlen(filename));
relative_uri = apr_pstrcat(msr->mp, relative_path, uri->path, NULL);
relative_link = apr_pstrdup(msr->mp, relative_uri);
xmlNormalizeURIPath(relative_link);
Uri = apr_pstrdup(msr->mp, relative_link);
/*
for(i = 0; i < (int)strlen(Uri); i++) {
if(Uri[i] != '.' && Uri[i] != '/') {
if (i - 1 < 0)
@@ -88,12 +104,15 @@ char *normalize_path(modsec_rec *msr, char *input) {
if(bytes >= (int)strlen(uri->path))
return NULL;
*/
content = apr_psprintf(msr->mp, "%s", Uri);
content = apr_psprintf(msr->mp, "%s", uri->path+bytes);
if(parsed_content)
parsed_content = apr_pstrcat(msr->mp, parsed_content, content, NULL);
else
parsed_content = apr_pstrcat(msr->mp, content, NULL);
}
if(uri->query_raw) {
@@ -629,6 +648,7 @@ int do_hash_method(modsec_rec *msr, char *link, int type) {
int hash_response_body_links(modsec_rec *msr) {
int lsize = 0, fsize = 0, lcount = 0, fcount = 0, i;
int isize = 0, icount = 0, frsize = 0, frcount = 0;
int bytes = 0;
xmlXPathContextPtr xpathCtx = NULL;
xmlXPathObjectPtr xpathObj = NULL;
xmlChar *content_option = NULL;
@@ -687,6 +707,7 @@ int hash_response_body_links(modsec_rec *msr) {
if(mac_link != NULL) {
xmlSetProp(cur, (const xmlChar *) "href", (const xmlChar *) mac_link);
lcount++;
bytes += strlen(mac_link);
msr->of_stream_changed = 1;
}
mac_link = NULL;
@@ -703,6 +724,7 @@ int hash_response_body_links(modsec_rec *msr) {
if(mac_link != NULL) {
xmlSetProp(cur, (const xmlChar *) "href", (const xmlChar *) mac_link);
lcount++;
bytes += strlen(mac_link);
msr->of_stream_changed = 1;
}
mac_link = NULL;
@@ -758,6 +780,7 @@ int hash_response_body_links(modsec_rec *msr) {
if(mac_link != NULL) {
xmlSetProp(cur, (const xmlChar *) "action", (const xmlChar *) mac_link);
fcount++;
bytes += strlen(mac_link);
msr->of_stream_changed = 1;
}
mac_link = NULL;
@@ -774,6 +797,7 @@ int hash_response_body_links(modsec_rec *msr) {
if(mac_link != NULL) {
xmlSetProp(cur, (const xmlChar *) "action", (const xmlChar *) mac_link);
fcount++;
bytes += strlen(mac_link);
msr->of_stream_changed = 1;
}
mac_link = NULL;
@@ -828,6 +852,7 @@ int hash_response_body_links(modsec_rec *msr) {
if(mac_link != NULL) {
xmlSetProp(cur, (const xmlChar *) "src", (const xmlChar *) mac_link);
icount++;
bytes += strlen(mac_link);
msr->of_stream_changed = 1;
}
mac_link = NULL;
@@ -844,6 +869,7 @@ int hash_response_body_links(modsec_rec *msr) {
if(mac_link != NULL) {
xmlSetProp(cur, (const xmlChar *) "src", (const xmlChar *) mac_link);
icount++;
bytes += strlen(mac_link);
msr->of_stream_changed = 1;
}
mac_link = NULL;
@@ -893,6 +919,7 @@ int hash_response_body_links(modsec_rec *msr) {
if(mac_link != NULL) {
xmlSetProp(cur, (const xmlChar *) "src", (const xmlChar *) mac_link);
frcount++;
bytes += strlen(mac_link);
msr->of_stream_changed = 1;
}
mac_link = NULL;
@@ -909,6 +936,7 @@ int hash_response_body_links(modsec_rec *msr) {
if(mac_link != NULL) {
xmlSetProp(cur, (const xmlChar *) "src", (const xmlChar *) mac_link);
frcount++;
bytes += strlen(mac_link);
msr->of_stream_changed = 1;
}
mac_link = NULL;
@@ -953,7 +981,7 @@ int hash_response_body_links(modsec_rec *msr) {
if((elts >= INT32_MAX) || (elts < 0))
return 0;
return elts;
return bytes;
obj_error:
if(xpathCtx != NULL)
@@ -1044,6 +1072,7 @@ int inject_hashed_response_body(modsec_rec *msr, int elts) {
}
htmlDocContentDumpFormatOutput(output_buf, msr->crypto_html_tree, NULL, 0);
xmlOutputBufferFlush(output_buf);
#ifdef LIBXML2_NEW_BUFFER
@@ -1133,10 +1162,11 @@ int inject_hashed_response_body(modsec_rec *msr, int elts) {
}
memset(msr->stream_output_data, 0x0, msr->stream_output_length+1);
memcpy(msr->stream_output_data, output_buf->buffer->content, msr->stream_output_length);
memcpy(msr->stream_output_data, (char *)xmlBufferContent(output_buf->buffer), msr->stream_output_length);
//memcpy(msr->stream_output_data, output_buf->buffer->content, msr->stream_output_length);
if (msr->txcfg->debuglog_level >= 4)
msr_log(msr, 4, "inject_hashed_response_body: Copying XML tree from CONTENT to stream buffer [%d] bytes.", output_buf->buffer->use);
msr_log(msr, 4, "inject_hashed_response_body: Copying XML tree from CONTENT to stream buffer [%d] bytes.", msr->stream_output_length);
} else {
@@ -1162,10 +1192,11 @@ int inject_hashed_response_body(modsec_rec *msr, int elts) {
}
memset(msr->stream_output_data, 0x0, msr->stream_output_length+1);
memcpy(msr->stream_output_data, output_buf->conv->content, msr->stream_output_length);
memcpy(msr->stream_output_data, (char *)xmlBufferContent(output_buf->conv), msr->stream_output_length);
//memcpy(msr->stream_output_data, output_buf->conv->content, msr->stream_output_length);
if (msr->txcfg->debuglog_level >= 4)
msr_log(msr, 4, "inject_hashed_response_body: Copying XML tree from CONV to stream buffer [%d] bytes.", output_buf->conv->use);
msr_log(msr, 4, "inject_hashed_response_body: Copying XML tree from CONV to stream buffer [%d] bytes.", msr->stream_output_length);
}
@@ -1209,14 +1240,15 @@ char *do_hash_link(modsec_rec *msr, char *link, int type) {
if(strlen(link) > 7 && strncmp("http:",(char*)link,5)==0){
path_chunk = strchr(link+7,'/');
if(path_chunk != NULL) {
if (msr->txcfg->debuglog_level >= 4)
if (msr->txcfg->debuglog_level >= 4) {
msr_log(msr, 4, "Signing data [%s]", path_chunk+1);
}
if(msr->txcfg->crypto_key_add == HASH_KEYONLY)
hash_value = hmac(msr, msr->txcfg->crypto_key, msr->txcfg->crypto_key_len, (unsigned char *) path_chunk+1, strlen((char*)path_chunk)-1);
if(msr->txcfg->crypto_key_add == HASH_SESSIONID) {
if(strlen(msr->sessionid) == 0) {
if(msr->sessionid == NULL || strlen(msr->sessionid) == 0) {
#if AP_SERVER_MAJORVERSION_NUMBER > 1 && AP_SERVER_MINORVERSION_NUMBER > 2
const char *new_pwd = apr_psprintf(msr->mp,"%s%s", msr->txcfg->crypto_key, msr->r->connection->client_ip);
#else
@@ -1251,14 +1283,15 @@ char *do_hash_link(modsec_rec *msr, char *link, int type) {
if(strlen(link) > 8 && strncmp("https",(char*)link,5)==0){
path_chunk = strchr(link+8,'/');
if(path_chunk != NULL) {
if (msr->txcfg->debuglog_level >= 4)
if (msr->txcfg->debuglog_level >= 4) {
msr_log(msr, 4, "Signing data [%s]", path_chunk+1);
}
if(msr->txcfg->crypto_key_add == HASH_KEYONLY)
hash_value = hmac(msr, msr->txcfg->crypto_key, msr->txcfg->crypto_key_len, (unsigned char *) path_chunk+1, strlen((char*)path_chunk)-1);
if(msr->txcfg->crypto_key_add == HASH_SESSIONID) {
if(strlen(msr->sessionid) == 0) {
if(msr->sessionid == NULL || strlen(msr->sessionid) == 0) {
#if AP_SERVER_MAJORVERSION_NUMBER > 1 && AP_SERVER_MINORVERSION_NUMBER > 2
const char *new_pwd = apr_psprintf(msr->mp,"%s%s", msr->txcfg->crypto_key, msr->r->connection->client_ip);
#else
@@ -1291,14 +1324,15 @@ char *do_hash_link(modsec_rec *msr, char *link, int type) {
}
}
else if(*link=='/'){
if (msr->txcfg->debuglog_level >= 4)
if (msr->txcfg->debuglog_level >= 4) {
msr_log(msr, 4, "Signing data [%s]", link+1);
}
if(msr->txcfg->crypto_key_add == HASH_KEYONLY)
hash_value = hmac(msr, msr->txcfg->crypto_key, msr->txcfg->crypto_key_len, (unsigned char *) link+1, strlen((char*)link)-1);
if(msr->txcfg->crypto_key_add == HASH_SESSIONID) {
if(strlen(msr->sessionid) == 0) {
if(msr->sessionid == NULL || strlen(msr->sessionid) == 0) {
#if AP_SERVER_MAJORVERSION_NUMBER > 1 && AP_SERVER_MINORVERSION_NUMBER > 2
const char *new_pwd = apr_psprintf(msr->mp,"%s%s", msr->txcfg->crypto_key, msr->r->connection->client_ip);
#else
@@ -1344,14 +1378,15 @@ char *do_hash_link(modsec_rec *msr, char *link, int type) {
relative_link = relative_uri+1;
if (msr->txcfg->debuglog_level >= 4)
if (msr->txcfg->debuglog_level >= 4) {
msr_log(msr, 4, "Signing data [%s] size %d", relative_link, strlen(relative_link));
}
if(msr->txcfg->crypto_key_add == HASH_KEYONLY)
hash_value = hmac(msr, msr->txcfg->crypto_key, msr->txcfg->crypto_key_len, (unsigned char *) relative_link, strlen((char*)relative_link));
if(msr->txcfg->crypto_key_add == HASH_SESSIONID) {
if(strlen(msr->sessionid) == 0) {
if(msr->sessionid == NULL || strlen(msr->sessionid) == 0) {
#if AP_SERVER_MAJORVERSION_NUMBER > 1 && AP_SERVER_MINORVERSION_NUMBER > 2
const char *new_pwd = apr_psprintf(msr->mp,"%s%s", msr->txcfg->crypto_key, msr->r->connection->client_ip);
#else
@@ -1379,6 +1414,9 @@ char *do_hash_link(modsec_rec *msr, char *link, int type) {
msr->txcfg->crypto_key_len = strlen(new_pwd);
hash_value = hmac(msr, new_pwd, msr->txcfg->crypto_key_len, (unsigned char *) relative_link, strlen((char*)relative_link));
}
link = relative_uri;
}
if(hash_value == NULL) return NULL;