From a2f01d31a410fd758cdf58e6ae03a528479c14e0 Mon Sep 17 00:00:00 2001 From: brenosilva Date: Sat, 26 Mar 2011 14:53:04 +0000 Subject: [PATCH] Experimental reallocation memory for rsub --- apache2/apache2_io.c | 32 +++++++++++++++++++------------ apache2/msc_reqbody.c | 13 +++++++++++++ apache2/re_operators.c | 43 +++++++++++++++++++++++++++++++----------- 3 files changed, 65 insertions(+), 23 deletions(-) diff --git a/apache2/apache2_io.c b/apache2/apache2_io.c index eebaf96b..2b788784 100644 --- a/apache2/apache2_io.c +++ b/apache2/apache2_io.c @@ -129,11 +129,6 @@ apr_status_t input_filter(ap_filter_t *f, apr_bucket_brigade *bb_out, msr_log(msr, 4, "Input stream filter: Forwarded %" APR_SIZE_T_FMT " bytes.", msr->msc_reqbody_disk_chunk->length); } - if(msr->txcfg->stream_inbody_inspection && msr->stream_input_data != NULL) { - free(msr->stream_input_data); - msr->stream_input_data = NULL; - } - } if (rc == 0) { @@ -479,11 +474,6 @@ static void inject_content_to_of_brigade(modsec_rec *msr, ap_filter_t *f) { msr_log(msr, 9, "Content Injection: Data reinjected bytes [%d]",msr->stream_output_length); } - if(msr->stream_output_data != NULL) { - free(msr->stream_output_data); - msr->stream_output_data = NULL; - } - } } @@ -536,8 +526,26 @@ static int flatten_response_body(modsec_rec *msr) { msr->resbody_status = RESBODY_STATUS_READ; if (msr->txcfg->stream_outbody_inspection) { - msr->stream_output_data = (char *)calloc(sizeof(char),msr->resbody_length+1); - msr->stream_output_length = msr->resbody_length+1; + + char *stream_output_body = NULL; + + if(msr->stream_output_data == NULL) + msr->stream_output_data = (char *)malloc(msr->resbody_length+1); + else { + stream_output_body = (char *)realloc(msr->stream_output_data, msr->resbody_length+1); + + if(stream_output_body == NULL) { + free(msr->stream_output_data); + msr->stream_output_data = NULL; + msr_log(msr, 1, "Output filter: Stream Response body data memory allocation failed. Asked for: %" APR_SIZE_T_FMT, + msr->stream_output_length + 1); + return -1; + } + + msr->stream_output_data = (char *)stream_output_body; + } + + msr->stream_output_length = msr->resbody_length; if (msr->stream_output_data == NULL) { msr_log(msr, 1, "Output filter: Stream Response body data memory allocation failed. Asked for: %" APR_SIZE_T_FMT, diff --git a/apache2/msc_reqbody.c b/apache2/msc_reqbody.c index 67639f6f..1f13f82a 100644 --- a/apache2/msc_reqbody.c +++ b/apache2/msc_reqbody.c @@ -388,6 +388,7 @@ static apr_status_t modsecurity_request_body_to_stream(modsec_rec *msr, char **e msc_data_chunk **chunks; char *d; int i, sofar; + char *stream_input_body = NULL; *error_msg = NULL; @@ -401,7 +402,19 @@ static apr_status_t modsecurity_request_body_to_stream(modsec_rec *msr, char **e msr->stream_input_length = msr->msc_reqbody_length; + if(msr->stream_input_data == NULL) msr->stream_input_data = (char *)calloc(sizeof(char), msr->stream_input_length + 1); + else { + stream_input_body = (char *)realloc(msr->stream_input_data, msr->stream_input_length + 1); + + if(stream_input_body == NULL) { + free(msr->stream_input_data); + msr->stream_input_data = NULL; + } + + msr->stream_input_data = (char *)stream_input_body; + } + if (msr->stream_input_data== NULL) { *error_msg = apr_psprintf(msr->mp, "Unable to allocate memory to hold request body on stream. Asked for %u bytes.", msr->stream_input_length + 1); diff --git a/apache2/re_operators.c b/apache2/re_operators.c index 5ef47d0e..1a7f29a7 100644 --- a/apache2/re_operators.c +++ b/apache2/re_operators.c @@ -686,7 +686,7 @@ static int msre_op_rsub_execute(modsec_rec *msr, msre_rule *rule, msre_var *var, else rule->sub_regex = NULL; - rule->re_precomp = 0; + //rule->re_precomp = 0; } if(rule->sub_regex == NULL) { @@ -708,6 +708,9 @@ static int msre_op_rsub_execute(modsec_rec *msr, msre_rule *rule, msre_var *var, return -1; } + msr_log(msr,9,"Replace %s\n",replace); + msr_log(msr,9,"Pattern %s\n",re_pattern->value); + memcpy(data,var->value,var->value_len); size += (AP_MAX_REG_MATCH*strlen(replace)+2); @@ -739,24 +742,42 @@ static int msre_op_rsub_execute(modsec_rec *msr, msre_rule *rule, msre_var *var, size -= (((AP_MAX_REG_MATCH - count)*(strlen(replace))) + p_len+2); + var->value_len = size; + if(msr->stream_output_data != NULL && output_body == 1) { - msr->stream_output_data = (char *)realloc(msr->stream_output_data,size); + + char *stream_output_data = NULL; + + stream_output_data = (char *)realloc(msr->stream_output_data, size+1); msr->stream_output_length = size; - if (msr->stream_output_data != NULL) { - memset(msr->stream_output_data,0,size); - memcpy(msr->stream_output_data,data,size); - msr->stream_output_data[msr->stream_output_length] = '\0'; + + if(stream_output_data == NULL) { + free (msr->stream_output_data); + msr->stream_output_data = NULL; + return -1; } + + msr->stream_output_data = (char *)stream_output_data; + if(msr->stream_output_data != NULL) + apr_cpystrn(msr->stream_output_data, data, size); + } if(msr->stream_input_data != NULL && input_body == 1) { - msr->stream_input_data = (char *)realloc(msr->stream_input_data,size); + char *stream_input_data = NULL; + + stream_input_data = (char *)realloc(msr->stream_input_data, size+1); msr->stream_input_length = size; - if (msr->stream_input_data != NULL) { - memset(msr->stream_input_data,0,size); - memcpy(msr->stream_input_data,data,size); - msr->stream_input_data[msr->stream_input_length] = '\0'; + + if(stream_input_data == NULL) { + free (msr->stream_input_data); + msr->stream_input_data = NULL; + return -1; } + + msr->stream_input_data = (char *)stream_input_data; + if(msr->stream_input_data != NULL) + apr_cpystrn(msr->stream_input_data, data, size); } if (! *error_msg) {