Fixed two crashing bugs: race condition when module was initialized and failing config commands in libapr.

iis/mymodulefactory.h

@@ -21,11 +21,14 @@
 class CMyHttpModuleFactory : public IHttpModuleFactory
 {
         CMyHttpModule *				m_pModule;
+		CRITICAL_SECTION			m_csLock;
 
 public:
 	CMyHttpModuleFactory()
 	{
 		m_pModule = NULL;
+
+		InitializeCriticalSection(&m_csLock);
 	}
 
 	virtual
@@ -43,6 +46,8 @@ public:
             goto Finished;
         }
 
+		EnterCriticalSection(&m_csLock);
+
 		if(m_pModule == NULL)
 		{
 			m_pModule = new CMyHttpModule();
@@ -54,6 +59,8 @@ public:
 			}
 		}
 
+		LeaveCriticalSection(&m_csLock);
+
         *ppModule = m_pModule;
 
 	Finished:

standalone/config.c

@@ -1153,7 +1153,14 @@ ProcessInclude:
 
 			parms->directive = newdir;
 
+			__try
+			{
 				errmsg = invoke_cmd(cmd, parms, mconfig, args);
+			}
+			__except(EXCEPTION_EXECUTE_HANDLER)
+			{
+				errmsg = "Command failed to execute (check file/folder permissions, syntax, etc.).";
+			}
 
 			if(errmsg != NULL)
 				break;

standalone/main.cpp

@@ -21,6 +21,7 @@
 
 
 char *config_file = NULL;
+char *url_file = NULL;
 char *event_files[1024];
 int event_file_cnt;
 char *event_file = NULL;
@@ -31,6 +32,11 @@ int event_file_blocks[256];
 
 #define	EVENT_FILE_MAX_SIZE		(16*1024*1024)
 
+#define	MAX_URLS	4096
+
+char urls[MAX_URLS][4096];
+int url_cnt = 0;
+
 void readeventfile(char *name)
 {
 	if(event_file == NULL)
@@ -119,6 +125,12 @@ void parseargs(int argc, char *argv[])
 				i += 2;
 				continue;
 			}
+			if(argv[i][1] == 'u' && i < argc - 1)
+			{
+				url_file = argv[i + 1];
+				i += 2;
+				continue;
+			}
 			i++;
 			continue;
 		}
@@ -224,7 +236,7 @@ void main(int argc, char *argv[])
 	if(config_file == NULL || argc < 3)
 	{
 		printf("Usage:\n");
-		printf("standalone.exe -c <config_file> <event_file1> [<event_file2> <event_file3> ...]\n");
+		printf("standalone.exe -c <config_file> [-u <text_file_with_urls>] <event_file1> [<event_file2> <event_file3> ...]\n");
 		return;
 	}
 
@@ -250,7 +262,39 @@ void main(int argc, char *argv[])
 
 	modsecInitProcess();
 
+	if(url_file != NULL)
+	{
+		FILE *fr = fopen(url_file, "rb");
+		int i = 0;
+
+		while(fgets(urls[i],4096,fr) != NULL)
+		{
+			urls[i][4095] = 0;
+
+			int l = strlen(urls[i]) - 1;
+
+			if(l < 8)
+				continue;
+
+			while(urls[i][l] == 10 || urls[i][l] == 13)
+				l--;
+
+			urls[i++][l + 1] = 0;
+		}
+
+		url_cnt = i;
+		fclose(fr);
+	}
+
 	for(int i = 0; i < event_file_cnt; i++)
+	{
+		if(url_cnt == 0)
+		{
+			urls[0][0] = 0;
+			url_cnt = 1;
+		}
+
+		for(int ui = 0; ui < url_cnt; ui++)
 		{
 			readeventfile(event_files[i]);
 			parseeventfile();
@@ -284,6 +328,11 @@ void main(int argc, char *argv[])
 			*url++=0;
 			*proto++=0;
 
+			if(urls[ui][0] != 0)
+			{
+				url = urls[ui];
+			}
+
 #define	SETMETHOD(m) if(strcmp(method,#m) == 0){ r->method = method; r->method_number = M_##m; }
 
 			r->method = "INVALID";
@@ -378,6 +427,7 @@ void main(int argc, char *argv[])
 			modsecProcessResponse(r);
 			modsecFinishRequest(r);
 		}
+	}
 
 	modsecTerminate();
 	getch();

standalone/standalone.vcxproj.user

@@ -1,7 +1,7 @@
 <?xml version="1.0" encoding="utf-8"?>
 <Project ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
-    <LocalDebuggerCommandArguments>-c owasp_crs\modsecurity_iis.conf d:\test.dat</LocalDebuggerCommandArguments>
+    <LocalDebuggerCommandArguments>-c d:\temp\antixss.conf -u d:\temp\modsec_urls.txt d:\temp\test1.dat</LocalDebuggerCommandArguments>
     <DebuggerFlavor>WindowsLocalDebugger</DebuggerFlavor>
     <LocalDebuggerCommand>$(TargetPath)</LocalDebuggerCommand>
     <LocalDebuggerAttach>false</LocalDebuggerAttach>