diff --git a/CHANGES b/CHANGES index 30ebd1f8..aa367e04 100644 --- a/CHANGES +++ b/CHANGES @@ -1,8 +1,10 @@ -19 Mar 2008 - 2.5.1-breach1 ---------------------------- +28 Mar 2008 - trunk +------------------- * Allow HTTP_* targets as an alias for REQUEST_HEADERS:*. + * Make sure temporary filehandles are closed after a transaction. + 14 Mar 2008 - 2.5.1 ------------------- diff --git a/apache2/apache2_io.c b/apache2/apache2_io.c index 63827db1..cbfe3989 100644 --- a/apache2/apache2_io.c +++ b/apache2/apache2_io.c @@ -215,7 +215,7 @@ apr_status_t read_request_body(modsec_rec *msr, char **error_msg) { /* Check request body limit (should only trigger on chunked requests). */ if (msr->reqbody_length + buflen > (apr_size_t)msr->txcfg->reqbody_limit) { - *error_msg = apr_psprintf(msr->mp, "Requests body is larger than the " + *error_msg = apr_psprintf(msr->mp, "Request body is larger than the " "configured limit (%ld).", msr->txcfg->reqbody_limit); return -5; } @@ -224,7 +224,7 @@ apr_status_t read_request_body(modsec_rec *msr, char **error_msg) { int rcbs = modsecurity_request_body_store(msr, buf, buflen, error_msg); if (rcbs < 0) { if (rcbs == -5) { - *error_msg = apr_psprintf(msr->mp, "Requests body no files data length is larger than the " + *error_msg = apr_psprintf(msr->mp, "Request body no files data length is larger than the " "configured limit (%ld).", msr->txcfg->reqbody_no_files_limit); return -5; } diff --git a/apache2/msc_multipart.c b/apache2/msc_multipart.c index b8f5fe9b..d261bc5c 100644 --- a/apache2/msc_multipart.c +++ b/apache2/msc_multipart.c @@ -1100,6 +1100,12 @@ apr_status_t multipart_cleanup(modsec_rec *msr) { for(i = 0; i < msr->mpd->parts->nelts; i++) { if (parts[i]->type == MULTIPART_FILE) { if (parts[i]->tmp_file_name != NULL) { + /* make sure it is closed first */ + if (parts[i]->tmp_file_fd > 0) { + close(parts[i]->tmp_file_fd); + parts[i]->tmp_file_fd = -1; + } + if (unlink(parts[i]->tmp_file_name) < 0) { msr_log(msr, 1, "Multipart: Failed to delete file (part) \"%s\" because %d(%s)", log_escape(msr->mp, parts[i]->tmp_file_name), errno, strerror(errno)); @@ -1122,6 +1128,12 @@ apr_status_t multipart_cleanup(modsec_rec *msr) { if ((parts[i]->type == MULTIPART_FILE)&&(parts[i]->tmp_file_size == 0)) { /* Delete empty file. */ if (parts[i]->tmp_file_name != NULL) { + /* make sure it is closed first */ + if (parts[i]->tmp_file_fd > 0) { + close(parts[i]->tmp_file_fd); + parts[i]->tmp_file_fd = -1; + } + if (unlink(parts[i]->tmp_file_name) < 0) { msr_log(msr, 1, "Multipart: Failed to delete empty file (part) \"%s\" because %d(%s)", log_escape(msr->mp, parts[i]->tmp_file_name), errno, strerror(errno)); @@ -1138,6 +1150,12 @@ apr_status_t multipart_cleanup(modsec_rec *msr) { const char *new_filename = NULL; const char *new_basename = NULL; + /* make sure it is closed first */ + if (parts[i]->tmp_file_fd > 0) { + close(parts[i]->tmp_file_fd); + parts[i]->tmp_file_fd = -1; + } + new_basename = file_basename(msr->mp, parts[i]->tmp_file_name); if (new_basename == NULL) return -1; new_filename = apr_psprintf(msr->mp, "%s/%s", msr->txcfg->upload_dir, diff --git a/apache2/msc_reqbody.c b/apache2/msc_reqbody.c index 90c7f37b..f907237b 100644 --- a/apache2/msc_reqbody.c +++ b/apache2/msc_reqbody.c @@ -685,6 +685,12 @@ apr_status_t modsecurity_request_body_clear(modsec_rec *msr, char **error_msg) { log_escape(msr->msc_reqbody_mp, put_filename)); } } else { + /* make sure it is closed first */ + if (msr->msc_reqbody_fd > 0) { + close(msr->msc_reqbody_fd); + msr->msc_reqbody_fd = -1; + } + /* We do not want to keep the request body. */ if (apr_file_remove(msr->msc_reqbody_filename, msr->msc_reqbody_mp) != APR_SUCCESS)