github_mirrors/ModSecurity
3
0
Fork 1
mirror of https://github.com/owasp-modsecurity/ModSecurity.git synced 2025-11-16 17:41:52 +03:00
Code Issues Packages Projects Releases Wiki Activity

Avoids segfault while running with proxy_pass

Browse Source 
Duplicates the headers variables while coping data from/to ModSecurity.
This seems to fix the segfault that was happening while using proxy_pass.
The variable is later cleaned, which means that we don't have a leak
because of that.
This commit is contained in:
Felipe Zimmerle
2015-03-21 11:50:48 -07:00
parent eb904c2666
commit d135f88254
2 changed files with 38 additions and 30 deletions
Download Patch File Download Diff File Expand all files Collapse all files

14
nginx/modsecurity/config
View File

@@ -6,21 +6,23 @@ CFLAGS="$CFLAGS \
-I/usr/include/apache2 \
-I/usr/include/libxml2 \
-DWITH_LUA -I/usr/include/lua5.1 \
-DWITH_PCRE_STUDY -DMODSEC_PCRE_MATCH_LIMIT=1500 -DMODSEC_PCRE_MATCH_LIMIT_RECURSION=1500 -DREQUEST_EARLY \
-DWITH_PCRE_STUDY -DMODSEC_PCRE_MATCH_LIMIT=1500 -DMODSEC_PCRE_MATCH_LIMIT_RECURSION=1500 -DREQUEST_EARLY -DWITH_APU_CRYPTO -DWITH_REMOTE_RULES \
\
-DWITH_YAJL -I/usr/include/yajl "
-DWITH_YAJL -I/usr/include/yajl \
-DWITH_SSDEEP -I/usr/"
CORE_LIBS="$CORE_LIBS \
-L/usr/lib -lapr-1 \
-L/usr/lib -laprutil-1 \
-L/usr/lib/x86_64-linux-gnu -lapr-1 \
-L/usr/lib/x86_64-linux-gnu -laprutil-1 \
-I/usr/include/apache2 \
-L/usr/lib/x86_64-linux-gnu -lcurl \
-lxml2 \
-llua5.1 \
-lpcre \
-L/usr/lib -lcap \
-lyajl "
-L/usr/lib \
-lyajl \
-lfuzzy"
ngx_addon_name=ngx_http_modsecurity

52
nginx/modsecurity/ngx_http_modsecurity.c
View File

@@ -807,10 +807,10 @@ ngx_http_modsecurity_save_headers_out_visitor(void *data,
{
ngx_http_request_t *r = data;
ngx_table_elt_t *h, he, *new_h;
ngx_http_upstream_header_t *hh;
ngx_http_upstream_main_conf_t *umcf;
//ngx_http_upstream_header_t *hh;
//ngx_http_upstream_main_conf_t *umcf;
umcf = ngx_http_get_module_main_conf(r, ngx_http_upstream_module);
//umcf = ngx_http_get_module_main_conf(r, ngx_http_upstream_module);
h = &he;
@@ -829,31 +829,37 @@ ngx_http_modsecurity_save_headers_out_visitor(void *data,
h->hash = ngx_hash_key(h->lowcase_key, h->key.len);
hh = ngx_hash_find(&umcf->headers_in_hash, h->hash,
h->lowcase_key, h->key.len);
//hh = ngx_hash_find(&umcf->headers_in_hash, h->hash,
// h->lowcase_key, h->key.len);
if (hh) {
/* copy all */
if (hh->copy_handler(r, h, hh->conf) != NGX_OK) {
return 0;
}
} else {
/* Add the response header directly to headers_out if not present in
* the hash. This is done to passthrough such response headers.
* Remember the response headers were cleared earlier using
* ngx_http_clean_header(r) call in ngx_http_modsecurity_save_headers_out.
*/
// While using proxy_pass with a combination of other factores
// there seems to be a memory corruption if we use hh->copy_handler.
// Temporary using new_h. This demand a further investigation.
//
//if (hh) {
// /* copy all */
// if (hh->copy_handler(r, h, hh->conf) != NGX_OK) {
// return 0;
// }
//} else {
new_h = ngx_list_push(&r->headers_out.headers);
if (new_h == NULL) {
return NGX_ERROR;
}
/* Add the response header directly to headers_out if not present in
* the hash. This is done to passthrough such response headers.
* Remember the response headers were cleared earlier using
* ngx_http_clean_header(r) call in ngx_http_modsecurity_save_headers_out.
*/
new_h->hash = h->hash;
new_h->key = h->key;
new_h->value = h->value;
new_h = ngx_list_push(&r->headers_out.headers);
if (new_h == NULL) {
return NGX_ERROR;
}
new_h->hash = h->hash;
new_h->key = h->key;
new_h->value = h->value;
// }
ngx_log_debug2(NGX_LOG_DEBUG_HTTP, r->connection->log, 0,
"ModSecurity: save headers out: \"%V: %V\"",
&h->key, &h->value);