From dda91f1689c6a6031b4e09d16178e041bc60f5df Mon Sep 17 00:00:00 2001 From: David Andrews Date: Mon, 3 Mar 2014 14:17:00 -0800 Subject: [PATCH] Standalone: independently destroy the connection and request pools Add independent modsecFinishConnection API that allows you to independently destroy the connection and request pools. This is to facilitate reuse of a connection for multiple requests. --- iis/mymodule.cpp | 4 ++++ nginx/modsecurity/ngx_http_modsecurity.c | 4 ++++ standalone/api.c | 11 ++++++++++- standalone/api.h | 1 + 4 files changed, 19 insertions(+), 1 deletion(-) diff --git a/iis/mymodule.cpp b/iis/mymodule.cpp index 9b8ce745..e949ca8c 100644 --- a/iis/mymodule.cpp +++ b/iis/mymodule.cpp @@ -67,6 +67,10 @@ class REQUEST_STORED_CONTEXT : public IHttpStoredContext { modsecFinishRequest(m_pRequestRec); m_pRequestRec = NULL; + } + if(m_pConnRec != NULL) + { + modsecFinishConnection(m_pConnRec); m_pConnRec = NULL; } } diff --git a/nginx/modsecurity/ngx_http_modsecurity.c b/nginx/modsecurity/ngx_http_modsecurity.c index eda9d207..fe5ab9b1 100644 --- a/nginx/modsecurity/ngx_http_modsecurity.c +++ b/nginx/modsecurity/ngx_http_modsecurity.c @@ -1356,6 +1356,10 @@ ngx_http_modsecurity_cleanup(void *data) if (ctx->req != NULL) { (void) modsecFinishRequest(ctx->req); } + if (ctx->connection != NULL) { + (void) modsecFinishConnection(ctx->connection); + } + } static char * diff --git a/standalone/api.c b/standalone/api.c index ded96755..8ad67956 100644 --- a/standalone/api.c +++ b/standalone/api.c @@ -654,11 +654,20 @@ int modsecFinishRequest(request_rec *r) { // make sure you cleanup before calling apr_terminate() // otherwise double-free might occur, because of the request body pool cleanup function // - apr_pool_destroy(r->connection->pool); + apr_pool_destroy(r->pool); return DECLINED; } +// destroy only the connection pool +int modsecFinishConnection(conn_rec *c) +{ + + apr_pool_destroy(c->pool); + +} + + void modsecSetLogHook(void *obj, void (*hook)(void *obj, int level, char *str)) { modsecLogObj = obj; modsecLogHook = hook; diff --git a/standalone/api.h b/standalone/api.h index d2056738..60d30733 100644 --- a/standalone/api.h +++ b/standalone/api.h @@ -58,6 +58,7 @@ void modsecInitProcess(); conn_rec *modsecNewConnection(); void modsecProcessConnection(conn_rec *c); +int modsecFinishConnection(conn_rec *c); request_rec *modsecNewRequest(conn_rec *connection, directory_config *config);