From 86871ccab1c0b01afdba017d443799a413d814dc Mon Sep 17 00:00:00 2001 From: chaizhenhua Date: Thu, 28 Mar 2013 11:04:33 +0800 Subject: [PATCH 1/2] Fixed: Nginx crash in ngx_pool_context.c --- nginx/modsecurity/ngx_pool_context.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/nginx/modsecurity/ngx_pool_context.c b/nginx/modsecurity/ngx_pool_context.c index 988c8933..13ad3e9a 100644 --- a/nginx/modsecurity/ngx_pool_context.c +++ b/nginx/modsecurity/ngx_pool_context.c @@ -200,7 +200,7 @@ ngx_pool_context_init_conf(ngx_cycle_t *cycle, void *conf) ngx_pool_context_hash_size = pcf->size; - ngx_pool_context_hash = ngx_palloc(cycle->pool, sizeof(ngx_pool_context_node_t *) * ngx_pool_context_hash_size); + ngx_pool_context_hash = ngx_pcalloc(cycle->pool, sizeof(ngx_pool_context_node_t *) * ngx_pool_context_hash_size); if (ngx_pool_context_hash == NULL) { return NGX_CONF_ERROR; From 42e9a5ab24fd469e4e8b4b5af189423caf43e5d0 Mon Sep 17 00:00:00 2001 From: chaizhenhua Date: Thu, 28 Mar 2013 12:08:40 +0800 Subject: [PATCH 2/2] Nginx: Fixed internal request finalized after rewrite with regex --- nginx/modsecurity/ngx_http_modsecurity.c | 19 +++++++++---------- 1 file changed, 9 insertions(+), 10 deletions(-) diff --git a/nginx/modsecurity/ngx_http_modsecurity.c b/nginx/modsecurity/ngx_http_modsecurity.c index 3b8194cc..83edd42b 100644 --- a/nginx/modsecurity/ngx_http_modsecurity.c +++ b/nginx/modsecurity/ngx_http_modsecurity.c @@ -950,21 +950,22 @@ ngx_http_modsecurity_handler(ngx_http_request_t *r) return NGX_DECLINED; } - if (r->internal) { + ngx_log_debug0(NGX_LOG_DEBUG_HTTP, r->connection->log, 0, "modSecurity: handler"); + if (r->internal) { + /* we have already processed the request headers with previous loc conf */ + + /* TODO: do we need update ctx and process headers again? */ ctx = ngx_http_get_module_pool_ctx(r, ngx_http_modsecurity); - if (ctx == NULL) { - return NGX_ERROR; + if (ctx) { + ngx_http_set_ctx(r, ctx, ngx_http_modsecurity); + return NGX_DECLINED; } - ngx_http_set_ctx(r, ctx, ngx_http_modsecurity); - - return NGX_DECLINED; + ngx_log_debug0(NGX_LOG_DEBUG_HTTP, r->connection->log, 0, "modSecurity: get internel request ctx failed"); } - ngx_log_debug0(NGX_LOG_DEBUG_HTTP, r->connection->log, 0, "modSecurity: handler"); - ctx = ngx_http_modsecurity_create_ctx(r); if (ctx == NULL) { @@ -1084,8 +1085,6 @@ ngx_http_modsecurity_header_filter(ngx_http_request_t *r) { ctx->complete = 1; - // TODO: do we need reload headers_in ? - if (ngx_http_modsecurity_load_headers_in(r) != NGX_OK || ngx_http_modsecurity_load_headers_out(r) != NGX_OK) {