diff --git a/CHANGES b/CHANGES
index 541cee89..41c1d39c 100644
--- a/CHANGES
+++ b/CHANGES
@@ -1,3 +1,9 @@
+28 Mar 2008 - 2.1.7-rc1
+-----------------------
+
+ * Make sure temporary filehandles are closed after a transaction.
+
+
19 Feb 2008 - 2.1.6
-------------------
diff --git a/apache2/apache2_io.c b/apache2/apache2_io.c
index ff6cfa9a..18a4bfa5 100644
--- a/apache2/apache2_io.c
+++ b/apache2/apache2_io.c
@@ -219,7 +219,7 @@ apr_status_t read_request_body(modsec_rec *msr, char **error_msg) {
/* Check request body limit (should only trigger on chunked requests). */
if (msr->reqbody_length + buflen > (apr_size_t)msr->txcfg->reqbody_limit) {
- *error_msg = apr_psprintf(msr->mp, "Requests body is larger than the "
+ *error_msg = apr_psprintf(msr->mp, "Request body is larger than the "
"configured limit (%lu).", msr->txcfg->reqbody_limit);
return -5;
}
diff --git a/apache2/modsecurity.h b/apache2/modsecurity.h
index 736f4b86..f2693b8b 100644
--- a/apache2/modsecurity.h
+++ b/apache2/modsecurity.h
@@ -48,7 +48,7 @@ typedef struct msc_string msc_string;
#include "http_protocol.h"
#define MODULE_NAME "ModSecurity"
-#define MODULE_RELEASE "2.1.6"
+#define MODULE_RELEASE "2.1.7-rc1"
#define MODULE_NAME_FULL (MODULE_NAME " v" MODULE_RELEASE " (Apache 2.x)")
#define PHASE_REQUEST_HEADERS 1
diff --git a/apache2/msc_multipart.c b/apache2/msc_multipart.c
index 79c8f91e..22e538b9 100644
--- a/apache2/msc_multipart.c
+++ b/apache2/msc_multipart.c
@@ -1058,6 +1058,12 @@ apr_status_t multipart_cleanup(modsec_rec *msr) {
for(i = 0; i < msr->mpd->parts->nelts; i++) {
if (parts[i]->type == MULTIPART_FILE) {
if (parts[i]->tmp_file_name != NULL) {
+ /* make sure it is closed first */
+ if (parts[i]->tmp_file_fd > 0) {
+ close(parts[i]->tmp_file_fd);
+ parts[i]->tmp_file_fd = -1;
+ }
+
if (unlink(parts[i]->tmp_file_name) < 0) {
msr_log(msr, 1, "Multipart: Failed to delete file (part) \"%s\" because %d(%s)",
log_escape(msr->mp, parts[i]->tmp_file_name), errno, strerror(errno));
@@ -1078,6 +1084,12 @@ apr_status_t multipart_cleanup(modsec_rec *msr) {
if ((parts[i]->type == MULTIPART_FILE)&&(parts[i]->tmp_file_size == 0)) {
/* Delete empty file. */
if (parts[i]->tmp_file_name != NULL) {
+ /* make sure it is closed first */
+ if (parts[i]->tmp_file_fd > 0) {
+ close(parts[i]->tmp_file_fd);
+ parts[i]->tmp_file_fd = -1;
+ }
+
if (unlink(parts[i]->tmp_file_name) < 0) {
msr_log(msr, 1, "Multipart: Failed to delete empty file (part) \"%s\" because %d(%s)",
log_escape(msr->mp, parts[i]->tmp_file_name), errno, strerror(errno));
@@ -1092,6 +1104,12 @@ apr_status_t multipart_cleanup(modsec_rec *msr) {
const char *new_filename = NULL;
const char *new_basename = NULL;
+ /* make sure it is closed first */
+ if (parts[i]->tmp_file_fd > 0) {
+ close(parts[i]->tmp_file_fd);
+ parts[i]->tmp_file_fd = -1;
+ }
+
new_basename = file_basename(msr->mp, parts[i]->tmp_file_name);
if (new_basename == NULL) return -1;
new_filename = apr_psprintf(msr->mp, "%s/%s", msr->txcfg->upload_dir,
diff --git a/apache2/msc_reqbody.c b/apache2/msc_reqbody.c
index 8fbceaa7..388c894b 100644
--- a/apache2/msc_reqbody.c
+++ b/apache2/msc_reqbody.c
@@ -607,6 +607,12 @@ apr_status_t modsecurity_request_body_clear(modsec_rec *msr) {
log_escape(msr->msc_reqbody_mp, put_filename));
}
} else {
+ /* make sure it is closed first */
+ if (msr->msc_reqbody_fd > 0) {
+ close(msr->msc_reqbody_fd);
+ msr->msc_reqbody_fd = -1;
+ }
+
/* We do not want to keep the request body. */
if (apr_file_remove(msr->msc_reqbody_filename,
msr->msc_reqbody_mp) != APR_SUCCESS)
diff --git a/doc/modsecurity2-apache-reference.xml b/doc/modsecurity2-apache-reference.xml
index c0115257..32a8d89c 100644
--- a/doc/modsecurity2-apache-reference.xml
+++ b/doc/modsecurity2-apache-reference.xml
@@ -3,7 +3,7 @@
ModSecurity Reference Manual
- Version 2.1.6 / (February 19, 2008)
+ Version 2.1.7-rc1 / (March 28, 2008)
2004-2008