github_mirrors/ModSecurity
3
0
Fork 1
mirror of https://github.com/owasp-modsecurity/ModSecurity.git synced 2026-01-13 06:57:10 +03:00
Code Issues Packages Projects Releases Wiki Activity

Make sure all filehandles are closed at the end of a trasaction. See #464 and #465.

Browse Source 
Fixes a few typos in some error messages when we are over the limits.
This commit is contained in:
brectanus
2008-03-28 20:00:37 +00:00
parent b7e59e5e4d
commit ecddb188f3
6 changed files with 33 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
CHANGES
View File

@@ -1,3 +1,9 @@
28 Mar 2008 - 2.1.7-rc1
-----------------------
* Make sure temporary filehandles are closed after a transaction.
19 Feb 2008 - 2.1.6
-------------------

2
apache2/apache2_io.c
View File

@@ -219,7 +219,7 @@ apr_status_t read_request_body(modsec_rec *msr, char **error_msg) {
/* Check request body limit (should only trigger on chunked requests). */
if (msr->reqbody_length + buflen > (apr_size_t)msr->txcfg->reqbody_limit) {
*error_msg = apr_psprintf(msr->mp, "Requests body is larger than the "
*error_msg = apr_psprintf(msr->mp, "Request body is larger than the "
"configured limit (%lu).", msr->txcfg->reqbody_limit);
return -5;
}

2
apache2/modsecurity.h
View File

@@ -48,7 +48,7 @@ typedef struct msc_string msc_string;
#include "http_protocol.h"
#define MODULE_NAME "ModSecurity"
#define MODULE_RELEASE "2.1.6"
#define MODULE_RELEASE "2.1.7-rc1"
#define MODULE_NAME_FULL (MODULE_NAME " v" MODULE_RELEASE " (Apache 2.x)")
#define PHASE_REQUEST_HEADERS 1

18
apache2/msc_multipart.c
View File

@@ -1058,6 +1058,12 @@ apr_status_t multipart_cleanup(modsec_rec *msr) {
for(i = 0; i < msr->mpd->parts->nelts; i++) {
if (parts[i]->type == MULTIPART_FILE) {
if (parts[i]->tmp_file_name != NULL) {
/* make sure it is closed first */
if (parts[i]->tmp_file_fd > 0) {
close(parts[i]->tmp_file_fd);
parts[i]->tmp_file_fd = -1;
}
if (unlink(parts[i]->tmp_file_name) < 0) {
msr_log(msr, 1, "Multipart: Failed to delete file (part) \"%s\" because %d(%s)",
log_escape(msr->mp, parts[i]->tmp_file_name), errno, strerror(errno));
@@ -1078,6 +1084,12 @@ apr_status_t multipart_cleanup(modsec_rec *msr) {
if ((parts[i]->type == MULTIPART_FILE)&&(parts[i]->tmp_file_size == 0)) {
/* Delete empty file. */
if (parts[i]->tmp_file_name != NULL) {
/* make sure it is closed first */
if (parts[i]->tmp_file_fd > 0) {
close(parts[i]->tmp_file_fd);
parts[i]->tmp_file_fd = -1;
}
if (unlink(parts[i]->tmp_file_name) < 0) {
msr_log(msr, 1, "Multipart: Failed to delete empty file (part) \"%s\" because %d(%s)",
log_escape(msr->mp, parts[i]->tmp_file_name), errno, strerror(errno));
@@ -1092,6 +1104,12 @@ apr_status_t multipart_cleanup(modsec_rec *msr) {
const char *new_filename = NULL;
const char *new_basename = NULL;
/* make sure it is closed first */
if (parts[i]->tmp_file_fd > 0) {
close(parts[i]->tmp_file_fd);
parts[i]->tmp_file_fd = -1;
}
new_basename = file_basename(msr->mp, parts[i]->tmp_file_name);
if (new_basename == NULL) return -1;
new_filename = apr_psprintf(msr->mp, "%s/%s", msr->txcfg->upload_dir,

6
apache2/msc_reqbody.c
View File

@@ -607,6 +607,12 @@ apr_status_t modsecurity_request_body_clear(modsec_rec *msr) {
log_escape(msr->msc_reqbody_mp, put_filename));
}
} else {
/* make sure it is closed first */
if (msr->msc_reqbody_fd > 0) {
close(msr->msc_reqbody_fd);
msr->msc_reqbody_fd = -1;
}
/* We do not want to keep the request body. */
if (apr_file_remove(msr->msc_reqbody_filename,
msr->msc_reqbody_mp) != APR_SUCCESS)

2
doc/modsecurity2-apache-reference.xml
View File

@@ -3,7 +3,7 @@
<title>ModSecurity Reference Manual</title>
<articleinfo>
<releaseinfo>Version 2.1.6 / (February 19, 2008)</releaseinfo>
<releaseinfo>Version 2.1.7-rc1 / (March 28, 2008)</releaseinfo>
<copyright>
<year>2004-2008</year>