From ff73b448de229a34c7c6a53ee2394427a79ce022 Mon Sep 17 00:00:00 2001 From: Felipe Zimmerle Date: Fri, 16 Jun 2017 11:00:21 -0300 Subject: [PATCH] Makes pm mutex optional via configuration flag --- configure.ac | 27 ++++++++++++++++++++++++++- src/Makefile.am | 1 + src/operators/pm.cc | 10 +++++++++- src/operators/pm.h | 2 ++ 4 files changed, 38 insertions(+), 2 deletions(-) diff --git a/configure.ac b/configure.ac index d1b92b4c..afc4cef4 100644 --- a/configure.ac +++ b/configure.ac @@ -244,6 +244,23 @@ AC_ARG_ENABLE(parser-generation, [buildParser=false] ) +# Mutex +AC_ARG_ENABLE(mutex-on-pm, + [AC_HELP_STRING([--enable-mutex-on-pm],[Treats pm operations as a critical section])], + + [case "${enableval}" in + yes) mutexPm=true ;; + no) mutexPm=false ;; + *) AC_MSG_ERROR(bad value ${enableval} for --enable-mutex-on-pm) ;; + esac], + + [mutexPm=false] + ) +if test "$mutexPm" == "true"; then + MODSEC_MUTEX_ON_PM="-DMUTEX_ON_PM=1" + AC_SUBST(MODSEC_MUTEX_ON_PM) +fi + if test $buildParser = true; then AC_PROG_YACC @@ -283,6 +300,7 @@ fi AM_CONDITIONAL([EXAMPLES], [test $buildExamples = true]) AM_CONDITIONAL([BUILD_PARSER], [test $buildParser = true]) +AM_CONDITIONAL([USE_MUTEX_ON_PM], [test $mutexPm = true]) # General link options @@ -324,7 +342,6 @@ AM_COND_IF([EXAMPLES], examples/multiprocess_c/Makefile \ examples/reading_logs_with_offset/Makefile \ examples/reading_logs_via_rule_message/Makefile \ - examples/using_bodies_in_chunks/Makefile \ ])]) AM_COND_IF([AFL_FUZZER], @@ -490,12 +507,20 @@ if test "$buildExamples" = "true"; then else echo " + library examples ....disabled" fi + if test "$buildParser" = "true"; then echo " + Building parser ....enabled" else echo " + Building parser ....disabled" fi +if test "$mutexPm" = "true"; then + echo " + Treating pm operations as critical section ....enabled" +else + echo " + Treating pm operations as critical section ....disabled" +fi + + echo " " diff --git a/src/Makefile.am b/src/Makefile.am index 3534b0b2..1f629cb7 100644 --- a/src/Makefile.am +++ b/src/Makefile.am @@ -279,6 +279,7 @@ libmodsecurity_la_CPPFLAGS = \ $(GEOIP_CFLAGS) \ $(GLOBAL_CPPFLAGS) \ $(MODSEC_NO_LOGS) \ + $(MODSEC_MUTEX_ON_PM) \ $(YAJL_CFLAGS) \ $(LMDB_CFLAGS) \ $(PCRE_CFLAGS) \ diff --git a/src/operators/pm.cc b/src/operators/pm.cc index 5af36cb2..71ac93d1 100644 --- a/src/operators/pm.cc +++ b/src/operators/pm.cc @@ -40,7 +40,9 @@ Pm::~Pm() { free(m_p); m_p = NULL; +#ifdef MODSEC_MUTEX_ON_PM pthread_mutex_destroy(&m_lock); +#endif } @@ -87,9 +89,13 @@ bool Pm::evaluate(Transaction *transaction, Rule *rule, pt.parser = m_p; pt.ptr = NULL; const char *match = NULL; +#ifdef MODSEC_MUTEX_ON_PM pthread_mutex_lock(&m_lock); +#endif rc = acmp_process_quick(&pt, &match, input.c_str(), input.length()); +#ifdef MODSEC_MUTEX_ON_PM pthread_mutex_unlock(&m_lock); +#endif bool capture = rule && rule->getActionsByName("capture").size() > 0; if (rc > 0 && transaction) { @@ -114,8 +120,10 @@ bool Pm::init(const std::string &file, std::string *error) { std::istringstream *iss; const char *err = NULL; +#ifdef MODSEC_MUTEX_ON_PM +asdfasdf pthread_mutex_init(&m_lock, NULL); - +#endif char *content = parse_pm_content(m_param.c_str(), m_param.length(), &err); if (content == NULL) { iss = new std::istringstream(m_param); diff --git a/src/operators/pm.h b/src/operators/pm.h index 5d3f189d..64ea09c6 100644 --- a/src/operators/pm.h +++ b/src/operators/pm.h @@ -56,8 +56,10 @@ class Pm : public Operator { protected: ACMP *m_p; +#ifdef MODSEC_MUTEX_ON_PM private: pthread_mutex_t m_lock; +#endif };