Nginx fixes

Felipe Zimmerle · daniilyar · commit 49cf8b829fd1 · 2016-02-05T15:47:24.000+03:00
Refactoring on the nginx module, including:
 - Better handling larger posts;
 - Now using nginx echo module during the regression tests.
 - Better interacting with neginx chain rules
 - Separation of the request handling and content filters.
 - Better handling nginx sessions and resource counts to allow a
   more efficient garbage collector.
 - Handling both http/1.0 and 1.1, including keep-alive.
 - Tests are now capable to test nginx as a proxy or end-server.
 - Tested agains nginx 1.6 and 1.7.
 - Better dealing with chunked request body
diff --git a/nginx/modsecurity/ngx_http_modsecurity.c b/nginx/modsecurity/ngx_http_modsecurity.c
@@ -21,6 +21,7 @@
 /* Those are defined twice, lets keep it defined just once by `undef`
  * the first one.
  */
+ */
 #undef CR
 #undef LF
 #undef CRLF
@@ -228,7 +229,6 @@ ngx_pstrdup0(ngx_pool_t *pool, ngx_str_t *src)
     return dst;
 }
 
-
 /*
  * MultiplyDeBruijnBitPosition
  * http://graphics.stanford.edu/~seander/bithacks.html#ZerosOnRightMultLookup
@@ -563,6 +563,10 @@ ngx_http_modsecurity_load_request_body(ngx_http_request_t *r)
     ngx_http_modsecurity_ctx_t *ctx;
     ngx_chain_t *chain;
 
+    ngx_log_debug(NGX_LOG_DEBUG_HTTP, r->connection->log, 0,
+        "ModSec: loading request body.");
+
+
     ngx_log_debug(NGX_LOG_DEBUG_HTTP, r->connection->log, 0,
         "ModSec: loading request body.");
 
@@ -598,7 +602,6 @@ ngx_http_modsecurity_load_request_body(ngx_http_request_t *r)
 
     return NGX_OK;
 }
-
 static ngx_inline ngx_int_t
 ngx_http_modsecurity_save_request_body(ngx_http_request_t *r)
 {
@@ -607,7 +610,6 @@ ngx_http_modsecurity_save_request_body(ngx_http_request_t *r)
     apr_off_t content_length;
     ngx_buf_t *buf;
 #endif
-
    ctx = ngx_http_get_module_ctx(r, ngx_http_modsecurity);
 
 #ifdef MOVE_REQUEST_CHAIN_TO_MODSEC
@@ -619,10 +621,8 @@ ngx_http_modsecurity_save_request_body(ngx_http_request_t *r)
     apr_brigade_cleanup(ctx->brigade);
     buf->last += content_length;
     r->header_in = buf;
-
     if (r->headers_in.content_length) {
         ngx_str_t *str = NULL;
-
         str = &r->headers_in.content_length->value;
         str->data = ngx_palloc(r->pool, NGX_OFF_T_LEN);
         if (str->data == NULL) {
@@ -631,18 +631,31 @@ ngx_http_modsecurity_save_request_body(ngx_http_request_t *r)
         }
         str->len = ngx_snprintf(str->data, NGX_OFF_T_LEN, "%O",
                 content_length) - str->data;
-
-    }
-
     r->headers_in.content_length_n = content_length;
-
     ngx_log_debug(NGX_LOG_DEBUG_HTTP, r->connection->log, 0,
             "ModSec: Content length: %O, Content length n: %O", content_length,
             r->headers_in.content_length_n);
 #else
     apr_brigade_cleanup(ctx->brigade);
 #endif
 
+    if (r->headers_in.content_length) {
+        ngx_str_t *str = NULL;
+
+        str = &r->headers_in.content_length->value;
+        str->data = ngx_palloc(r->pool, NGX_OFF_T_LEN);
+        if (str->data == NULL) {
+            ngx_http_finalize_request(r, NGX_HTTP_INTERNAL_SERVER_ERROR);
+            return NGX_OK;
+        }
+        str->len = ngx_snprintf(str->data, NGX_OFF_T_LEN, "%O", content_length) - str->data;
+
+    }
+
+
+    r->headers_in.content_length_n = content_length;
+
+    ngx_log_debug(NGX_LOG_DEBUG_HTTP, r->connection->log, 0, "ModSec: Content length: %O, Content length n: %O", content_length, r->headers_in.content_length_n);
     return NGX_OK;
 }
 
@@ -1151,19 +1164,25 @@ ngx_http_modsecurity_handler(ngx_http_request_t *r) {
         ngx_log_debug0(NGX_LOG_DEBUG_HTTP, r->connection->log, 0,
                    "ModSec: ModSecurity is not enabled or not a main request.");
 
+        ctx = ngx_http_modsecurity_create_ctx(r);
+
         return NGX_DECLINED;
+        if (ngx_http_set_pool_ctx(r, ctx, ngx_http_modsecurity) != NGX_OK) {
+            return NGX_ERROR;
     }
 
     ctx = ngx_http_get_module_ctx(r, ngx_http_modsecurity);
 
     ngx_log_debug1(NGX_LOG_DEBUG_HTTP, r->connection->log, 0,
                    "ModSec: Recovering ctx: %p", ctx);
+        ngx_log_debug0(NGX_LOG_DEBUG_HTTP, r->connection->log, 0,
+                   "ModSec: ctx is null, nothing we can do, returning.");
 
     if (ctx == NULL) {
         ctx = ngx_http_modsecurity_create_ctx(r);
 
         ngx_http_set_ctx(r, ctx, ngx_http_modsecurity);
-
+                   "ModSec: ctx is now: %p / count: %d", ctx, r->main->count);
         if (ngx_http_set_pool_ctx(r, ctx, ngx_http_modsecurity) != NGX_OK) {
             return NGX_ERROR;
         }
@@ -1181,19 +1200,17 @@ ngx_http_modsecurity_handler(ngx_http_request_t *r) {
     ngx_log_debug2(NGX_LOG_DEBUG_HTTP, r->connection->log, 0,
                    "ModSec: ctx is now: %p / count: %d", ctx, r->main->count);
 
-    if (modsecContextState(ctx->req) == MODSEC_DISABLED) {
         ngx_log_debug1(NGX_LOG_DEBUG_HTTP, r->connection->log, 0,
                    "ModSec: ModSecurity was disabled, returning....", ctx);
 
-        return NGX_DECLINED;
-    }
     if (ctx->waiting_more_body == 1) {
        ngx_log_debug1(NGX_LOG_DEBUG_HTTP, r->connection->log, 0,
                "ModSec: waiting for more data before proceed. / count: %d",
                r->main->count);
 
         return NGX_DONE;
     }
+            ngx_http_modsecurity_request_read);
 
     if (ctx->body_requested == 0) {
        ngx_log_debug(NGX_LOG_DEBUG_HTTP, r->connection->log, 0,
@@ -1221,9 +1238,16 @@ ngx_http_modsecurity_handler(ngx_http_request_t *r) {
 
         ngx_log_debug0(NGX_LOG_DEBUG_HTTP, r->connection->log, 0,
             "ModSec: request is ready to be processed.");
-        rc = ngx_http_modsecurity_process_request(r);
+        ngx_log_debug1(NGX_LOG_DEBUG_HTTP, r->connection->log, 0, 
+                "ModSec: chuncked? %d", r->chunked);
+        ngx_http_modsecurity_process_request(r);
         ctx->request_processed = 1;
+    }
 
+        ngx_log_debug0(NGX_LOG_DEBUG_HTTP, r->connection->log, 0,
+            "ModSec: request is ready to be processed.");
+        rc = ngx_http_modsecurity_process_request(r);
+        ctx->request_processed = 1;
         if (rc == NGX_ERROR || rc >= NGX_HTTP_SPECIAL_RESPONSE) {
             ngx_log_debug1(NGX_LOG_DEBUG_HTTP, r->connection->log, 0,
                 "ModSec: returning a special response after process " \
@@ -1232,8 +1256,10 @@ ngx_http_modsecurity_handler(ngx_http_request_t *r) {
            return rc;
         }
 
+void
+ngx_http_modsecurity_request_read(ngx_http_request_t *r)
+{
 
-    }
 
     ngx_log_debug0(NGX_LOG_DEBUG_HTTP, r->connection->log, 0,
         "ModSec: returning NGX_DECLINED." );
@@ -1435,7 +1461,7 @@ ngx_http_modsecurity_body_filter(ngx_http_request_t *r, ngx_chain_t *in)
     }
 
     return ngx_http_next_body_filter(r, out);
-
+#endif
     return NGX_OK;
 }
 #endif
