implement quick workaround to return libmodsecurity's pcre into workable state

Author: phantom-az

src/ngx_http_modsecurity_body_filter.c

@@ -159,7 +159,10 @@ ngx_http_modsecurity_body_filter(ngx_http_request_t *r, ngx_chain_t *in)
             }
         }
 
+        ngx_http_modsecurity_pcre_malloc_init();
         msc_process_response_body(ctx->modsec_transaction);
+        ngx_http_modsecurity_pcre_malloc_done();
+
 /* XXX: I don't get how body from modsec being transferred to nginx's buffer.  If so - after adjusting of nginx's
    XXX: body we can proceed to adjust body size (content-length).  see xslt_body_filter() for example */
         ret = ngx_http_modsecurity_process_intervention(ctx->modsec_transaction, r);

src/ngx_http_modsecurity_common.h

@@ -90,6 +90,8 @@ extern ngx_module_t ngx_http_modsecurity_module;
 int ngx_http_modsecurity_process_intervention (Transaction *transaction, ngx_http_request_t *r);
 ngx_http_modsecurity_ctx_t *ngx_http_modsecurity_create_ctx(ngx_http_request_t *r);
 char *ngx_str_to_char(ngx_str_t a, ngx_pool_t *p);
+void ngx_http_modsecurity_pcre_malloc_init(void);
+void ngx_http_modsecurity_pcre_malloc_done(void);
 
 /* ngx_http_modsecurity_body_filter.c */
 ngx_int_t ngx_http_modsecurity_body_filter_init(void);

src/ngx_http_modsecurity_header_filter.c

@@ -518,7 +518,9 @@ ngx_http_modsecurity_header_filter(ngx_http_request_t *r)
     }
 #endif
 
+    ngx_http_modsecurity_pcre_malloc_init();
     msc_process_response_headers(ctx->modsec_transaction, status, http_response_ver);
+    ngx_http_modsecurity_pcre_malloc_done();
     ret = ngx_http_modsecurity_process_intervention(ctx->modsec_transaction, r);
     if (ret > 0) {
         return ret;

src/ngx_http_modsecurity_log.c

@@ -63,7 +63,9 @@ ngx_http_modsecurity_log_handler(ngx_http_request_t *r)
     }
 
     dd("calling msc_process_logging for %p", ctx);
+    ngx_http_modsecurity_pcre_malloc_init();
     msc_process_logging(ctx->modsec_transaction);
+    ngx_http_modsecurity_pcre_malloc_done();
 
     return NGX_OK;
 }

src/ngx_http_modsecurity_module.c

@@ -21,13 +21,40 @@
 #include "ngx_http_modsecurity_common.h"
 
 static ngx_int_t ngx_http_modsecurity_init(ngx_conf_t *cf);
-static ngx_int_t ngx_http_modsecurity_preconfiguration(ngx_conf_t *cf);
 static void *ngx_http_modsecurity_create_main_conf(ngx_conf_t *cf);
 static void *ngx_http_modsecurity_create_loc_conf(ngx_conf_t *cf);
 static char *ngx_http_modsecurity_merge_loc_conf(ngx_conf_t *cf, void *parent, void *child);
 static void ngx_http_modsecurity_main_config_cleanup(void *data);
 static void ngx_http_modsecurity_config_cleanup(void *data);
 
+/*
+ * pcre malloc/free hack magic
+ */
+static void *(*old_pcre_malloc)(size_t);
+static void (*old_pcre_free)(void *ptr);
+
+void
+ngx_http_modsecurity_pcre_malloc_init(void)
+{
+    old_pcre_malloc = pcre_malloc;
+    old_pcre_free = pcre_free;
+
+    pcre_malloc = malloc;
+    pcre_free = free;
+}
+
+void
+ngx_http_modsecurity_pcre_malloc_done(void)
+{
+    if (old_pcre_malloc == NULL)
+        return;
+
+    pcre_malloc = old_pcre_malloc;
+    pcre_free = old_pcre_free;
+
+    old_pcre_malloc = NULL;
+    old_pcre_free = NULL;
+}
 
 /*
  * ngx_string's are not null-terminated in common case, so we need to convert
@@ -262,25 +289,25 @@ static ngx_command_t ngx_http_modsecurity_commands[] =  {
 
 
 static ngx_http_module_t ngx_http_modsecurity_ctx = {
-    ngx_http_modsecurity_preconfiguration,	/* preconfiguration */
-    ngx_http_modsecurity_init,			/* postconfiguration */
+    NULL,                                   /* preconfiguration */
+    ngx_http_modsecurity_init,              /* postconfiguration */
 
-    ngx_http_modsecurity_create_main_conf,	/* create main configuration */
-    NULL,					/* init main configuration */
+    ngx_http_modsecurity_create_main_conf,  /* create main configuration */
+    NULL,                                   /* init main configuration */
 
-    NULL,					/* create server configuration */
-    NULL,					/* merge server configuration */
+    NULL,                                   /* create server configuration */
+    NULL,                                   /* merge server configuration */
 
-    ngx_http_modsecurity_create_loc_conf,	/* create location configuration */
-    ngx_http_modsecurity_merge_loc_conf		/* merge location configuration */
+    ngx_http_modsecurity_create_loc_conf,   /* create location configuration */
+    ngx_http_modsecurity_merge_loc_conf     /* merge location configuration */
 };
 
 
 ngx_module_t ngx_http_modsecurity_module = {
     NGX_MODULE_V1,
-    &ngx_http_modsecurity_ctx, /* module context */
-    ngx_http_modsecurity_commands, /* module directives */
-    NGX_HTTP_MODULE, /* module type */
+    &ngx_http_modsecurity_ctx,              /* module context */
+    ngx_http_modsecurity_commands,          /* module directives */
+    NGX_HTTP_MODULE,                        /* module type */
     NULL, /* init master */
     NULL, /* init module */
     NULL, /* init process */
@@ -292,24 +319,6 @@ ngx_module_t ngx_http_modsecurity_module = {
 };
 
 
-static ngx_int_t
-ngx_http_modsecurity_preconfiguration(ngx_conf_t *cf)
-{
-    /*
-     *
-     * FIXME: Ops. Nginx hooks those two guys, we have to figure out a better
-     * way to deal with it.
-     *
-     */
-#if 0 /* XXX: attempt to find out a reason and solution */
-    pcre_malloc = malloc;
-    pcre_free = free;
-#endif
-
-    return NGX_OK;
-}
-
-
 static ngx_int_t
 ngx_http_modsecurity_init(ngx_conf_t *cf)
 {
@@ -516,7 +525,9 @@ ngx_http_modsecurity_merge_loc_conf(ngx_conf_t *cf, void *parent, void *child)
         if (rules_remote_key == (char *)-1) {
             return NGX_CONF_ERROR;
         }
+        ngx_http_modsecurity_pcre_malloc_init();
         res = msc_rules_add_remote(c->rules_set, rules_remote_key, rules_remote_server, &error);
+        ngx_http_modsecurity_pcre_malloc_done();
         dd("Loading rules from: '%s'", rules_remote_server);
         if (res < 0) {
             dd("Failed to load the rules from: '%s'  - reason: '%s'", rules_remote_server, error);
@@ -532,7 +543,9 @@ ngx_http_modsecurity_merge_loc_conf(ngx_conf_t *cf, void *parent, void *child)
         if (rules_set == (char *)-1) {
             return NGX_CONF_ERROR;
         }
+        ngx_http_modsecurity_pcre_malloc_init();
         res = msc_rules_add_file(c->rules_set, rules_set, &error);
+        ngx_http_modsecurity_pcre_malloc_done();
         dd("Loading rules from: '%s'", rules_set);
         if (res < 0) {
             dd("Failed to load the rules from: '%s' - reason: '%s'", rules_set, error);
@@ -548,7 +561,9 @@ ngx_http_modsecurity_merge_loc_conf(ngx_conf_t *cf, void *parent, void *child)
         if (rules == (char *)-1) {
             return NGX_CONF_ERROR;
         }
+        ngx_http_modsecurity_pcre_malloc_init();
         res = msc_rules_add(c->rules_set, rules, &error);
+        ngx_http_modsecurity_pcre_malloc_done();
         dd("Loading rules: '%s'", rules);
         if (res < 0) {
             dd("Failed to load the rules: '%s' - reason: '%s'", rules, error);
@@ -576,7 +591,9 @@ ngx_http_modsecurity_config_cleanup(void *data)
 {
     ngx_http_modsecurity_loc_conf_t *t = (ngx_http_modsecurity_loc_conf_t *) data;
     dd("deleting a loc conf -- RuleSet is: \"%p\"", t->rules_set);
+    ngx_http_modsecurity_pcre_malloc_init();
     msc_rules_cleanup(t->rules_set);
+    ngx_http_modsecurity_pcre_malloc_done();
     t->rules_set = NULL;
 }
 

src/ngx_http_modsecurity_pre_access.c

@@ -189,7 +189,10 @@ ngx_http_modsecurity_pre_access_handler(ngx_http_request_t *r)
 
 /* XXX: once more -- is body can be modified ?  content-length need to be adjusted ? */
 
+        ngx_http_modsecurity_pcre_malloc_init();
         msc_process_request_body(ctx->modsec_transaction);
+        ngx_http_modsecurity_pcre_malloc_done();
+
         ret = ngx_http_modsecurity_process_intervention(ctx->modsec_transaction, r);
         if (ret > 0) {
             return ret;

src/ngx_http_modsecurity_rewrite.c

@@ -80,9 +80,11 @@ ngx_http_modsecurity_rewrite_handler(ngx_http_request_t *r)
             return NGX_HTTP_INTERNAL_SERVER_ERROR;
         }
         const char *server_addr = inet_ntoa(((struct sockaddr_in *) connection->sockaddr)->sin_addr);
+        ngx_http_modsecurity_pcre_malloc_init();
         ret = msc_process_connection(ctx->modsec_transaction,
             client_addr, client_port,
             server_addr, server_port);
+        ngx_http_modsecurity_pcre_malloc_done();
         if (ret != 1){
             dd("Was not able to extract connection information.");
         }
@@ -125,7 +127,9 @@ ngx_http_modsecurity_rewrite_handler(ngx_http_request_t *r)
         if (n_uri == (char*)-1 || n_method == (char*)-1) {
             return NGX_HTTP_INTERNAL_SERVER_ERROR;
         }
+        ngx_http_modsecurity_pcre_malloc_init();
         msc_process_uri(ctx->modsec_transaction, n_uri, n_method, http_version);
+        ngx_http_modsecurity_pcre_malloc_done();
 
         dd("Processing intervention with the transaction information filled in (uri, method and version)");
         ret = ngx_http_modsecurity_process_intervention(ctx->modsec_transaction, r);
@@ -171,7 +175,9 @@ ngx_http_modsecurity_rewrite_handler(ngx_http_request_t *r)
          * to process this information.
          */
 
+        ngx_http_modsecurity_pcre_malloc_init();
         msc_process_request_headers(ctx->modsec_transaction);
+        ngx_http_modsecurity_pcre_malloc_done();
         dd("Processing intervention with the request headers information filled in");
         ret = ngx_http_modsecurity_process_intervention(ctx->modsec_transaction, r);
         if (ret > 0) {