diff --git a/nginx/modsecurity/config b/nginx/modsecurity/config index 99dafc37cf..dbf42706cd 100644 --- a/nginx/modsecurity/config +++ b/nginx/modsecurity/config @@ -1,8 +1,7 @@ ngx_addon_name=ngx_http_modsecurity CORE_MODULES="$CORE_MODULES ngx_pool_context_module" -HTTP_AUX_FILTER_MODULE="ngx_http_modsecurity $HTTP_AUX_FILTER_MODULE" +HTTP_AUX_FILTER_MODULES="ngx_http_modsecurity $HTTP_AUX_FILTER_MODULES" NGX_ADDON_SRCS="$NGX_ADDON_SRCS $ngx_addon_dir/ngx_http_modsecurity.c $ngx_addon_dir/apr_bucket_nginx.c $ngx_addon_dir/ngx_pool_context.c" NGX_ADDON_DEPS="$NGX_ADDON_DEPS $ngx_addon_dir/apr_bucket_nginx.h $ngx_addon_dir/ngx_pool_context.h" CORE_LIBS="$CORE_LIBS $ngx_addon_dir/../../standalone/.libs/standalone.a -lapr-1 -laprutil-1 -lxml2 -lm " CORE_INCS="$CORE_INCS /usr/include/apache2 /usr/include/apr-1.0 /usr/include/httpd /usr/include/apr-1 $ngx_addon_dir $ngx_addon_dir/../../standalone $ngx_addon_dir/../../apache2 /usr/include/libxml2 " -#have=REQUEST_EARLY . auto/have diff --git a/nginx/modsecurity/ngx_http_modsecurity.c b/nginx/modsecurity/ngx_http_modsecurity.c index 6eeeef05e0..3b8194ccce 100644 --- a/nginx/modsecurity/ngx_http_modsecurity.c +++ b/nginx/modsecurity/ngx_http_modsecurity.c @@ -139,6 +139,23 @@ static struct { }; +static inline u_char * +ngx_pstrdup0(ngx_pool_t *pool, ngx_str_t *src) +{ + u_char *dst; + + dst = ngx_pnalloc(pool, src->len + 1); + if (dst == NULL) { + return NULL; + } + + ngx_memcpy(dst, src->data, src->len); + dst[src->len] = '\0'; + + return dst; +} + + static inline int ngx_http_modsecurity_method_number(unsigned int nginx) { /* @@ -195,7 +212,7 @@ ngx_http_modsecurity_load_request(ngx_http_request_t *r) req = ctx->req; /* request line */ - req->method = (char *)ngx_pstrdup(r->pool, &r->method_name); + req->method = (char *)ngx_pstrdup0(r->pool, &r->method_name); /* TODO: how to use ap_method_number_of ? * req->method_number = ap_method_number_of(req->method); @@ -211,15 +228,15 @@ ngx_http_modsecurity_load_request(ngx_http_request_t *r) req->filename = (char *) path.data; req->path_info = req->filename; - req->args = (char *)ngx_pstrdup(r->pool, &r->args); + req->args = (char *)ngx_pstrdup0(r->pool, &r->args); req->proto_num = r->http_major *1000 + r->http_minor; - req->protocol = (char *)ngx_pstrdup(r->pool, &r->http_protocol); + req->protocol = (char *)ngx_pstrdup0(r->pool, &r->http_protocol); req->request_time = apr_time_make(r->start_sec, r->start_msec); - req->the_request = (char *)ngx_pstrdup(r->pool, &r->request_line); + req->the_request = (char *)ngx_pstrdup0(r->pool, &r->request_line); - req->unparsed_uri = (char *)ngx_pstrdup(r->pool, &r->unparsed_uri); - req->uri = (char *)ngx_pstrdup(r->pool, &r->uri); + req->unparsed_uri = (char *)ngx_pstrdup0(r->pool, &r->unparsed_uri); + req->uri = (char *)ngx_pstrdup0(r->pool, &r->uri); req->parsed_uri.scheme = "http"; @@ -235,17 +252,17 @@ ngx_http_modsecurity_load_request(ngx_http_request_t *r) str.data = r->port_start; str.len = r->port_end - r->port_start; req->parsed_uri.port = ngx_atoi(str.data, str.len); - req->parsed_uri.port_str = (char *)ngx_pstrdup(r->pool, &str); + req->parsed_uri.port_str = (char *)ngx_pstrdup0(r->pool, &str); req->parsed_uri.query = req->args; req->parsed_uri.dns_looked_up = 0; req->parsed_uri.dns_resolved = 0; - // req->parsed_uri.password = (char *)ngx_pstrdup(r->pool, &r->headers_in.passwd); - // req->parsed_uri.user = (char *)ngx_pstrdup(r->pool, &r->headers_in.user); - req->parsed_uri.fragment = (char *)ngx_pstrdup(r->pool, &r->exten); + // req->parsed_uri.password = (char *)ngx_pstrdup0(r->pool, &r->headers_in.passwd); + // req->parsed_uri.user = (char *)ngx_pstrdup0(r->pool, &r->headers_in.user); + req->parsed_uri.fragment = (char *)ngx_pstrdup0(r->pool, &r->exten); - req->hostname = (char *)ngx_pstrdup(r->pool, (ngx_str_t *)&ngx_cycle->hostname); + req->hostname = (char *)ngx_pstrdup0(r->pool, (ngx_str_t *)&ngx_cycle->hostname); req->header_only = r->header_only ? r->header_only : (r->method == NGX_HTTP_HEAD); @@ -307,7 +324,7 @@ ngx_http_modsecurity_load_headers_in(ngx_http_request_t *r) req->ap_auth_type = (char *)apr_table_get(req->headers_in, "Authorization"); - req->user = (char *)ngx_pstrdup(r->pool, &r->headers_in.user); + req->user = (char *)ngx_pstrdup0(r->pool, &r->headers_in.user); @@ -580,7 +597,7 @@ ngx_http_modsecurity_load_headers_out(ngx_http_request_t *r) req = ctx->req; req->status = r->headers_out.status; - req->status_line = (char *)ngx_pstrdup(r->pool, &r->headers_out.status_line); + req->status_line = (char *)ngx_pstrdup0(r->pool, &r->headers_out.status_line); if (r->headers_out.charset.len) { @@ -1217,7 +1234,7 @@ ngx_http_modsecurity_create_ctx(ngx_http_request_t *r) /* fill apr_sockaddr_t */ asa = ngx_palloc(r->pool, sizeof(apr_sockaddr_t)); asa->pool = ctx->connection->pool; - asa->hostname = (char *)ngx_pstrdup(r->pool, &r->connection->addr_text); + asa->hostname = (char *)ngx_pstrdup0(r->pool, &r->connection->addr_text); asa->servname = asa->hostname; asa->next = NULL; asa->salen = r->connection->socklen; diff --git a/standalone/Makefile.am b/standalone/Makefile.am index 890d1b767f..d6dd02f813 100644 --- a/standalone/Makefile.am +++ b/standalone/Makefile.am @@ -77,12 +77,11 @@ install-exec-hook: $(pkglib_LTLIBRARIES) rm -f ../nginx/modsecurity/config; \ echo "ngx_addon_name=ngx_http_modsecurity" >> ../nginx/modsecurity/config; \ echo "CORE_MODULES=\"\$$CORE_MODULES ngx_pool_context_module\"" >> ../nginx/modsecurity/config; \ - echo "HTTP_AUX_FILTER_MODULE=\"ngx_http_modsecurity \$$HTTP_AUX_FILTER_MODULE\"" >> ../nginx/modsecurity/config; \ + echo "HTTP_AUX_FILTER_MODULES=\"ngx_http_modsecurity \$$HTTP_AUX_FILTER_MODULES\"" >> ../nginx/modsecurity/config; \ echo "NGX_ADDON_SRCS=\"\$$NGX_ADDON_SRCS \$$ngx_addon_dir/ngx_http_modsecurity.c \$$ngx_addon_dir/apr_bucket_nginx.c \$$ngx_addon_dir/ngx_pool_context.c\"" >> ../nginx/modsecurity/config;\ echo "NGX_ADDON_DEPS=\"\$$NGX_ADDON_DEPS \$$ngx_addon_dir/apr_bucket_nginx.h \$$ngx_addon_dir/ngx_pool_context.h\"" >> ../nginx/modsecurity/config; \ echo "CORE_LIBS=\"\$$CORE_LIBS \$$ngx_addon_dir/../../standalone/.libs/standalone.a -lapr-1 -laprutil-1 -lxml2 -lm @LUA_LDADD@\"" >> ../nginx/modsecurity/config; \ echo "CORE_INCS=\"\$$CORE_INCS /usr/include/apache2 /usr/include/apr-1.0 /usr/include/httpd /usr/include/apr-1 \$$ngx_addon_dir \$$ngx_addon_dir/../../standalone \$$ngx_addon_dir/../../apache2 /usr/include/libxml2 `echo @LUA_CFLAGS@ | cut -d "I" -f3`\"" >> ../nginx/modsecurity/config; \ - echo "#have=REQUEST_EARLY . auto/have" >> ../nginx/modsecurity/config;\ echo "Removing unused static libraries..."; \ for m in $(pkglib_LTLIBRARIES); do \ base=`echo $$m | sed 's/\..*//'`; \