|
Packit Service |
384592 |
/*
|
|
Packit Service |
384592 |
* ModSecurity for Apache 2.x, http://www.modsecurity.org/
|
|
Packit Service |
384592 |
* Copyright (c) 2004-2013 Trustwave Holdings, Inc. (http://www.trustwave.com/)
|
|
Packit Service |
384592 |
*
|
|
Packit Service |
384592 |
* You may not use this file except in compliance with
|
|
Packit Service |
384592 |
* the License. You may obtain a copy of the License at
|
|
Packit Service |
384592 |
*
|
|
Packit Service |
384592 |
* http://www.apache.org/licenses/LICENSE-2.0
|
|
Packit Service |
384592 |
*
|
|
Packit Service |
384592 |
* If any of the files related to licensing are missing or if you have any
|
|
Packit Service |
384592 |
* other questions related to licensing please contact Trustwave Holdings, Inc.
|
|
Packit Service |
384592 |
* directly using the email address security@modsecurity.org.
|
|
Packit Service |
384592 |
*/
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
#include <limits.h>
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
#include "http_core.h"
|
|
Packit Service |
384592 |
#include "http_request.h"
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
#include "modsecurity.h"
|
|
Packit Service |
384592 |
#include "apache2.h"
|
|
Packit Service |
384592 |
#include "http_main.h"
|
|
Packit Service |
384592 |
#include "http_connection.h"
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
#include "apr_optional.h"
|
|
Packit Service |
384592 |
#include "mod_log_config.h"
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
#include "msc_logging.h"
|
|
Packit Service |
384592 |
#include "msc_util.h"
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
#include "ap_mpm.h"
|
|
Packit Service |
384592 |
#include "scoreboard.h"
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
#include "apr_version.h"
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
#include "apr_lib.h"
|
|
Packit Service |
384592 |
#include "ap_config.h"
|
|
Packit Service |
384592 |
#include "http_config.h"
|
|
Packit Service |
384592 |
#include "apr_buckets.h"
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
AP_DECLARE(apr_status_t) ap_get_brigade(ap_filter_t *next,
|
|
Packit Service |
384592 |
apr_bucket_brigade *bb,
|
|
Packit Service |
384592 |
ap_input_mode_t mode,
|
|
Packit Service |
384592 |
apr_read_type_e block,
|
|
Packit Service |
384592 |
apr_off_t readbytes)
|
|
Packit Service |
384592 |
{
|
|
Packit Service |
384592 |
if (next) {
|
|
Packit Service |
384592 |
return next->frec->filter_func.in_func(next, bb, mode, block,
|
|
Packit Service |
384592 |
readbytes);
|
|
Packit Service |
384592 |
}
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
return AP_NOBODY_READ;
|
|
Packit Service |
384592 |
}
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
AP_DECLARE(apr_status_t) ap_pass_brigade(ap_filter_t *next,
|
|
Packit Service |
384592 |
apr_bucket_brigade *bb)
|
|
Packit Service |
384592 |
{
|
|
Packit Service |
384592 |
if (next) {
|
|
Packit Service |
384592 |
apr_bucket *e;
|
|
Packit Service |
384592 |
if ((e = APR_BRIGADE_LAST(bb)) && APR_BUCKET_IS_EOS(e) && next->r) {
|
|
Packit Service |
384592 |
/* This is only safe because HTTP_HEADER filter is always in
|
|
Packit Service |
384592 |
* the filter stack. This ensures that there is ALWAYS a
|
|
Packit Service |
384592 |
* request-based filter that we can attach this to. If the
|
|
Packit Service |
384592 |
* HTTP_FILTER is removed, and another filter is not put in its
|
|
Packit Service |
384592 |
* place, then handlers like mod_cgi, which attach their own
|
|
Packit Service |
384592 |
* EOS bucket to the brigade will be broken, because we will
|
|
Packit Service |
384592 |
* get two EOS buckets on the same request.
|
|
Packit Service |
384592 |
*/
|
|
Packit Service |
384592 |
next->r->eos_sent = 1;
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
/* remember the eos for internal redirects, too */
|
|
Packit Service |
384592 |
if (next->r->prev) {
|
|
Packit Service |
384592 |
request_rec *prev = next->r->prev;
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
while (prev) {
|
|
Packit Service |
384592 |
prev->eos_sent = 1;
|
|
Packit Service |
384592 |
prev = prev->prev;
|
|
Packit Service |
384592 |
}
|
|
Packit Service |
384592 |
}
|
|
Packit Service |
384592 |
}
|
|
Packit Service |
384592 |
return next->frec->filter_func.out_func(next, bb);
|
|
Packit Service |
384592 |
}
|
|
Packit Service |
384592 |
return AP_NOBODY_WROTE;
|
|
Packit Service |
384592 |
}
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
AP_DECLARE(apr_status_t) ap_save_brigade(ap_filter_t *f,
|
|
Packit Service |
384592 |
apr_bucket_brigade **saveto,
|
|
Packit Service |
384592 |
apr_bucket_brigade **b, apr_pool_t *p)
|
|
Packit Service |
384592 |
{
|
|
Packit Service |
384592 |
apr_bucket *e;
|
|
Packit Service |
384592 |
apr_status_t rv, srv = APR_SUCCESS;
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
/* If have never stored any data in the filter, then we had better
|
|
Packit Service |
384592 |
* create an empty bucket brigade so that we can concat.
|
|
Packit Service |
384592 |
*/
|
|
Packit Service |
384592 |
if (!(*saveto)) {
|
|
Packit Service |
384592 |
*saveto = apr_brigade_create(p, f->c->bucket_alloc);
|
|
Packit Service |
384592 |
}
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
for (e = APR_BRIGADE_FIRST(*b);
|
|
Packit Service |
384592 |
e != APR_BRIGADE_SENTINEL(*b);
|
|
Packit Service |
384592 |
e = APR_BUCKET_NEXT(e))
|
|
Packit Service |
384592 |
{
|
|
Packit Service |
384592 |
rv = apr_bucket_setaside(e, p);
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
/* If the bucket type does not implement setaside, then
|
|
Packit Service |
384592 |
* (hopefully) morph it into a bucket type which does, and set
|
|
Packit Service |
384592 |
* *that* aside... */
|
|
Packit Service |
384592 |
if (rv == APR_ENOTIMPL) {
|
|
Packit Service |
384592 |
const char *s;
|
|
Packit Service |
384592 |
apr_size_t n;
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
rv = apr_bucket_read(e, &s, &n, APR_BLOCK_READ);
|
|
Packit Service |
384592 |
if (rv == APR_SUCCESS) {
|
|
Packit Service |
384592 |
rv = apr_bucket_setaside(e, p);
|
|
Packit Service |
384592 |
}
|
|
Packit Service |
384592 |
}
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
if (rv != APR_SUCCESS) {
|
|
Packit Service |
384592 |
srv = rv;
|
|
Packit Service |
384592 |
/* Return an error but still save the brigade if
|
|
Packit Service |
384592 |
* ->setaside() is really not implemented. */
|
|
Packit Service |
384592 |
if (rv != APR_ENOTIMPL) {
|
|
Packit Service |
384592 |
return rv;
|
|
Packit Service |
384592 |
}
|
|
Packit Service |
384592 |
}
|
|
Packit Service |
384592 |
}
|
|
Packit Service |
384592 |
APR_BRIGADE_CONCAT(*saveto, *b);
|
|
Packit Service |
384592 |
return srv;
|
|
Packit Service |
384592 |
}
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
static apr_status_t error_bucket_read(apr_bucket *b, const char **str,
|
|
Packit Service |
384592 |
apr_size_t *len, apr_read_type_e block)
|
|
Packit Service |
384592 |
{
|
|
Packit Service |
384592 |
*str = "Unknown error.";
|
|
Packit Service |
384592 |
*len = strlen(*str);
|
|
Packit Service |
384592 |
return APR_SUCCESS;
|
|
Packit Service |
384592 |
}
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
static void error_bucket_destroy(void *data)
|
|
Packit Service |
384592 |
{
|
|
Packit Service |
384592 |
ap_bucket_error *h = data;
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
if (apr_bucket_shared_destroy(h)) {
|
|
Packit Service |
384592 |
apr_bucket_free(h);
|
|
Packit Service |
384592 |
}
|
|
Packit Service |
384592 |
}
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
AP_DECLARE_DATA const apr_bucket_type_t ap_bucket_type_error = {
|
|
Packit Service |
384592 |
"ERROR", 5, APR_BUCKET_METADATA,
|
|
Packit Service |
384592 |
error_bucket_destroy,
|
|
Packit Service |
384592 |
error_bucket_read,
|
|
Packit Service |
384592 |
apr_bucket_setaside_notimpl,
|
|
Packit Service |
384592 |
apr_bucket_split_notimpl,
|
|
Packit Service |
384592 |
apr_bucket_shared_copy
|
|
Packit Service |
384592 |
};
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
AP_DECLARE(apr_bucket *) ap_bucket_error_make(apr_bucket *b, int error,
|
|
Packit Service |
384592 |
const char *buf, apr_pool_t *p)
|
|
Packit Service |
384592 |
{
|
|
Packit Service |
384592 |
ap_bucket_error *h;
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
h = apr_bucket_alloc(sizeof(*h), b->list);
|
|
Packit Service |
384592 |
h->status = error;
|
|
Packit Service |
384592 |
h->data = (buf) ? apr_pstrdup(p, buf) : NULL;
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
b = apr_bucket_shared_make(b, h, 0, 0);
|
|
Packit Service |
384592 |
b->type = &ap_bucket_type_error;
|
|
Packit Service |
384592 |
return b;
|
|
Packit Service |
384592 |
}
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
AP_DECLARE(apr_bucket *) ap_bucket_error_create(int error, const char *buf,
|
|
Packit Service |
384592 |
apr_pool_t *p,
|
|
Packit Service |
384592 |
apr_bucket_alloc_t *list)
|
|
Packit Service |
384592 |
{
|
|
Packit Service |
384592 |
apr_bucket *b = apr_bucket_alloc(sizeof(*b), list);
|
|
Packit Service |
384592 |
|
|
Packit Service |
384592 |
APR_BUCKET_INIT(b);
|
|
Packit Service |
384592 |
b->free = apr_bucket_free;
|
|
Packit Service |
384592 |
b->list = list;
|
|
Packit Service |
384592 |
return ap_bucket_error_make(b, error, buf, p);
|
|
Packit Service |
384592 |
}
|
|
Packit Service |
384592 |
|