Commit 6d7e8eb

authored

Merge commit from fork

fix: prevent two responses in case of invalid request

2 parents e1ea8e5 + dfbde55 commit 6d7e8ebCopy full SHA for 6d7e8eb

File tree

2 files changed

+32

-73

lines changed

apache2
- apache2_io.c
- mod_security2.c

2 files changed

+32

-73

lines changed

`‎apache2/apache2_io.c‎`

Lines changed: 24 additions & 24 deletions

Original file line number	Diff line number	Diff line change
`@@ -192,27 +192,29 @@ apr_status_t read_request_body(modsec_rec msr, char *error_msg) {`
`192`	`192`	`if (msr->txcfg->debuglog_level >= 4) {`
`193`	`193`	`msr_log(msr, 4, "Input filter: This request does not have a body.");`
`194`	`194`	`}`
`195`		`- return 0;`
	`195`	`+ return APR_SUCCESS;`
`196`	`196`	`}`
`197`	`197`
`198`	`198`	`if (msr->txcfg->reqbody_access != 1) {`
`199`	`199`	`if (msr->txcfg->debuglog_level >= 4) {`
`200`	`200`	`msr_log(msr, 4, "Input filter: Request body access not enabled.");`
`201`	`201`	`}`
`202`		`- return 0;`
	`202`	`+ return APR_SUCCESS;`
`203`	`203`	`}`
`204`	`204`
`205`	`205`	`if (msr->txcfg->debuglog_level >= 4) {`
`206`	`206`	`msr_log(msr, 4, "Input filter: Reading request body.");`
`207`	`207`	`}`
`208`	`208`	`if (modsecurity_request_body_start(msr, error_msg) < 0) {`
`209`		`- return -1;`
	`209`	`+ return HTTP_INTERNAL_SERVER_ERROR;`
`210`	`210`	`}`
`211`	`211`
`212`	`212`	`finished_reading = 0;`
`213`	`213`	`msr->if_seen_eos = 0;`
`214`	`214`	`bb_in = apr_brigade_create(msr->mp, r->connection->bucket_alloc);`
`215`		`- if (bb_in == NULL) return -1;`
	`215`	`+ if (bb_in == NULL) {`
	`216`	`+ return HTTP_INTERNAL_SERVER_ERROR;`
	`217`	`+ }`
`216`	`218`	`do {`
`217`	`219`	`apr_status_t rc;`
`218`	`220`
`@@ -222,25 +224,17 @@ apr_status_t read_request_body(modsec_rec msr, char *error_msg) {`
`222`	`224`	`* too large and APR_EGENERAL when the client disconnects.`
`223`	`225`	`*/`
`224`	`226`	`switch(rc) {`
`225`		`- case APR_INCOMPLETE :`
`226`		`- *error_msg = apr_psprintf(msr->mp, "Error reading request body: %s", get_apr_error(msr->mp, rc));`
`227`		`- return -7;`
`228`		`- case APR_EOF :`
`229`		`- *error_msg = apr_psprintf(msr->mp, "Error reading request body: %s", get_apr_error(msr->mp, rc));`
`230`		`- return -6;`
`231`		`- case APR_TIMEUP :`
`232`		`- *error_msg = apr_psprintf(msr->mp, "Error reading request body: %s", get_apr_error(msr->mp, rc));`
`233`		`- return -4;`
`234`	`227`	`case AP_FILTER_ERROR :`
`235`	`228`	`*error_msg = apr_psprintf(msr->mp, "Error reading request body: HTTP Error 413 - Request entity too large. (Most likely.)");`
`236`		`- return-3;`
	`229`	`+ break;`
`237`	`230`	`case APR_EGENERAL :`
`238`	`231`	`*error_msg = apr_psprintf(msr->mp, "Error reading request body: Client went away.");`
`239`		`- return-2;`
	`232`	`+ break;`
`240`	`233`	`default :`
`241`	`234`	`*error_msg = apr_psprintf(msr->mp, "Error reading request body: %s", get_apr_error(msr->mp, rc));`
`242`		`- return-1;`
	`235`	`+ break;`
`243`	`236`	`}`
	`237`	`+ return ap_map_http_request_error(rc, HTTP_BAD_REQUEST);`
`244`	`238`	`}`
`245`	`239`
`246`	`240`	`/* Loop through the buckets in the brigade in order`
`@@ -256,7 +250,7 @@ apr_status_t read_request_body(modsec_rec msr, char *error_msg) {`
`256`	`250`	`rc = apr_bucket_read(bucket, &buf, &buflen, APR_BLOCK_READ);`
`257`	`251`	`if (rc != APR_SUCCESS) {`
`258`	`252`	`*error_msg = apr_psprintf(msr->mp, "Failed reading input / bucket (%d): %s", rc, get_apr_error(msr->mp, rc));`
`259`		`- return -1;`
	`253`	`+ return HTTP_INTERNAL_SERVER_ERROR;`
`260`	`254`	`}`
`261`	`255`
`262`	`256`	`if (msr->txcfg->debuglog_level >= 9) {`
`@@ -269,7 +263,7 @@ apr_status_t read_request_body(modsec_rec msr, char *error_msg) {`
`269`	`263`	`if((msr->txcfg->is_enabled == MODSEC_ENABLED) && (msr->txcfg->if_limit_action == REQUEST_BODY_LIMIT_ACTION_REJECT)) {`
`270`	`264`	`*error_msg = apr_psprintf(msr->mp, "Request body is larger than the "`
`271`	`265`	`"configured limit (%ld).", msr->txcfg->reqbody_limit);`
`272`		`- return -5;`
	`266`	`+ return HTTP_REQUEST_ENTITY_TOO_LARGE;`
`273`	`267`	`} else if((msr->txcfg->is_enabled == MODSEC_ENABLED) && (msr->txcfg->if_limit_action == REQUEST_BODY_LIMIT_ACTION_PARTIAL)) {`
`274`	`268`
`275`	`269`	`*error_msg = apr_psprintf(msr->mp, "Request body is larger than the "`
`@@ -290,7 +284,7 @@ apr_status_t read_request_body(modsec_rec msr, char *error_msg) {`
`290`	`284`	`*error_msg = apr_psprintf(msr->mp, "Request body is larger than the "`
`291`	`285`	`"configured limit (%ld).", msr->txcfg->reqbody_limit);`
`292`	`286`
`293`		`- return -5;`
	`287`	`+ return HTTP_REQUEST_ENTITY_TOO_LARGE;`
`294`	`288`	`}`
`295`	`289`	`}`
`296`	`290`
`@@ -300,7 +294,7 @@ apr_status_t read_request_body(modsec_rec msr, char *error_msg) {`
`300`	`294`	`modsecurity_request_body_to_stream(msr, buf, buflen, error_msg);`
`301`	`295`	`#else`
`302`	`296`	`if (modsecurity_request_body_to_stream(msr, buf, buflen, error_msg) < 0) {`
`303`		`- return -1;`
	`297`	`+ return HTTP_INTERNAL_SERVER_ERROR;`
`304`	`298`	`}`
`305`	`299`	`#endif`
`306`	`300`	`}`
`@@ -319,7 +313,7 @@ apr_status_t read_request_body(modsec_rec msr, char *error_msg) {`
`319`	`313`	`if((msr->txcfg->is_enabled == MODSEC_ENABLED) && (msr->txcfg->if_limit_action == REQUEST_BODY_LIMIT_ACTION_REJECT)) {`
`320`	`314`	`*error_msg = apr_psprintf(msr->mp, "Request body no files data length is larger than the "`
`321`	`315`	`"configured limit (%ld).", msr->txcfg->reqbody_no_files_limit);`
`322`		`- return -5;`
	`316`	`+ return HTTP_REQUEST_ENTITY_TOO_LARGE;`
`323`	`317`	`} else if ((msr->txcfg->is_enabled == MODSEC_ENABLED) && (msr->txcfg->if_limit_action == REQUEST_BODY_LIMIT_ACTION_PARTIAL)) {`
`324`	`318`	`*error_msg = apr_psprintf(msr->mp, "Request body no files data length is larger than the "`
`325`	`319`	`"configured limit (%ld).", msr->txcfg->reqbody_no_files_limit);`
`@@ -329,12 +323,12 @@ apr_status_t read_request_body(modsec_rec msr, char *error_msg) {`
`329`	`323`	`} else {`
`330`	`324`	`*error_msg = apr_psprintf(msr->mp, "Request body no files data length is larger than the "`
`331`	`325`	`"configured limit (%ld).", msr->txcfg->reqbody_no_files_limit);`
`332`		`- return -5;`
	`326`	`+ return HTTP_REQUEST_ENTITY_TOO_LARGE;`
`333`	`327`	`}`
`334`	`328`	`}`
`335`	`329`
`336`	`330`	`if((msr->txcfg->is_enabled == MODSEC_ENABLED) && (msr->txcfg->if_limit_action == REQUEST_BODY_LIMIT_ACTION_REJECT))`
`337`		`- return -1;`
	`331`	`+ return HTTP_INTERNAL_SERVER_ERROR;`
`338`	`332`	`}`
`339`	`333`
`340`	`334`	`}`
`@@ -357,7 +351,13 @@ apr_status_t read_request_body(modsec_rec msr, char *error_msg) {`
`357`	`351`
`358`	`352`	`msr->if_status = IF_STATUS_WANTS_TO_RUN;`
`359`	`353`
`360`		`- return rcbe;`
	`354`	`+ if (rcbe == -5) {`
	`355`	`+ return HTTP_REQUEST_ENTITY_TOO_LARGE;`
	`356`	`+ }`
	`357`	`+ if (rcbe < 0) {`
	`358`	`+ return HTTP_INTERNAL_SERVER_ERROR;`
	`359`	`+ }`
	`360`	`+ return APR_SUCCESS;`
`361`	`361`	`}`
`362`	`362`
`363`	`363`

`‎apache2/mod_security2.c‎`

Lines changed: 8 additions & 49 deletions

Original file line number	Diff line number	Diff line change
`@@ -1032,56 +1032,15 @@ static int hook_request_late(request_rec *r) {`
`1032`	`1032`	`}`
`1033`	`1033`
`1034`	`1034`	`rc = read_request_body(msr, &my_error_msg);`
`1035`		`- if (rc < 0 && msr->txcfg->is_enabled == MODSEC_ENABLED) {`
`1036`		`- switch(rc) {`
`1037`		`- case -1 :`
`1038`		`- if (my_error_msg != NULL) {`
`1039`		`- msr_log(msr, 1, "%s", my_error_msg);`
`1040`		`- }`
`1041`		`- return HTTP_INTERNAL_SERVER_ERROR;`
`1042`		`- break;`
`1043`		`- case -4 : /* Timeout. */`
`1044`		`- if (my_error_msg != NULL) {`
`1045`		`- msr_log(msr, 4, "%s", my_error_msg);`
`1046`		`- }`
`1047`		`- r->connection->keepalive = AP_CONN_CLOSE;`
`1048`		`- return HTTP_REQUEST_TIME_OUT;`
`1049`		`- break;`
`1050`		`- case -5 : /* Request body limit reached. */`
`1051`		`- msr->inbound_error = 1;`
`1052`		`- if((msr->txcfg->is_enabled == MODSEC_ENABLED) && (msr->txcfg->if_limit_action == REQUEST_BODY_LIMIT_ACTION_REJECT)) {`
`1053`		`- r->connection->keepalive = AP_CONN_CLOSE;`
`1054`		`- if (my_error_msg != NULL) {`
`1055`		`- msr_log(msr, 1, "%s. Deny with code (%d)", my_error_msg, HTTP_REQUEST_ENTITY_TOO_LARGE);`
`1056`		`- }`
`1057`		`- return HTTP_REQUEST_ENTITY_TOO_LARGE;`
`1058`		`- } else {`
`1059`		`- if (my_error_msg != NULL) {`
`1060`		`- msr_log(msr, 1, "%s", my_error_msg);`
`1061`		`- }`
`1062`		`- }`
`1063`		`- break;`
`1064`		`- case -6 : /* EOF when reading request body. */`
`1065`		`- if (my_error_msg != NULL) {`
`1066`		`- msr_log(msr, 4, "%s", my_error_msg);`
`1067`		`- }`
`1068`		`- r->connection->keepalive = AP_CONN_CLOSE;`
`1069`		`- return HTTP_BAD_REQUEST;`
`1070`		`- break;`
`1071`		`- case -7 : /* Partial recieved */`
`1072`		`- if (my_error_msg != NULL) {`
`1073`		`- msr_log(msr, 4, "%s", my_error_msg);`
`1074`		`- }`
`1075`		`- r->connection->keepalive = AP_CONN_CLOSE;`
`1076`		`- return HTTP_BAD_REQUEST;`
`1077`		`- break;`
`1078`		`- default :`
`1079`		`- /* allow through */`
`1080`		`- break;`
	`1035`	`+ if (rc != OK) {`
	`1036`	`+ if (my_error_msg != NULL) {`
	`1037`	`+ msr_log(msr, 1, "%s", my_error_msg);`
`1081`	`1038`	`}`
`1082`		`-`
`1083`		`- msr->msc_reqbody_error = 1;`
`1084`		`- msr->msc_reqbody_error_msg = my_error_msg;`
	`1039`	`+ if (rc == HTTP_REQUEST_ENTITY_TOO_LARGE) {`
	`1040`	`+ msr->inbound_error = 1;`
	`1041`	`+ }`
	`1042`	`+ r->connection->keepalive = AP_CONN_CLOSE;`
	`1043`	`+ return rc;`
`1085`	`1044`	`}`
`1086`	`1045`
`1087`	`1046`	`/* Update the request headers. They might have changed after`

0 commit comments

Comments

(0)

Navigation Menu

Search code, repositories, users, issues, pull requests...

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Commit 6d7e8eb

File tree

2 files changed

2 files changed

`‎apache2/apache2_io.c‎`

`‎apache2/mod_security2.c‎`

0 commit comments