Movatterモバイル変換

[0]ホーム
URL:

Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly

 Sign up
Appearance settings

Commit23823bb

Browse files
author
Felipe Zimmerle
committed
Makes Curl no longer a mandatory depedency for ModSecurity core
As reported by Rainer Jung, Curl may not be mandatory to buildModSecurity core. This patch make it optional by:- Concentrate all downloads using curl on msc_remote_rules.c- Split Curl build definitions checks into: WITH_CURL, WITH_REMOTE_RULESand WITH_CRYPTO. - WITH_CURL: Contains Culr headers and binaries during the build time. - WITH_REMOTE_RULES: Currently enabled if Curl is present. - WITH_CRYPTO: Set if apr tool was compiled with crypto support.- Renames msc_remote_grab_content to msc_remote_download_content
1 parent94fd570 commit23823bb

File tree

12 files changed

+182
-277
lines changed

12 files changed

+182
-277
lines changed

‎CHANGES‎

Lines changed: 6 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -1,3 +1,9 @@
1+
DD mmm YYYY - 2.9.????? (To be released)
2+
-----------------------
3+
4+
* Curl is not a mandatory dependency to ModSecurity core anymore.
5+
[Rainer Jung and ModSecurity team]
6+
17
18 Nov 2014 - 2.9.0-RC1
28
-----------------------
39

‎apache2/apache2_config.c‎

Lines changed: 12 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -2239,20 +2239,26 @@ static const char *cmd_remote_rules(cmd_parms *cmd, void *_dcfg, const char *p1,
22392239
{
22402240
char*error_msg=NULL;
22412241
directory_config*dcfg= (directory_config*)_dcfg;
2242-
#ifdefWITH_REMOTE_RULES_SUPPORT
2242+
#ifdefWITH_REMOTE_RULES
22432243
intcrypto=0;
22442244
constchar*uri=p2;
22452245
constchar*key=p1;
22462246
#endif
22472247

22482248
if (dcfg==NULL)returnNULL;
22492249

2250-
#ifdefWITH_REMOTE_RULES_SUPPORT
2250+
#ifdefWITH_REMOTE_RULES
22512251
if (strncasecmp(p1,"crypto",6)==0)
22522252
{
2253+
#ifdefWITH_APU_CRYPTO
22532254
uri=p3;
22542255
key=p2;
22552256
crypto=1;
2257+
#else
2258+
returnapr_psprintf(cmd->pool,"ModSecurity: SecRemoteRule using " \
2259+
"`crypto' but ModSecurity was not compiled with crypto " \
2260+
"support.");
2261+
#endif
22562262
}
22572263

22582264
if (uri==NULL||key==NULL)
@@ -2269,14 +2275,14 @@ static const char *cmd_remote_rules(cmd_parms *cmd, void *_dcfg, const char *p1,
22692275
// FIXME: Should we handle more then one server at once?
22702276
if (remote_rules_server!=NULL)
22712277
{
2272-
returnapr_psprintf(cmd->pool,"ModSecurity:" \
2278+
returnapr_psprintf(cmd->pool,"ModSecurity: " \
22732279
"SecRemoteRules cannot be used more than once.");
22742280
}
22752281

22762282
remote_rules_server=apr_pcalloc(cmd->pool,sizeof(msc_remote_rules_server));
22772283
if (remote_rules_server==NULL)
22782284
{
2279-
returnapr_psprintf(cmd->pool,"ModSecurity:" \
2285+
returnapr_psprintf(cmd->pool,"ModSecurity: " \
22802286
"SecRemoteRules: Internal failure. Not enougth memory.");
22812287
}
22822288

@@ -2293,8 +2299,8 @@ static const char *cmd_remote_rules(cmd_parms *cmd, void *_dcfg, const char *p1,
22932299
returnerror_msg;
22942300
}
22952301
#else
2296-
returnapr_psprintf(cmd->pool,"ModSecurity: " \
2297-
"SecRemoteRules:ModSecurity was not compiled withsuch functionality.");
2302+
returnapr_psprintf(cmd->pool,"ModSecurity:SecRemoteRules: " \
2303+
"ModSecurity was not compiled withSecRemoteRules support.");
22982304
#endif
22992305

23002306
returnNULL;

‎apache2/mod_security2.c‎

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -68,7 +68,7 @@ unsigned long int DSOLOCAL msc_pcre_match_limit = 0;
6868

6969
unsigned longintDSOLOCALmsc_pcre_match_limit_recursion=0;
7070

71-
#ifdefWITH_REMOTE_RULES_SUPPORT
71+
#ifdefWITH_REMOTE_RULES
7272
msc_remote_rules_serverDSOLOCAL*remote_rules_server=NULL;
7373
#endif
7474
intDSOLOCALremote_rules_fail_action=REMOTE_RULES_ABORT_ON_FAIL;
@@ -761,7 +761,7 @@ static int hook_post_config(apr_pool_t *mp, apr_pool_t *mp_log, apr_pool_t *mp_t
761761
}
762762
#endif
763763

764-
#ifdefWITH_REMOTE_RULES_SUPPORT
764+
#ifdefWITH_REMOTE_RULES
765765
if (remote_rules_server!=NULL)
766766
{
767767
if (remote_rules_server->amount_of_rules==1)

‎apache2/modsecurity.h‎

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -146,7 +146,7 @@ extern DSOLOCAL unsigned long int msc_pcre_match_limit;
146146

147147
externDSOLOCAL unsigned longintmsc_pcre_match_limit_recursion;
148148

149-
#ifdefWITH_REMOTE_RULES_SUPPORT
149+
#ifdefWITH_REMOTE_RULES
150150
externDSOLOCALmsc_remote_rules_server*remote_rules_server;
151151
#endif
152152
externDSOLOCALintremote_rules_fail_action;

‎apache2/msc_remote_rules.c‎

Lines changed: 49 additions & 29 deletions
Original file line numberDiff line numberDiff line change
@@ -16,17 +16,22 @@
1616
#include"msc_status_engine.h"
1717

1818
#include<apr_thread_pool.h>
19+
20+
#ifdefWITH_CURL
1921
#include<curl/curl.h>
22+
#endif
2023

2124
#include<apu.h>
25+
26+
#ifdefWITH_REMOTE_RULES
2227
#include<apr_crypto.h>
2328
#include<apr_sha1.h>
29+
#endif
2430

2531
#ifndefAP_MAX_ARGC
2632
#defineAP_MAX_ARGC 64
2733
#endif
2834

29-
#ifdefWITH_REMOTE_RULES_SUPPORT
3035

3136
/**
3237
* @brief Insert a new SecRule to be processed by ModSecurity
@@ -201,6 +206,7 @@ const char *msc_remote_invoke_cmd(const command_rec *cmd, cmd_parms *parms,
201206
NULL);
202207
}
203208
}
209+
204210
/**
205211
* @brief Fetch an URL and fill the content into a memory buffer.
206212
*
@@ -225,21 +231,25 @@ const char *msc_remote_invoke_cmd(const command_rec *cmd, cmd_parms *parms,
225231
*
226232
* @retval n>=0 everything went fine.
227233
* @retval n<-1 Something wrong happened, further details on error_msg.
234+
* n=-2 Download failed, but operation should not be aborted.
235+
* n=-3 ModSecurity was not compiled with curl support.
228236
*
229237
*/
230-
intmsc_remote_grab_content(apr_pool_t*mp,constchar*uri,constchar*key,
238+
intmsc_remote_download_content(apr_pool_t*mp,constchar*uri,constchar*key,
231239
structmsc_curl_memory_buffer_t*chunk,char**error_msg)
232240
{
241+
#ifdefWITH_CURL
233242
CURL*curl;
234243
CURLcoderes;
235244

236245
charid[(APR_SHA1_DIGESTSIZE*2)+1];
237246
char*apr_id=NULL;
238247
char*beacon_str=NULL;
239248
char*beacon_apr=NULL;
240-
char*header_key=NULL;
241249
intbeacon_str_len=0;
242250

251+
chunk->size=0;
252+
243253
memset(id,'\0',sizeof(id));
244254
if (msc_status_engine_unique_id(id))
245255
{
@@ -266,11 +276,6 @@ int msc_remote_grab_content(apr_pool_t *mp, const char *uri, const char *key,
266276
free(beacon_str);
267277
}
268278

269-
if (key!=NULL)
270-
{
271-
header_key=apr_psprintf(mp,"ModSec-key: %s",key);
272-
}
273-
274279
if (curl)
275280
{
276281
structcurl_slist*headers_chunk=NULL;
@@ -279,12 +284,14 @@ int msc_remote_grab_content(apr_pool_t *mp, const char *uri, const char *key,
279284
char*ptr=NULL;
280285
DWORDres_len;
281286
#endif
282-
curl_easy_setopt(curl,CURLOPT_URL,remote_rules_server->uri);
287+
curl_easy_setopt(curl,CURLOPT_URL,uri);
283288

284289
headers_chunk=curl_slist_append(headers_chunk,apr_id);
285290
headers_chunk=curl_slist_append(headers_chunk,beacon_apr);
286291
if (key!=NULL)
287292
{
293+
char*header_key=NULL;
294+
header_key=apr_psprintf(mp,"ModSec-key: %s",key);
288295
headers_chunk=curl_slist_append(headers_chunk,header_key);
289296
}
290297

@@ -321,17 +328,19 @@ int msc_remote_grab_content(apr_pool_t *mp, const char *uri, const char *key,
321328
if (remote_rules_fail_action==REMOTE_RULES_WARN_ON_FAIL)
322329
{
323330
ap_log_error(APLOG_MARK,APLOG_NOTICE,0,NULL,
324-
"Failed to fetch \"%s\" error: %s ",
325-
remote_rules_server->uri,curl_easy_strerror(res));
331+
"Failed to download \"%s\" error: %s ",
332+
uri,curl_easy_strerror(res));
333+
334+
return-2;
326335
}
327336
else
328337
{
329-
*error_msg=apr_psprintf(mp,"Failed tofetch \"%s\" " \
338+
*error_msg=apr_psprintf(mp,"Failed todownload \"%s\" " \
330339
"error: %s ",
331-
remote_rules_server->uri,curl_easy_strerror(res));
332-
}
340+
uri,curl_easy_strerror(res));
333341

334-
return-1;
342+
return-1;
343+
}
335344
}
336345

337346
curl_slist_free_all(headers_chunk);
@@ -341,8 +350,12 @@ int msc_remote_grab_content(apr_pool_t *mp, const char *uri, const char *key,
341350

342351
curl_global_cleanup();
343352
return0;
353+
#else
354+
return-3;
355+
#endif
344356
}
345357

358+
346359
/**
347360
* @brief Setup an apr_crypto_key_t from a given password and salt.
348361
*
@@ -369,6 +382,7 @@ int msc_remote_grab_content(apr_pool_t *mp, const char *uri, const char *key,
369382
* @retval n<-1 Something wrong happened, check error_msg for further details.
370383
*
371384
*/
385+
#ifdefWITH_APU_CRYPTO
372386
intmsc_remote_enc_key_setup(apr_pool_t*pool,
373387
constchar*key,
374388
apr_crypto_key_t**apr_key,
@@ -411,11 +425,6 @@ int msc_remote_enc_key_setup(apr_pool_t *pool,
411425
*error_msg="Internal error - apr_crypto_passphrase: APR_EKEYTYPE";
412426
return-1;
413427
}
414-
elseif (rv==APR_EKEYTYPE)
415-
{
416-
*error_msg="Internal error - apr_crypto_passphrase: APR_EKEYTYPE";
417-
return-1;
418-
}
419428
elseif (rv!=APR_SUCCESS)
420429
{
421430
*error_msg="Internal error - apr_crypto_passphrase: Unknown error";
@@ -424,6 +433,7 @@ int msc_remote_enc_key_setup(apr_pool_t *pool,
424433

425434
return0;
426435
}
436+
#endif
427437

428438
/**
429439
* @brief Decrypt an buffer into a memory buffer.
@@ -449,6 +459,7 @@ int msc_remote_enc_key_setup(apr_pool_t *pool,
449459
* @retval n<-1 Something wrong happened, further details on error_msg.
450460
*
451461
*/
462+
#ifdefWITH_APU_CRYPTO
452463
intmsc_remote_decrypt(apr_pool_t*pool,
453464
constchar*key,
454465
structmsc_curl_memory_buffer_t*chunk,
@@ -488,12 +499,9 @@ int msc_remote_decrypt(apr_pool_t *pool,
488499
return-1;
489500
}
490501

491-
#ifndefAPU_CRYPTO_RECOMMENDED_DRIVER
492-
rv=apr_crypto_get_driver(&driver,"openssl",NULL,&err,pool);
493-
#else
494502
rv=apr_crypto_get_driver(&driver,APU_CRYPTO_RECOMMENDED_DRIVER,NULL,
495503
&err,pool);
496-
#endif
504+
497505
if (rv!=APR_SUCCESS||driver==NULL)
498506
{
499507
*error_msg="Internal error - apr_crypto_get_driver: Unknown error";
@@ -573,7 +581,7 @@ int msc_remote_decrypt(apr_pool_t *pool,
573581

574582
return0;
575583
}
576-
584+
#endif
577585

578586
/**
579587
* @brief Add SecRules from a given URI.
@@ -598,6 +606,8 @@ int msc_remote_add_rules_from_uri(cmd_parms *orig_parms,
598606
msc_remote_rules_server*remote_rules_server,
599607
char**error_msg)
600608
{
609+
610+
#ifdefWITH_REMOTE_RULES
601611
structmsc_curl_memory_buffer_tchunk_encrypted;
602612
unsignedchar*plain_text=NULL;
603613
intlen=0;
@@ -612,13 +622,12 @@ int msc_remote_add_rules_from_uri(cmd_parms *orig_parms,
612622
chunk_encrypted.size=0;
613623
chunk_encrypted.memory=NULL;
614624

615-
res=msc_remote_grab_content(mp,remote_rules_server->uri,
625+
res=msc_remote_download_content(mp,remote_rules_server->uri,
616626
remote_rules_server->key,&chunk_encrypted,error_msg);
617627
if (*error_msg!=NULL)
618628
{
619629
return-1;
620630
}
621-
622631
/* error_msg is not filled when the user set SecRemoteRulesFailAction
623632
* to warn
624633
*/
@@ -629,14 +638,21 @@ int msc_remote_add_rules_from_uri(cmd_parms *orig_parms,
629638

630639
if (remote_rules_server->crypto==1)
631640
{
641+
#ifdefWITH_APU_CRYPTO
632642
msc_remote_decrypt(mp,remote_rules_server->key,&chunk_encrypted,
633643
&plain_text,
634644
&plain_text_len,
635645
error_msg);
636646
if (*error_msg!=NULL)
637647
{
648+
msc_remote_clean_chunk(&chunk_encrypted);
638649
return-1;
639650
}
651+
#else
652+
*error_msg="ModSecurity was not compiled with crypto support.\n";
653+
msc_remote_clean_chunk(&chunk_encrypted);
654+
return-1;
655+
#endif
640656

641657
msc_remote_clean_chunk(&chunk_encrypted);
642658
}
@@ -725,12 +741,17 @@ int msc_remote_add_rules_from_uri(cmd_parms *orig_parms,
725741
{
726742
msc_remote_clean_chunk(&chunk_encrypted);
727743
}
744+
#else
745+
*error_msg="SecRemoteRules was not enabled during ModSecurity " \
746+
"compilation.";
747+
return-1;
748+
#endif
728749
}
729750

730751

731752
intmsc_remote_clean_chunk(structmsc_curl_memory_buffer_t*chunk)
732753
{
733-
if (chunk->size<=0)
754+
if (chunk->size==0)
734755
{
735756
gotoend;
736757
}
@@ -747,4 +768,3 @@ int msc_remote_clean_chunk(struct msc_curl_memory_buffer_t *chunk)
747768
return0;
748769
}
749770

750-
#endif

0 commit comments

Comments
 (0)
[8]ページ先頭
©2009-2025 Movatter.jp