Movatterモバイル変換

[0]ホーム
URL:

Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly

 Sign up
Appearance settings

Commit6406e21

Browse files
author
Felipe Zimmerle
committed
Makes `large stream optimization' optional
1 parent2e9ea0a commit6406e21

File tree

5 files changed

+84
-5
lines changed

5 files changed

+84
-5
lines changed

‎apache2/apache2_io.c‎

Lines changed: 5 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -192,7 +192,6 @@ apr_status_t read_request_body(modsec_rec *msr, char **error_msg) {
192192
if (msr->txcfg->debuglog_level >=4) {
193193
msr_log(msr,4,"Input filter: Reading request body.");
194194
}
195-
196195
if (modsecurity_request_body_start(msr,error_msg)<0) {
197196
return-1;
198197
}
@@ -283,9 +282,14 @@ apr_status_t read_request_body(modsec_rec *msr, char **error_msg) {
283282
}
284283

285284
if (msr->txcfg->stream_inbody_inspection==1) {
285+
#ifndefMSC_LARGE_STREAM_INPUT
286+
msr->stream_input_length+=buflen;
287+
modsecurity_request_body_to_stream(msr,buf,buflen,error_msg);
288+
#else
286289
if (modsecurity_request_body_to_stream(msr,buf,buflen,error_msg)<0) {
287290
return-1;
288291
}
292+
#endif
289293
}
290294

291295
msr->reqbody_length+=buflen;

‎apache2/modsecurity.h‎

Lines changed: 3 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -287,7 +287,10 @@ struct modsec_rec {
287287
unsignedintresbody_contains_html;
288288

289289
apr_size_tstream_input_length;
290+
#ifdefMSC_LARGE_STREAM_INPUT
290291
apr_size_tstream_input_allocated_length;
292+
#endif
293+
291294
char*stream_input_data;
292295
apr_size_tstream_output_length;
293296
char*stream_output_data;

‎apache2/msc_reqbody.c‎

Lines changed: 51 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -428,9 +428,59 @@ apr_status_t modsecurity_request_body_store(modsec_rec *msr,
428428
}
429429

430430
apr_status_tmodsecurity_request_body_to_stream(modsec_rec*msr,constchar*buffer,intbuflen,char**error_msg) {
431+
#ifndefMSC_LARGE_STREAM_INPUT
432+
char*stream_input_body=NULL;
433+
char*data=NULL;
434+
intfirst_pkt=0;
435+
#else
431436
apr_size_tallocate_length=0;
432437
char*allocated=NULL;
438+
#endif
439+
440+
#ifndefMSC_LARGE_STREAM_INPUT
441+
if(msr->stream_input_data==NULL) {
442+
msr->stream_input_data= (char*)calloc(sizeof(char),msr->stream_input_length+1);
443+
first_pkt=1;
444+
}
445+
else {
446+
447+
data= (char*)malloc(msr->stream_input_length+1-buflen);
448+
449+
if(data==NULL)
450+
return-1;
451+
452+
memset(data,0,msr->stream_input_length+1-buflen);
453+
memcpy(data,msr->stream_input_data,msr->stream_input_length-buflen);
454+
455+
stream_input_body= (char*)realloc(msr->stream_input_data,msr->stream_input_length+1);
456+
457+
msr->stream_input_data= (char*)stream_input_body;
458+
}
459+
460+
if (msr->stream_input_data==NULL) {
461+
if(data) {
462+
free(data);
463+
data=NULL;
464+
}
465+
*error_msg=apr_psprintf(msr->mp,"Unable to allocate memory to hold request body on stream. Asked for %"APR_SIZE_T_FMT" bytes.",
466+
msr->stream_input_length+1);
467+
return-1;
468+
}
469+
470+
memset(msr->stream_input_data,0,msr->stream_input_length+1);
471+
472+
if(first_pkt) {
473+
memcpy(msr->stream_input_data,buffer,msr->stream_input_length);
474+
}else {
475+
memcpy(msr->stream_input_data,data,msr->stream_input_length-buflen);
476+
memcpy(msr->stream_input_data+(msr->stream_input_length-buflen),buffer,buflen);
477+
}
433478

479+
if(data) {
480+
free(data);
481+
data=NULL;
482+
}
483+
#else
434484
if (msr->stream_input_data==NULL) {
435485
// Is the request body length known beforehand? (requests that are not Transfer-Encoding: chunked)
436486
if (msr->request_content_length>0) {
@@ -458,7 +508,6 @@ apr_status_t modsecurity_request_body_to_stream(modsec_rec *msr, const char *buf
458508
else {
459509
// Do we need to expand the space we have previously allocated?
460510
if ((msr->stream_input_length+buflen)>msr->stream_input_allocated_length) {
461-
462511
// If this becomes a hotspot again, consider increasing by some percent extra each time, for fewer reallocs
463512
allocate_length=msr->stream_input_length+buflen;
464513

@@ -480,10 +529,10 @@ apr_status_t modsecurity_request_body_to_stream(modsec_rec *msr, const char *buf
480529
}
481530
}
482531
}
483-
484532
// Append buffer to msr->stream_input_data
485533
memcpy(msr->stream_input_data+msr->stream_input_length,buffer,buflen);
486534
msr->stream_input_length+=buflen;
535+
#endif
487536

488537
return1;
489538
}

‎apache2/re_operators.c‎

Lines changed: 8 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -634,18 +634,25 @@ static int msre_op_rsub_execute(modsec_rec *msr, msre_rule *rule, msre_var *var,
634634
free(msr->stream_input_data);
635635
msr->stream_input_data=NULL;
636636
msr->stream_input_length=0;
637+
#ifdefMSC_LARGE_STREAM_INPUT
637638
msr->stream_input_allocated_length=0;
638639

639640
msr->stream_input_data= (char*)malloc(size);
641+
#else
642+
msr->stream_input_data= (char*)malloc(size+1);
643+
#endif
640644

641645
if(msr->stream_input_data==NULL) {
642646
return-1;
643647
}
644648

645649
msr->stream_input_length=size;
650+
#ifdefMSC_LARGE_STREAM_INPUT
646651
msr->stream_input_allocated_length=size;
647652
memset(msr->stream_input_data,0x0,size);
648-
653+
#else
654+
memset(msr->stream_input_data,0x0,size+1);
655+
#endif
649656
msr->if_stream_changed=1;
650657

651658
memcpy(msr->stream_input_data,data,size);

‎configure.ac‎

Lines changed: 17 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -690,6 +690,22 @@ AC_ARG_ENABLE(modsec-api,
690690
modsec_api=
691691
])
692692

693+
# MSC_LARGE_STREAM_INPUT
694+
AC_ARG_ENABLE(large-stream-input,
695+
AS_HELP_STRING([--enable-large-stream-input],
696+
[Enable optimization for large stream input]),
697+
[
698+
if test "$enableval" == "yes"; then
699+
large_stream_input="-DMSC_LARGE_STREAM_INPUT"
700+
MODSEC_EXTRA_CFLAGS="$MODSEC_EXTRA_CFLAGS $large_stream_input"
701+
else
702+
large_stream_input=
703+
fi
704+
],
705+
[
706+
large_stream_input=
707+
])
708+
693709
# Find apxs
694710
AC_MSG_NOTICE(lookingforApachemodulesupportviaDSOthroughAPXS)
695711
AC_ARG_WITH(apxs,
@@ -812,7 +828,7 @@ else
812828
fi
813829
fi
814830

815-
MODSEC_EXTRA_CFLAGS="$pcre_study $pcre_match_limit $pcre_match_limit_recursion $pcre_jit $request_early $htaccess_config $lua_cache $debug_conf $debug_cache $debug_acmp $debug_mem $perf_meas $modsec_api $cpu_type $unique_id $log_filename $log_server $log_collection_delete_problem $log_dechunk $log_stopwatch $log_handler $log_server_context $collection_global_lock"
831+
MODSEC_EXTRA_CFLAGS="$pcre_study $pcre_match_limit $pcre_match_limit_recursion $pcre_jit $request_early $htaccess_config $lua_cache $debug_conf $debug_cache $debug_acmp $debug_mem $perf_meas $modsec_api $cpu_type $unique_id $log_filename $log_server $log_collection_delete_problem $log_dechunk $log_stopwatch $log_handler $log_server_context $collection_global_lock $large_stream_input"
816832

817833
APXS_WRAPPER=build/apxs-wrapper
818834
APXS_EXTRA_CFLAGS=""

0 commit comments

Comments
 (0)
[8]ページ先頭
©2009-2025 Movatter.jp