Movatterモバイル変換

[0]ホーム
URL:

Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly

 Sign up
Appearance settings

Commit7ac515e

Browse files
author
Felipe Zimmerle
committed
nginx: Adds proper support to SecServerSignature
SecServerSignature was leading nginx to crash. It was trying to write over amemory area that it was not allowed to. In order to fix that a new function wascreated on the standalone api. This function is calledmodsecIsServerSignatureAvailale. Whenever it returns data it means that thefunction SecServerSignature was used by the user. Nginx module was also patchedto support this new function.
1 parent2a43589 commit7ac515e

File tree

4 files changed

+24
-1
lines changed

4 files changed

+24
-1
lines changed

‎apache2/mod_security2.c‎

Lines changed: 6 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -537,6 +537,11 @@ static modsec_rec *create_tx_context(request_rec *r) {
537537
staticapr_status_tchange_server_signature(server_rec*s) {
538538
char*server_version=NULL;
539539

540+
/* This is a very particular way to handle the server banner. It is Apache
541+
* only. Stanalone and descendants should address that in its specifics
542+
* implementations, e.g. Nginx module.
543+
*/
544+
#if !(defined(VERSION_IIS))&& !(defined(VERSION_NGINX))&& !(defined(VERSION_STANDALONE))
540545
if (new_server_signature==NULL)return0;
541546

542547
server_version= (char*)apache_get_server_version();
@@ -568,7 +573,7 @@ static apr_status_t change_server_signature(server_rec *s) {
568573
else {
569574
ap_log_error(APLOG_MARK,APLOG_DEBUG |APLOG_NOERRNO,0,s,"SecServerSignature: Changed server signature to \"%s\".",server_version);
570575
}
571-
576+
#endif
572577
return1;
573578
}
574579

‎nginx/modsecurity/ngx_http_modsecurity.c‎

Lines changed: 8 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -719,6 +719,14 @@ ngx_http_modsecurity_save_headers_out(ngx_http_request_t *r)
719719
upstream=r->upstream;
720720
r->upstream=&ngx_http_modsecurity_upstream;
721721

722+
/* case SecServerSignature was used, the "Server: ..." header is added
723+
* here, overwriting the default header supplied by nginx.
724+
*/
725+
if (modsecIsServerSignatureAvailale()!=NULL) {
726+
apr_table_add(ctx->req->headers_out,"Server",
727+
modsecIsServerSignatureAvailale());
728+
}
729+
722730
if (apr_table_do(ngx_http_modsecurity_save_headers_out_visitor,
723731
r,ctx->req->headers_out,NULL)==0) {
724732

‎standalone/api.c‎

Lines changed: 8 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -673,3 +673,11 @@ void modsecSetWriteResponse(apr_status_t (*func)(request_rec *r, char *buf, unsi
673673
voidmodsecSetDropAction(int (*func)(request_rec*r)) {
674674
modsecDropAction=func;
675675
}
676+
677+
/*
678+
* Case SecServerSignature was used, this function returns the banner that
679+
* should be used, otherwise it returns NULL.
680+
*/
681+
constchar*modsecIsServerSignatureAvailale(void) {
682+
returnnew_server_signature;
683+
}

‎standalone/api.h‎

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -114,6 +114,8 @@ int modsecIsRequestBodyAccessEnabled(request_rec *r);
114114

115115
voidmodsecSetConfigForIISRequestBody(request_rec*r);
116116

117+
constchar*modsecIsServerSignatureAvailale(void);
118+
117119
#ifdef__cplusplus
118120
}
119121
#endif

0 commit comments

Comments
 (0)
[8]ページ先頭
©2009-2025 Movatter.jp