NotificationsYou must be signed in to change notification settings
Fork0
Star0

Commit86adee1

committed

Preallocate memory when SecStreamInBodyInspection is on. 20x speed improvement for 10mb upload. Also simplified modsecurity_request_body_to_stream.

1 parentb878ece commit86adee1Copy full SHA for 86adee1

File tree

5 files changed

+53

-44

lines changed

apache2
iis/dependencies
- build_yajl.bat

5 files changed

+53

-44

lines changed

`‎apache2/apache2_io.c‎`

Lines changed: 0 additions & 1 deletion

Original file line number	Diff line number	Diff line change
`@@ -281,7 +281,6 @@ apr_status_t read_request_body(modsec_rec msr, char *error_msg) {`
`281`	`281`	`}`
`282`	`282`
`283`	`283`	`if (msr->txcfg->stream_inbody_inspection==1) {`
`284`		`-msr->stream_input_length+=buflen;`
`285`	`284`	`modsecurity_request_body_to_stream(msr,buf,buflen,error_msg);`
`286`	`285`	`}`
`287`	`286`

`‎apache2/modsecurity.h‎`

Lines changed: 1 addition & 0 deletions

Original file line number	Diff line number	Diff line change
`@@ -287,6 +287,7 @@ struct modsec_rec {`
`287`	`287`	`unsignedintresbody_contains_html;`
`288`	`288`
`289`	`289`	`apr_size_tstream_input_length;`
	`290`	`+apr_size_tstream_input_allocated_length;`
`290`	`291`	`char*stream_input_data;`
`291`	`292`	`apr_size_tstream_output_length;`
`292`	`293`	`char*stream_output_data;`

`‎apache2/msc_reqbody.c‎`

Lines changed: 48 additions & 41 deletions

Original file line number	Diff line number	Diff line change
`@@ -428,55 +428,62 @@ apr_status_t modsecurity_request_body_store(modsec_rec *msr,`
`428`	`428`	`}`
`429`	`429`
`430`	`430`	`apr_status_tmodsecurity_request_body_to_stream(modsec_recmsr,constcharbuffer,intbuflen,char**error_msg) {`
`431`		`-char*stream_input_body=NULL;`
`432`		`-char*data=NULL;`
`433`		`-intfirst_pkt=0;`
	`431`	`+apr_size_tallocate;`
	`432`	`+char*allocated;`
`434`	`433`
`435`		`-if(msr->stream_input_data==NULL) {`
`436`		`-msr->stream_input_data= (char*)calloc(sizeof(char),msr->stream_input_length+1);`
`437`		`-first_pkt=1;`
`438`		`- }`
`439`		`-else {`
`440`		`-`
`441`		`-data= (char*)malloc(msr->stream_input_length+1-buflen);`
	`434`	`+if (msr->stream_input_data==NULL) {`
	`435`	`+// Is the request body length is known beforehand? (requests that are not Transfer-Encoding: chunked)`
	`436`	`+if (msr->request_content_length>0) {`
	`437`	`+allocate=msr->request_content_length;`
	`438`	`+ }`
	`439`	`+else {`
	`440`	`+// We don't know how this request is going to be, so hope for just buflen to begin with (requests that are Transfer-Encoding: chunked)`
	`441`	`+allocate=buflen;`
	`442`	`+ }`
`442`	`443`
`443`		`-if(data==NULL)`
	`444`	`+allocated= (char*)calloc(allocate,sizeof(char));`
	`445`	`+if (allocated) {`
	`446`	`+msr->stream_input_data=allocated;`
	`447`	`+msr->stream_input_allocated_length=allocate;`
	`448`	`+ }`
	`449`	`+else {`
	`450`	`+*error_msg=apr_psprintf(`
	`451`	`+msr->mp,`
	`452`	`+"Unable to allocate memory to hold request body on stream. Asked for %"APR_SIZE_T_FMT" bytes.",`
	`453`	`+allocate);`
`444`	`454`	`return-1;`
`445`		`-`
`446`		`-memset(data,0,msr->stream_input_length+1-buflen);`
`447`		`-memcpy(data,msr->stream_input_data,msr->stream_input_length-buflen);`
`448`		`-`
`449`		`-stream_input_body= (char*)realloc(msr->stream_input_data,msr->stream_input_length+1);`
`450`		`-`
`451`		`-msr->stream_input_data= (char*)stream_input_body;`
`452`		`- }`
`453`		`-`
`454`		`-if (msr->stream_input_data==NULL) {`
`455`		`-if(data) {`
`456`		`-free(data);`
`457`		`-data=NULL;`
`458`	`455`	`}`
`459`		`-*error_msg=apr_psprintf(msr->mp,"Unable to allocate memory to hold request body on stream. Asked for %"APR_SIZE_T_FMT" bytes.",`
`460`		`-msr->stream_input_length+1);`
`461`		`-return-1;`
`462`	`456`	`}`
	`457`	`+else {`
	`458`	`+// Do we need to expand the space we have previously allocated?`
	`459`	`+if ((msr->stream_input_length+buflen)>msr->stream_input_allocated_length) {`
`463`	`460`
`464`		`-memset(msr->stream_input_data,0,msr->stream_input_length+1);`
	`461`	`+// If this becomes a hotspot again, consider increasing by some percent extra each time, for fewer reallocs`
	`462`	`+allocate=msr->stream_input_length+buflen;`
`465`	`463`
`466`		`-if(first_pkt) {`
`467`		`-memcpy(msr->stream_input_data,buffer,msr->stream_input_length);`
`468`		`- }else {`
`469`		`-memcpy(msr->stream_input_data,data,msr->stream_input_length-buflen);`
`470`		`-memcpy(msr->stream_input_data+(msr->stream_input_length-buflen),buffer,buflen);`
	`464`	`+allocated= (char*)realloc(msr->stream_input_data,allocate);`
	`465`	`+if (allocated) {`
	`466`	`+msr->stream_input_data=allocated;`
	`467`	`+msr->stream_input_allocated_length=allocate;`
	`468`	`+ }`
	`469`	`+else {`
	`470`	`+*error_msg=apr_psprintf(`
	`471`	`+msr->mp,`
	`472`	`+"Unable to reallocate memory to hold request body on stream. Asked for %"APR_SIZE_T_FMT" bytes.",`
	`473`	`+allocate);`
	`474`	`+free(msr->stream_input_data);`
	`475`	`+return-1;`
	`476`	`+ }`
	`477`	`+ }`
`471`	`478`	`}`
`472`	`479`
`473`		`-if(data) {`
`474`		`-free(data);`
`475`		`-data=NULL;`
`476`		`- }`
	`480`	`+// Append buffer to msr->stream_input_data`
	`481`	`+memcpy(msr->stream_input_data+msr->stream_input_length,buffer,buflen);`
	`482`	`+msr->stream_input_length+=buflen;`
`477`	`483`
`478`	`484`	`return1;`
`479`	`485`	`}`
	`486`	`+`
`480`	`487`	`/**`
`481`	`488`	`* Replace a bunch of chunks holding a request body with a single large chunk.`
`482`	`489`	`*/`
`@@ -884,15 +891,15 @@ apr_status_t modsecurity_request_body_clear(modsec_rec msr, char *error_msg) {`
`884`	`891`
`885`	`892`	`if (msr->msc_reqbody_filename!=NULL) {`
`886`	`893`	`if (keep_body) {`
`887`		`-/* Move request body (which is a file) to the storage area. */`
`888`		`-constchar*put_filename=NULL;`
`889`		`-constchar*put_basename=NULL;`
`890`		`-`
`891`	`894`	`if (strcmp(msr->txcfg->upload_dir,msr->txcfg->tmp_dir)==0) {`
`892`	`895`	`msr_log(msr,4,"Not moving file to identical location.");`
`893`	`896`	`gotonullify;`
`894`	`897`	`}`
`895`	`898`
	`899`	`+/* Move request body (which is a file) to the storage area. */`
	`900`	`+constchar*put_filename=NULL;`
	`901`	`+constchar*put_basename=NULL;`
	`902`	`+`
`896`	`903`	`/* Construct the new filename. */`
`897`	`904`	`put_basename=file_basename(msr->msc_reqbody_mp,msr->msc_reqbody_filename);`
`898`	`905`	`if (put_basename==NULL) {`

`‎apache2/re_operators.c‎`

Lines changed: 3 additions & 1 deletion

Original file line number	Diff line number	Diff line change
`@@ -634,6 +634,7 @@ static int msre_op_rsub_execute(modsec_rec msr, msre_rule rule, msre_var *var,`
`634`	`634`	`free(msr->stream_input_data);`
`635`	`635`	`msr->stream_input_data=NULL;`
`636`	`636`	`msr->stream_input_length=0;`
	`637`	`+msr->stream_input_allocated_length=0;`
`637`	`638`
`638`	`639`	`msr->stream_input_data= (char*)malloc(size+1);`
`639`	`640`
`@@ -642,7 +643,8 @@ static int msre_op_rsub_execute(modsec_rec msr, msre_rule rule, msre_var *var,`
`642`	`643`	`}`
`643`	`644`
`644`	`645`	`msr->stream_input_length=size;`
`645`		`-memset(msr->stream_input_data,0x0,size+1);`
	`646`	`+msr->stream_input_allocated_length=size+1;`
	`647`	`+memset(msr->stream_input_data,0x0,size+1);`
`646`	`648`
`647`	`649`	`msr->if_stream_changed=1;`
`648`	`650`

`‎iis/dependencies/build_yajl.bat‎`

Lines changed: 1 addition & 1 deletion

Original file line number	Diff line number	Diff line change
`@@ -28,7 +28,7 @@ copy /y "%WORK_DIR%\yajl\build\%YAJL_DIR%\lib\yajl_s.lib" "%OUTPUT_DIR%"`
`28`	`28`	`@exit /B0`
`29`	`29`
`30`	`30`	`:file_not_found_bin`
`31`		`-@echo File not found:"%SOURCE_DIR%\%PCRE%"`
	`31`	`+@echo File not found:"%SOURCE_DIR%\%YAJL%"`
`32`	`32`	`@goto failed`
`33`	`33`
`34`	`34`	`:build_failed`

0 commit comments

Comments

(0)

Movatterモバイル変換

Navigation Menu

Search code, repositories, users, issues, pull requests...

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Commit86adee1

File tree

5 files changed

5 files changed

`‎apache2/apache2_io.c‎`

`‎apache2/modsecurity.h‎`

`‎apache2/msc_reqbody.c‎`

`‎apache2/re_operators.c‎`

`‎iis/dependencies/build_yajl.bat‎`

0 commit comments