Movatterモバイル変換

[0]ホーム
URL:

Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly

 Sign up
Appearance settings

Commit87a401a

Browse files
author
Felipe Zimmerle
committed
Fix remote resources download while hosting SSL site on Apache
As reported by Christian Folin and Walter Hop on our dev mailing list, Apachemod_ssl was failing if a remote resource was utilized. That was happeningbecause Curl clean up was also cleaning up the OpenSSL data used by mod_ssl.This patch moves Curl initialization to happens while ModSecurity isinitialized.
1 parent23823bb commit87a401a

File tree

3 files changed

+19
-2
lines changed

3 files changed

+19
-2
lines changed

‎CHANGES‎

Lines changed: 5 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -1,6 +1,11 @@
11
DD mmm YYYY - 2.9.????? (To be released)
22
-----------------------
33

4+
* Remote resources loading process is now failing in case of HTTP error.
5+
[Walter Hop and ModSecurity team]
6+
* Fixed start up crash on Apache with mod_ssl configured. Crash was happening
7+
during the download of remote resources.
8+
[Christian Folini, Walter Hop and ModSecurity team]
49
* Curl is not a mandatory dependency to ModSecurity core anymore.
510
[Rainer Jung and ModSecurity team]
611

‎apache2/modsecurity.c‎

Lines changed: 14 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -23,6 +23,10 @@
2323
#include"msc_xml.h"
2424
#include"apr_version.h"
2525

26+
#ifdefWITH_CURL
27+
#include<curl/curl.h>
28+
#endif
29+
2630
unsigned longintDSOLOCALunicode_codepage=0;
2731

2832
intDSOLOCAL*unicode_map_table=NULL;
@@ -118,6 +122,16 @@ msc_engine *modsecurity_create(apr_pool_t *mp, int processing_mode) {
118122
intmodsecurity_init(msc_engine*msce,apr_pool_t*mp) {
119123
apr_status_trc;
120124

125+
/**
126+
* Notice that curl is initialized here but never cleaned up. First version
127+
* of this implementation curl was initialized and cleaned for every
128+
* utilization. Turns out that it was not only cleaning stuff that was
129+
* utilized by Curl but also other OpenSSL stuff that was utilized by
130+
* mod_ssl leading the SSL support to crash.
131+
*/
132+
#ifdefWITH_CURL
133+
curl_global_init(CURL_GLOBAL_ALL);
134+
#endif
121135
/* Serial audit log mutext */
122136
rc=apr_global_mutex_create(&msce->auditlog_lock,NULL,APR_LOCK_DEFAULT,mp);
123137
if (rc!=APR_SUCCESS) {

‎apache2/msc_remote_rules.c‎

Lines changed: 0 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -258,7 +258,6 @@ int msc_remote_download_content(apr_pool_t *mp, const char *uri, const char *key
258258

259259
apr_id=apr_psprintf(mp,"ModSec-unique-id: %s",id);
260260

261-
curl_global_init(CURL_GLOBAL_ALL);
262261
curl=curl_easy_init();
263262

264263
beacon_str_len=msc_beacon_string(NULL,0);
@@ -348,7 +347,6 @@ int msc_remote_download_content(apr_pool_t *mp, const char *uri, const char *key
348347

349348
curl_easy_cleanup(curl);
350349

351-
curl_global_cleanup();
352350
return0;
353351
#else
354352
return-3;

0 commit comments

Comments
 (0)
[8]ページ先頭
©2009-2025 Movatter.jp