Movatterモバイル変換

[0]ホーム
URL:

Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly

 Sign up
Appearance settings

Commitee74781

Browse files
authored
Use Nginx thread pools in ModSec v2 (microsoft#77)
Modsec using Nginx thread pools, with limitations (no response check, and no request rewriting)
1 parent11ddffa commitee74781

File tree

7 files changed

+161
-573
lines changed

7 files changed

+161
-573
lines changed

‎apache2/msc_pcre.c‎

Lines changed: 27 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -37,6 +37,10 @@ static apr_status_t msc_pcre_cleanup(msc_regex_t *regex) {
3737
returnAPR_SUCCESS;
3838
}
3939

40+
#if defined(VERSION_NGINX)
41+
pthread_mutex_tmsc_pregcomp_ex_mtx;
42+
#endif
43+
4044
/**
4145
* Compiles the provided regular expression pattern. The _err*
4246
* parameters are optional, but if they are provided and an error
@@ -54,16 +58,31 @@ void *msc_pregcomp_ex(apr_pool_t *pool, const char *pattern, int options,
5458
msc_regex_t*regex;
5559
pcre_extra*pe=NULL;
5660

61+
#if defined(VERSION_NGINX)
62+
pthread_mutex_lock(&msc_pregcomp_ex_mtx);
63+
#endif
64+
5765
regex=apr_pcalloc(pool,sizeof(msc_regex_t));
58-
if (regex==NULL)returnNULL;
66+
if (regex==NULL) {
67+
#if defined(VERSION_NGINX)
68+
pthread_mutex_unlock(&msc_pregcomp_ex_mtx);
69+
#endif
70+
returnNULL;
71+
}
5972
regex->pattern=pattern;
6073

6174
if ((_errptr==NULL)||(_erroffset==NULL)) {
6275
regex->re=pcre_compile(pattern,options,&errptr,&erroffset,NULL);
6376
}else {
6477
regex->re=pcre_compile(pattern,options,_errptr,_erroffset,NULL);
6578
}
66-
if (regex->re==NULL)returnNULL;
79+
80+
if (regex->re==NULL) {
81+
#if defined(VERSION_NGINX)
82+
pthread_mutex_unlock(&msc_pregcomp_ex_mtx);
83+
#endif
84+
returnNULL;
85+
}
6786

6887
#ifdefWITH_PCRE_STUDY
6988
#ifdefWITH_PCRE_JIT
@@ -81,6 +100,9 @@ void *msc_pregcomp_ex(apr_pool_t *pool, const char *pattern, int options,
81100
pe=malloc(sizeof(pcre_extra));
82101
#endif
83102
if (pe==NULL) {
103+
#if defined(VERSION_NGINX)
104+
pthread_mutex_unlock(&msc_pregcomp_ex_mtx);
105+
#endif
84106
returnNULL;
85107
}
86108
memset(pe,0,sizeof(pcre_extra));
@@ -129,6 +151,9 @@ void *msc_pregcomp_ex(apr_pool_t *pool, const char *pattern, int options,
129151
apr_pool_cleanup_register(pool, (void*)regex,
130152
(apr_status_t (*)(void*))msc_pcre_cleanup,apr_pool_cleanup_null);
131153

154+
#if defined(VERSION_NGINX)
155+
pthread_mutex_unlock(&msc_pregcomp_ex_mtx);
156+
#endif
132157
returnregex;
133158
}
134159

‎nginx/modsecurity/apr_bucket_nginx.c‎

Lines changed: 2 additions & 130 deletions
Original file line numberDiff line numberDiff line change
@@ -91,72 +91,10 @@ static void nginx_bucket_destroy(void *data)
9191
}
9292
}
9393

94-
ngx_buf_t*apr_bucket_to_ngx_buf(apr_bucket*e,ngx_pool_t*pool) {
95-
ngx_buf_t*buf,*b;
96-
apr_bucket_nginx*n;
97-
ngx_uint_tlen;
98-
u_char*data;
99-
100-
if (e->type->is_metadata) {
101-
returnNULL;
102-
}
103-
104-
if (e->type==&apr_bucket_type_nginx) {
105-
n=e->data;
106-
b=n->buf;
107-
108-
/* whole buf */
109-
if (e->length== (apr_size_t)ngx_buf_size(b)) {
110-
b->last_buf=0;
111-
returnb;
112-
}
113-
114-
buf=ngx_palloc(pool,sizeof(ngx_buf_t));
115-
if (buf==NULL) {
116-
returnNULL;
117-
}
118-
ngx_memcpy(buf,b,sizeof(ngx_buf_t));
119-
120-
if (ngx_buf_in_memory(buf)) {
121-
buf->start=buf->pos=buf->pos+e->start;
122-
buf->end=buf->last=buf->pos+e->length;
123-
}else {
124-
buf->pos=NULL;
125-
buf->file_pos+=e->start;
126-
buf->file_last=buf->file_pos+e->length;
127-
}
128-
129-
buf->last_buf=0;
130-
returnbuf;
131-
}
132-
133-
if (apr_bucket_read(e, (constchar**)&data,
134-
&len,APR_BLOCK_READ)!=APR_SUCCESS) {
135-
returnNULL;
136-
}
137-
138-
buf=ngx_calloc_buf(pool);
139-
if (buf==NULL) {
140-
returnNULL;
141-
}
142-
143-
if (e->type==&apr_bucket_type_pool) {
144-
buf->start=data;
145-
}elseif (len!=0) {
146-
buf->start=ngx_palloc(pool,len);
147-
ngx_memcpy(buf->start,data,len);
148-
}
149-
150-
buf->pos=buf->start;
151-
buf->end=buf->last=buf->start+len;
152-
buf->temporary=1;
153-
returnbuf;
154-
}
15594

15695
ngx_int_t
157-
move_chain_to_brigade(ngx_chain_t*chain,apr_bucket_brigade*bb,ngx_pool_t*pool,ngx_int_tlast_buf) {
96+
copy_chain_to_brigade(ngx_chain_t*chain,apr_bucket_brigade*bb,ngx_pool_t*pool,ngx_int_tlast_buf) {
15897
apr_bucket*e;
159-
ngx_chain_t*cl;
16098

16199
while (chain) {
162100
e=ngx_buf_to_apr_bucket(chain->buf,bb->p,bb->bucket_alloc);
@@ -168,12 +106,10 @@ move_chain_to_brigade(ngx_chain_t *chain, apr_bucket_brigade *bb, ngx_pool_t *po
168106
if (chain->buf->last_buf) {
169107
e=apr_bucket_eos_create(bb->bucket_alloc);
170108
APR_BRIGADE_INSERT_TAIL(bb,e);
171-
chain->buf->last_buf=0;
172109
returnNGX_OK;
173110
}
174-
cl=chain;
111+
175112
chain=chain->next;
176-
ngx_free_chain(pool,cl);
177113
}
178114

179115
if (last_buf) {
@@ -184,67 +120,3 @@ move_chain_to_brigade(ngx_chain_t *chain, apr_bucket_brigade *bb, ngx_pool_t *po
184120

185121
returnNGX_AGAIN;
186122
}
187-
188-
ngx_int_t
189-
move_brigade_to_chain(apr_bucket_brigade*bb,ngx_chain_t**ll,ngx_pool_t*pool) {
190-
apr_bucket*e;
191-
ngx_buf_t*buf;
192-
ngx_chain_t*cl;
193-
194-
cl=NULL;
195-
196-
if (APR_BRIGADE_EMPTY(bb)) {
197-
*ll=NULL;
198-
returnNGX_OK;
199-
}
200-
201-
for (e=APR_BRIGADE_FIRST(bb);
202-
e!=APR_BRIGADE_SENTINEL(bb);
203-
e=APR_BUCKET_NEXT(e)) {
204-
205-
if (APR_BUCKET_IS_EOS(e)) {
206-
if (cl==NULL) {
207-
cl=ngx_alloc_chain_link(pool);
208-
if (cl==NULL) {
209-
break;
210-
}
211-
212-
cl->buf=ngx_calloc_buf(pool);
213-
if (cl->buf==NULL) {
214-
break;
215-
}
216-
217-
cl->buf->last_buf=1;
218-
*ll=cl;
219-
}else {
220-
cl->buf->last_buf=1;
221-
}
222-
apr_brigade_cleanup(bb);
223-
returnNGX_OK;
224-
}
225-
226-
if (APR_BUCKET_IS_METADATA(e)) {
227-
continue;
228-
}
229-
230-
buf=apr_bucket_to_ngx_buf(e,pool);
231-
if (buf==NULL) {
232-
break;
233-
}
234-
235-
cl=ngx_alloc_chain_link(pool);
236-
if (cl==NULL) {
237-
break;
238-
}
239-
240-
cl->buf=buf;
241-
cl->next=NULL;
242-
*ll=cl;
243-
ll=&cl->next;
244-
}
245-
246-
apr_brigade_cleanup(bb);
247-
/* no eos or error */
248-
returnNGX_ERROR;
249-
}
250-

‎nginx/modsecurity/apr_bucket_nginx.h‎

Lines changed: 1 addition & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -11,8 +11,4 @@ apr_bucket * apr_bucket_nginx_make(apr_bucket *e, ngx_buf_t *buf,
1111

1212
#definengx_buf_to_apr_bucket apr_bucket_nginx_create
1313

14-
ngx_buf_t*apr_bucket_to_ngx_buf(apr_bucket*e,ngx_pool_t*pool);
15-
16-
ngx_int_tmove_chain_to_brigade(ngx_chain_t*chain,apr_bucket_brigade*bb,ngx_pool_t*pool,ngx_int_tlast_buf);
17-
ngx_int_tmove_brigade_to_chain(apr_bucket_brigade*bb,ngx_chain_t**chain,ngx_pool_t*pool);
18-
14+
ngx_int_tcopy_chain_to_brigade(ngx_chain_t*chain,apr_bucket_brigade*bb,ngx_pool_t*pool,ngx_int_tlast_buf);

‎nginx/modsecurity/config.in‎

Lines changed: 3 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -28,18 +28,16 @@ CORE_LIBS="$CORE_LIBS \
2828

2929
ngx_addon_name=ngx_http_modsecurity
3030

31-
CORE_MODULES="$CORE_MODULES ngx_pool_context_module"
31+
CORE_MODULES="$CORE_MODULES"
3232

3333
HTTP_AUX_FILTER_MODULES="ngx_http_modsecurity$HTTP_AUX_FILTER_MODULES"
3434

3535
NGX_ADDON_SRCS="$NGX_ADDON_SRCS\
3636
$ngx_addon_dir/ngx_http_modsecurity.c\
37-
$ngx_addon_dir/apr_bucket_nginx.c\
38-
$ngx_addon_dir/ngx_pool_context.c"
37+
$ngx_addon_dir/apr_bucket_nginx.c"
3938

4039
NGX_ADDON_DEPS="$NGX_ADDON_DEPS\
41-
$ngx_addon_dir/apr_bucket_nginx.h\
42-
$ngx_addon_dir/ngx_pool_context.h"
40+
$ngx_addon_dir/apr_bucket_nginx.h"
4341

4442
CORE_LIBS="$ngx_addon_dir/../../standalone/.libs/standalone.a$CORE_LIBS"
4543

0 commit comments

Comments
 (0)
[8]ページ先頭
©2009-2025 Movatter.jp