"Fossies" - the Fresh Open Source Software Archive  

Source code changes of the file "apache2/apache2_config.c" between
modsecurity-2.9.6.tar.gz and modsecurity-2.9.7.tar.gz

About: ModSecurity is an intrusion detection and prevention module (web application firewall) for the Apache (and Nginx) Web servers.

apache2_config.c  (modsecurity-2.9.6):apache2_config.c  (modsecurity-2.9.7)
/* /*
* ModSecurity for Apache 2.x, http://www.modsecurity.org/ * ModSecurity for Apache 2.x, http://www.modsecurity.org/
* Copyright (c) 2004-2013 Trustwave Holdings, Inc. (http://www.trustwave.com/) * Copyright (c) 2004-2022 Trustwave Holdings, Inc. (http://www.trustwave.com/)
* *
* You may not use this file except in compliance with * You may not use this file except in compliance with
* the License.  You may obtain a copy of the License at * the License.  You may obtain a copy of the License at
* *
*     http://www.apache.org/licenses/LICENSE-2.0 *     http://www.apache.org/licenses/LICENSE-2.0
* *
* If any of the files related to licensing are missing or if you have any * If any of the files related to licensing are missing or if you have any
* other questions related to licensing please contact Trustwave Holdings, Inc. * other questions related to licensing please contact Trustwave Holdings, Inc.
* directly using the email address security@modsecurity.org. * directly using the email address security@modsecurity.org.
*/ */
skipping to change at line 29 skipping to change at line 29
#include "msc_util.h" #include "msc_util.h"
#include "http_log.h" #include "http_log.h"
#include "apr_lib.h" #include "apr_lib.h"
#include "acmp.h" #include "acmp.h"
#include "msc_crypt.h" #include "msc_crypt.h"
#if defined(WITH_LUA) #if defined(WITH_LUA)
#include "msc_lua.h" #include "msc_lua.h"
#endif #endif
#ifdef APLOG_USE_MODULE
APLOG_USE_MODULE(security2);
#endif
/* -- Directory context creation and initialisation -- */ /* -- Directory context creation and initialisation -- */
/** /**
* Creates a fresh directory configuration. * Creates a fresh directory configuration.
*/ */
void *create_directory_config(apr_pool_t *mp, char *path) void *create_directory_config(apr_pool_t *mp, char *path)
{ {
directory_config *dcfg = (directory_config *)apr_pcalloc(mp, sizeof(director y_config)); directory_config *dcfg = (directory_config *)apr_pcalloc(mp, sizeof(director y_config));
if (dcfg == NULL) return NULL; if (dcfg == NULL) return NULL;
skipping to change at line 53 skipping to change at line 57
dcfg->mp = mp; dcfg->mp = mp;
dcfg->is_enabled = NOT_SET; dcfg->is_enabled = NOT_SET;
dcfg->reqbody_access = NOT_SET; dcfg->reqbody_access = NOT_SET;
dcfg->reqintercept_oe = NOT_SET; dcfg->reqintercept_oe = NOT_SET;
dcfg->reqbody_buffering = NOT_SET; dcfg->reqbody_buffering = NOT_SET;
dcfg->reqbody_inmemory_limit = NOT_SET; dcfg->reqbody_inmemory_limit = NOT_SET;
dcfg->reqbody_limit = NOT_SET; dcfg->reqbody_limit = NOT_SET;
dcfg->reqbody_no_files_limit = NOT_SET; dcfg->reqbody_no_files_limit = NOT_SET;
dcfg->reqbody_json_depth_limit = NOT_SET; dcfg->reqbody_json_depth_limit = NOT_SET;
dcfg->arguments_limit = NOT_SET;
dcfg->resbody_access = NOT_SET; dcfg->resbody_access = NOT_SET;
dcfg->debuglog_name = NOT_SET_P; dcfg->debuglog_name = NOT_SET_P;
dcfg->debuglog_level = NOT_SET; dcfg->debuglog_level = NOT_SET;
dcfg->debuglog_fd = NOT_SET_P; dcfg->debuglog_fd = NOT_SET_P;
dcfg->of_limit = NOT_SET; dcfg->of_limit = NOT_SET;
dcfg->if_limit_action = NOT_SET; dcfg->if_limit_action = NOT_SET;
dcfg->of_limit_action = NOT_SET; dcfg->of_limit_action = NOT_SET;
dcfg->of_mime_types = NOT_SET_P; dcfg->of_mime_types = NOT_SET_P;
skipping to change at line 336 skipping to change at line 341
merged->reqbody_buffering = (child->reqbody_buffering == NOT_SET merged->reqbody_buffering = (child->reqbody_buffering == NOT_SET
? parent->reqbody_buffering : child->reqbody_buffering); ? parent->reqbody_buffering : child->reqbody_buffering);
merged->reqbody_inmemory_limit = (child->reqbody_inmemory_limit == NOT_SET merged->reqbody_inmemory_limit = (child->reqbody_inmemory_limit == NOT_SET
? parent->reqbody_inmemory_limit : child->reqbody_inmemory_limit); ? parent->reqbody_inmemory_limit : child->reqbody_inmemory_limit);
merged->reqbody_limit = (child->reqbody_limit == NOT_SET merged->reqbody_limit = (child->reqbody_limit == NOT_SET
? parent->reqbody_limit : child->reqbody_limit); ? parent->reqbody_limit : child->reqbody_limit);
merged->reqbody_no_files_limit = (child->reqbody_no_files_limit == NOT_SET merged->reqbody_no_files_limit = (child->reqbody_no_files_limit == NOT_SET
? parent->reqbody_no_files_limit : child->reqbody_no_files_limit); ? parent->reqbody_no_files_limit : child->reqbody_no_files_limit);
merged->reqbody_json_depth_limit = (child->reqbody_json_depth_limit == NOT_S ET merged->reqbody_json_depth_limit = (child->reqbody_json_depth_limit == NOT_S ET
? parent->reqbody_json_depth_limit : child->reqbody_json_depth_limit); ? parent->reqbody_json_depth_limit : child->reqbody_json_depth_limit);
merged->arguments_limit = (child->arguments_limit == NOT_SET
? parent->arguments_limit : child->arguments_limit);
merged->resbody_access = (child->resbody_access == NOT_SET merged->resbody_access = (child->resbody_access == NOT_SET
? parent->resbody_access : child->resbody_access); ? parent->resbody_access : child->resbody_access);
merged->of_limit = (child->of_limit == NOT_SET merged->of_limit = (child->of_limit == NOT_SET
? parent->of_limit : child->of_limit); ? parent->of_limit : child->of_limit);
merged->if_limit_action = (child->if_limit_action == NOT_SET merged->if_limit_action = (child->if_limit_action == NOT_SET
? parent->if_limit_action : child->if_limit_action); ? parent->if_limit_action : child->if_limit_action);
merged->of_limit_action = (child->of_limit_action == NOT_SET merged->of_limit_action = (child->of_limit_action == NOT_SET
? parent->of_limit_action : child->of_limit_action); ? parent->of_limit_action : child->of_limit_action);
merged->reqintercept_oe = (child->reqintercept_oe == NOT_SET merged->reqintercept_oe = (child->reqintercept_oe == NOT_SET
skipping to change at line 652 skipping to change at line 659
if (dcfg->is_enabled == NOT_SET) dcfg->is_enabled = 0; if (dcfg->is_enabled == NOT_SET) dcfg->is_enabled = 0;
if (dcfg->reqbody_access == NOT_SET) dcfg->reqbody_access = 0; if (dcfg->reqbody_access == NOT_SET) dcfg->reqbody_access = 0;
if (dcfg->reqintercept_oe == NOT_SET) dcfg->reqintercept_oe = 0; if (dcfg->reqintercept_oe == NOT_SET) dcfg->reqintercept_oe = 0;
if (dcfg->reqbody_buffering == NOT_SET) dcfg->reqbody_buffering = REQUEST_BO DY_FORCEBUF_OFF; if (dcfg->reqbody_buffering == NOT_SET) dcfg->reqbody_buffering = REQUEST_BO DY_FORCEBUF_OFF;
if (dcfg->reqbody_inmemory_limit == NOT_SET) if (dcfg->reqbody_inmemory_limit == NOT_SET)
dcfg->reqbody_inmemory_limit = REQUEST_BODY_DEFAULT_INMEMORY_LIMIT; dcfg->reqbody_inmemory_limit = REQUEST_BODY_DEFAULT_INMEMORY_LIMIT;
if (dcfg->reqbody_limit == NOT_SET) dcfg->reqbody_limit = REQUEST_BODY_DEFAU LT_LIMIT; if (dcfg->reqbody_limit == NOT_SET) dcfg->reqbody_limit = REQUEST_BODY_DEFAU LT_LIMIT;
if (dcfg->reqbody_no_files_limit == NOT_SET) dcfg->reqbody_no_files_limit = REQUEST_BODY_NO_FILES_DEFAULT_LIMIT; if (dcfg->reqbody_no_files_limit == NOT_SET) dcfg->reqbody_no_files_limit = REQUEST_BODY_NO_FILES_DEFAULT_LIMIT;
if (dcfg->reqbody_json_depth_limit == NOT_SET) dcfg->reqbody_json_depth_limi t = REQUEST_BODY_JSON_DEPTH_DEFAULT_LIMIT; if (dcfg->reqbody_json_depth_limit == NOT_SET) dcfg->reqbody_json_depth_limi t = REQUEST_BODY_JSON_DEPTH_DEFAULT_LIMIT;
if (dcfg->arguments_limit == NOT_SET) dcfg->arguments_limit = ARGUMENTS_LIMI T;
if (dcfg->resbody_access == NOT_SET) dcfg->resbody_access = 0; if (dcfg->resbody_access == NOT_SET) dcfg->resbody_access = 0;
if (dcfg->of_limit == NOT_SET) dcfg->of_limit = RESPONSE_BODY_DEFAULT_LIMIT; if (dcfg->of_limit == NOT_SET) dcfg->of_limit = RESPONSE_BODY_DEFAULT_LIMIT;
if (dcfg->if_limit_action == NOT_SET) dcfg->if_limit_action = REQUEST_BODY_L IMIT_ACTION_REJECT; if (dcfg->if_limit_action == NOT_SET) dcfg->if_limit_action = REQUEST_BODY_L IMIT_ACTION_REJECT;
if (dcfg->of_limit_action == NOT_SET) dcfg->of_limit_action = RESPONSE_BODY_ LIMIT_ACTION_REJECT; if (dcfg->of_limit_action == NOT_SET) dcfg->of_limit_action = RESPONSE_BODY_ LIMIT_ACTION_REJECT;
if (dcfg->of_mime_types == NOT_SET_P) { if (dcfg->of_mime_types == NOT_SET_P) {
dcfg->of_mime_types = apr_table_make(dcfg->mp, 3); dcfg->of_mime_types = apr_table_make(dcfg->mp, 3);
if (dcfg->of_mime_types_cleared != 1) { if (dcfg->of_mime_types_cleared != 1) {
apr_table_setn(dcfg->of_mime_types, "text/plain", "1"); apr_table_setn(dcfg->of_mime_types, "text/plain", "1");
apr_table_setn(dcfg->of_mime_types, "text/html", "1"); apr_table_setn(dcfg->of_mime_types, "text/html", "1");
skipping to change at line 1293 skipping to change at line 1301
dcfg->auditlog_parts = (char *)p1; dcfg->auditlog_parts = (char *)p1;
return NULL; return NULL;
} }
static const char *cmd_audit_log_relevant_status(cmd_parms *cmd, void *_dcfg, static const char *cmd_audit_log_relevant_status(cmd_parms *cmd, void *_dcfg,
const char *p1) const char *p1)
{ {
directory_config *dcfg = _dcfg; directory_config *dcfg = _dcfg;
#ifdef WITH_PCRE2
dcfg->auditlog_relevant_regex = msc_pregcomp(cmd->pool, p1, PCRE2_DOTALL, NU
LL, NULL);
#else
dcfg->auditlog_relevant_regex = msc_pregcomp(cmd->pool, p1, PCRE_DOTALL, NUL L, NULL); dcfg->auditlog_relevant_regex = msc_pregcomp(cmd->pool, p1, PCRE_DOTALL, NUL L, NULL);
#endif
if (dcfg->auditlog_relevant_regex == NULL) { if (dcfg->auditlog_relevant_regex == NULL) {
return apr_psprintf(cmd->pool, "ModSecurity: Invalid regular expression: %s", p1); return apr_psprintf(cmd->pool, "ModSecurity: Invalid regular expression: %s", p1);
} }
return NULL; return NULL;
} }
static const char *cmd_audit_log_type(cmd_parms *cmd, void *_dcfg, static const char *cmd_audit_log_type(cmd_parms *cmd, void *_dcfg,
const char *p1) const char *p1)
{ {
skipping to change at line 1724 skipping to change at line 1736
char *parser_conn_limits_operator(apr_pool_t *mp, const char *p2, char *parser_conn_limits_operator(apr_pool_t *mp, const char *p2,
TreeRoot **whitelist, TreeRoot **suspicious_list, TreeRoot **whitelist, TreeRoot **suspicious_list,
const char *filename) const char *filename)
{ {
int res = 0; int res = 0;
char *config_orig_path; char *config_orig_path;
char *param = strchr(p2, ' '); char *param = strchr(p2, ' ');
char *file = NULL; char *file = NULL;
char *error_msg = NULL; char *error_msg = NULL;
if (param == NULL) {
return apr_psprintf(mp, "ModSecurity: Space character between operator "
\
"and parameter not found with ConnReadStateLimit: %s", p2);
}
param++; param++;
config_orig_path = apr_pstrndup(mp, filename, config_orig_path = apr_pstrndup(mp, filename,
strlen(filename) - strlen(apr_filepath_name_get(filename))); strlen(filename) - strlen(apr_filepath_name_get(filename)));
apr_filepath_merge(&file, config_orig_path, param, APR_FILEPATH_TRUENAME, apr_filepath_merge(&file, config_orig_path, param, APR_FILEPATH_TRUENAME,
mp); mp);
if ((strncasecmp(p2, "!@ipMatchFromFile", strlen("!@ipMatchFromFile")) == 0) || if ((strncasecmp(p2, "!@ipMatchFromFile", strlen("!@ipMatchFromFile")) == 0) ||
(strncasecmp(p2, "!@ipMatchF", strlen("!@ipMatchF")) == 0)) { (strncasecmp(p2, "!@ipMatchF", strlen("!@ipMatchF")) == 0)) {
skipping to change at line 1938 skipping to change at line 1956
limit = strtol(p1, NULL, 10); limit = strtol(p1, NULL, 10);
if ((limit == LONG_MAX)||(limit == LONG_MIN)||(limit <= 0)) { if ((limit == LONG_MAX)||(limit == LONG_MIN)||(limit <= 0)) {
return apr_psprintf(cmd->pool, "ModSecurity: Invalid value for SecReques tBodyJsonDepthLimit: %s", p1); return apr_psprintf(cmd->pool, "ModSecurity: Invalid value for SecReques tBodyJsonDepthLimit: %s", p1);
} }
dcfg->reqbody_json_depth_limit = limit; dcfg->reqbody_json_depth_limit = limit;
return NULL; return NULL;
} }
static const char *cmd_arguments_limit(cmd_parms *cmd, void *_dcfg,
const char *p1)
{
directory_config *dcfg = (directory_config *)_dcfg;
long int limit;
if (dcfg == NULL) return NULL;
limit = strtol(p1, NULL, 10);
if ((limit == LONG_MAX)||(limit == LONG_MIN)||(limit <= 0)) {
return apr_psprintf(cmd->pool, "ModSecurity: Invalid value for SecArgume
ntsLimit: %s", p1);
}
dcfg->arguments_limit = limit;
return NULL;
}
static const char *cmd_request_body_access(cmd_parms *cmd, void *_dcfg, static const char *cmd_request_body_access(cmd_parms *cmd, void *_dcfg,
const char *p1) const char *p1)
{ {
directory_config *dcfg = (directory_config *)_dcfg; directory_config *dcfg = (directory_config *)_dcfg;
if (dcfg == NULL) return NULL; if (dcfg == NULL) return NULL;
if (strcasecmp(p1, "on") == 0) dcfg->reqbody_access = 1; if (strcasecmp(p1, "on") == 0) dcfg->reqbody_access = 1;
else else
if (strcasecmp(p1, "off") == 0) dcfg->reqbody_access = 0; if (strcasecmp(p1, "off") == 0) dcfg->reqbody_access = 0;
else else
skipping to change at line 3573 skipping to change at line 3609
AP_INIT_TAKE1 ( AP_INIT_TAKE1 (
"SecRequestBodyJsonDepthLimit", "SecRequestBodyJsonDepthLimit",
cmd_request_body_json_depth_limit, cmd_request_body_json_depth_limit,
NULL, NULL,
CMD_SCOPE_ANY, CMD_SCOPE_ANY,
"maximum request body JSON parsing depth ModSecurity will accept." "maximum request body JSON parsing depth ModSecurity will accept."
), ),
AP_INIT_TAKE1 ( AP_INIT_TAKE1 (
"SecArgumentsLimit",
cmd_arguments_limit,
NULL,
CMD_SCOPE_ANY,
"maximum number of ARGS that ModSecurity will accept."
),
AP_INIT_TAKE1 (
"SecRequestEncoding", "SecRequestEncoding",
cmd_request_encoding, cmd_request_encoding,
NULL, NULL,
CMD_SCOPE_ANY, CMD_SCOPE_ANY,
"character encoding used in request." "character encoding used in request."
), ),
AP_INIT_TAKE1 ( AP_INIT_TAKE1 (
"SecResponseBodyAccess", "SecResponseBodyAccess",
cmd_response_body_access, cmd_response_body_access,
 End of changes. 10 change blocks. 
1 lines changed or deleted 48 lines changed or added

Home  |  About  |  Features  |  All  |  Newest  |  Dox  |  Diffs  |  RSS Feeds  |  Screenshots  |  Comments  |  Imprint  |  Privacy  |  HTTP(S)