"Fossies" - the Fresh Open Source Software Archive  

Source code changes of the file "mlogc/mlogc.c" between
modsecurity-2.9.6.tar.gz and modsecurity-2.9.7.tar.gz

About: ModSecurity is an intrusion detection and prevention module (web application firewall) for the Apache (and Nginx) Web servers.

mlogc.c  (modsecurity-2.9.6):mlogc.c  (modsecurity-2.9.7)
/* /*
* ModSecurity for Apache 2.x, http://www.modsecurity.org/ * ModSecurity for Apache 2.x, http://www.modsecurity.org/
* Copyright (c) 2004-2013 Trustwave Holdings, Inc. (http://www.trustwave.com/) * Copyright (c) 2004-2022 Trustwave Holdings, Inc. (http://www.trustwave.com/)
* *
* You may not use this file except in compliance with * You may not use this file except in compliance with
* the License.  You may obtain a copy of the License at * the License.  You may obtain a copy of the License at
* *
*     http://www.apache.org/licenses/LICENSE-2.0 *     http://www.apache.org/licenses/LICENSE-2.0
* *
* If any of the files related to licensing are missing or if you have any * If any of the files related to licensing are missing or if you have any
* other questions related to licensing please contact Trustwave Holdings, Inc. * other questions related to licensing please contact Trustwave Holdings, Inc.
* directly using the email address security@modsecurity.org. * directly using the email address security@modsecurity.org.
*/ */
skipping to change at line 31 skipping to change at line 31
#include <apr_lib.h> #include <apr_lib.h>
#include <apr_strings.h> #include <apr_strings.h>
#include <apr_signal.h> #include <apr_signal.h>
#include <apr_thread_proc.h> #include <apr_thread_proc.h>
#include <apr_global_mutex.h> #include <apr_global_mutex.h>
#include <apr_getopt.h> #include <apr_getopt.h>
#include <apr_version.h> #include <apr_version.h>
#if APR_HAVE_UNISTD_H #if APR_HAVE_UNISTD_H
#include <unistd.h> /* for getpid() */ #include <unistd.h> /* for getpid() */
#endif #endif
#ifdef WITH_PCRE2
#define PCRE2_CODE_UNIT_WIDTH 8
#include <pcre2.h>
#else
#include <pcre.h> #include <pcre.h>
#endif
#include <curl/curl.h> #include <curl/curl.h>
#include <fcntl.h> #include <fcntl.h>
#include <sys/stat.h> #include <sys/stat.h>
#include <sys/types.h> #include <sys/types.h>
#include "msc_release.h" #include "msc_release.h"
static void logc_shutdown(int rc); static void logc_shutdown(int rc);
static void create_new_worker(int lock); static void create_new_worker(int lock);
static void error_log(int level, void *thread, static void error_log(int level, void *thread,
skipping to change at line 146 skipping to change at line 151
static int management_thread_active = 0; static int management_thread_active = 0;
static unsigned long int entry_counter = 1; static unsigned long int entry_counter = 1;
static const char *error_log_path = NULL; static const char *error_log_path = NULL;
static apr_file_t *error_log_fd = NULL; static apr_file_t *error_log_fd = NULL;
static int error_log_level = 2; static int error_log_level = 2;
static apr_hash_t *in_progress = NULL; static apr_hash_t *in_progress = NULL;
static int keep_alive = 150; /* Not used yet. */ static int keep_alive = 150; /* Not used yet. */
static int keep_alive_timeout = 300; /* Not used yet. */ static int keep_alive_timeout = 300; /* Not used yet. */
static int keep_entries = 0; static int keep_entries = 0;
static const char *log_repository = NULL; static const char *log_repository = NULL;
#ifdef WITH_PCRE2
static pcre2_code *logline_regex = NULL;
static pcre2_code *requestline_regex = NULL;
#else
static void *logline_regex = NULL; static void *logline_regex = NULL;
static void *requestline_regex = NULL;
#endif
static int max_connections = 10; static int max_connections = 10;
static int max_worker_requests = 1000; static int max_worker_requests = 1000;
static apr_global_mutex_t *gmutex = NULL; static apr_global_mutex_t *gmutex = NULL;
static apr_thread_mutex_t *mutex = NULL; static apr_thread_mutex_t *mutex = NULL;
static apr_pool_t *pool = NULL; static apr_pool_t *pool = NULL;
static apr_pool_t *thread_pool = NULL; static apr_pool_t *thread_pool = NULL;
static apr_pool_t *recv_pool = NULL; static apr_pool_t *recv_pool = NULL;
static apr_array_header_t *queue = NULL; static apr_array_header_t *queue = NULL;
static const char *queue_path = NULL; static const char *queue_path = NULL;
static int ssl_validation = 0; static int ssl_validation = 0;
static int tlsprotocol = 1; static int tlsprotocol = 1;
static curl_version_info_data* curlversion = NULL; static curl_version_info_data* curlversion = NULL;
/* static apr_time_t queue_time = 0; */ /* static apr_time_t queue_time = 0; */
static void *requestline_regex = NULL;
static int running = 0; static int running = 0;
static const char *sensor_password = NULL; static const char *sensor_password = NULL;
static const char *sensor_username = NULL; static const char *sensor_username = NULL;
static int server_error = 0; static int server_error = 0;
static apr_time_t server_error_last_check_time = 0; static apr_time_t server_error_last_check_time = 0;
static int server_error_timeout = 60; static int server_error_timeout = 60;
static int startup_delay = 100; static int startup_delay = 100;
static int transaction_delay = 100; static int transaction_delay = 100;
static const char *transaction_log_path = NULL; static const char *transaction_log_path = NULL;
static apr_file_t *transaction_log_fd = NULL; static apr_file_t *transaction_log_fd = NULL;
skipping to change at line 1191 skipping to change at line 1201
* Initialise the necessary resources and structures. * Initialise the necessary resources and structures.
*/ */
static void logc_init(void) static void logc_init(void)
{ {
char errstr[1024]; char errstr[1024];
apr_status_t rc = 0; apr_status_t rc = 0;
const char *errptr = NULL; const char *errptr = NULL;
int i, erroffset; int i, erroffset;
/* cURL major, minor and patch version */ /* cURL major, minor and patch version */
short cmaj, cmin, cpat = 0; short cmaj, cmin, cpat = 0;
#ifdef WITH_PCRE2
int pcre2_errorcode = 0;
PCRE2_SIZE pcre2_erroffset = 0;
#endif
queue = apr_array_make(pool, 64, sizeof(entry_t *)); queue = apr_array_make(pool, 64, sizeof(entry_t *));
if (queue == NULL) { if (queue == NULL) {
error_log(LOG_ERROR, NULL, MEMALLOC_ERROR_MSG); error_log(LOG_ERROR, NULL, MEMALLOC_ERROR_MSG);
logc_shutdown(1); logc_shutdown(1);
} }
in_progress = apr_hash_make(pool); in_progress = apr_hash_make(pool);
if (in_progress == NULL) { if (in_progress == NULL) {
error_log(LOG_ERROR, NULL, MEMALLOC_ERROR_MSG); error_log(LOG_ERROR, NULL, MEMALLOC_ERROR_MSG);
skipping to change at line 1293 skipping to change at line 1307
curl_easy_setopt(curl, CURLOPT_WRITEFUNCTION, curl_writefunction); curl_easy_setopt(curl, CURLOPT_WRITEFUNCTION, curl_writefunction);
*(CURL **)apr_array_push(curl_handles) = curl; *(CURL **)apr_array_push(curl_handles) = curl;
} }
if (cmaj <= 7 && cmin < 34) { if (cmaj <= 7 && cmin < 34) {
error_log(LOG_DEBUG2, NULL, "TLSv1.2 is unsupported in cURL %d.%d.%d", c maj, cmin, cpat); error_log(LOG_DEBUG2, NULL, "TLSv1.2 is unsupported in cURL %d.%d.%d", c maj, cmin, cpat);
} }
#ifdef WITH_PCRE2
logline_regex = pcre2_compile(logline_pattern, PCRE2_ZERO_TERMINATED, PCRE2_
CASELESS,
&pcre2_errorcode, &pcre2_erroffset, NULL);
#else
logline_regex = pcre_compile(logline_pattern, PCRE_CASELESS, logline_regex = pcre_compile(logline_pattern, PCRE_CASELESS,
&errptr, &erroffset, NULL); &errptr, &erroffset, NULL);
#endif
if (logline_regex == NULL) { if (logline_regex == NULL) {
error_log(LOG_ERROR, NULL, error_log(LOG_ERROR, NULL,
"Failed to compile pattern: %s\n", logline_pattern); "Failed to compile pattern: %s\n", logline_pattern);
logc_shutdown(1); logc_shutdown(1);
} }
requestline_regex = pcre_compile(requestline_pattern, #ifdef WITH_PCRE2
PCRE_CASELESS, &errptr, &erroffset, NULL); requestline_regex = pcre2_compile(requestline_pattern, PCRE2_ZERO_TERMINATED
, PCRE2_CASELESS,
&pcre2_errorcode, &pcre2_erroffset, NULL);
#else
requestline_regex = pcre_compile(requestline_pattern, PCRE_CASELESS,
&errptr, &erroffset, NULL);
#endif
if (requestline_regex == NULL) { if (requestline_regex == NULL) {
error_log(LOG_ERROR, NULL, error_log(LOG_ERROR, NULL,
"Failed to compile pattern: %s\n", requestline_pattern); "Failed to compile pattern: %s\n", requestline_pattern);
logc_shutdown(1); logc_shutdown(1);
} }
} }
/** /**
* HACK: To allow two mlogcs running against a single dataset we use the * HACK: To allow two mlogcs running against a single dataset we use the
* mtime as a flag for deletion. * mtime as a flag for deletion.
skipping to change at line 1410 skipping to change at line 1434
*/ */
static void * APR_THREAD_FUNC thread_worker(apr_thread_t *thread, void *data) static void * APR_THREAD_FUNC thread_worker(apr_thread_t *thread, void *data)
{ {
unsigned int loop_count = 0; unsigned int loop_count = 0;
CURL *curl = (CURL *)data; CURL *curl = (CURL *)data;
entry_t **entryptr = NULL; entry_t **entryptr = NULL;
entry_t *entry = NULL; entry_t *entry = NULL;
apr_status_t rc; apr_status_t rc;
apr_finfo_t finfo; apr_finfo_t finfo;
int capturevector[CAPTUREVECTORSIZE]; int capturevector[CAPTUREVECTORSIZE];
#ifdef WITH_PCRE2
pcre2_match_data *pcre2_match_data = NULL;
#endif
int take_new = 1; int take_new = 1;
apr_pool_t *tpool; apr_pool_t *tpool;
struct curl_slist *headerlist = NULL; struct curl_slist *headerlist = NULL;
char curl_error_buffer[CURL_ERROR_SIZE] = ""; char curl_error_buffer[CURL_ERROR_SIZE] = "";
int num_requests = 0; int num_requests = 0;
/* There is no need to do the sleep if this was an invalid entry /* There is no need to do the sleep if this was an invalid entry
* as the sleep is just to protect flooding the console server * as the sleep is just to protect flooding the console server
* with rapid requests. With an invalid entry we never hit the * with rapid requests. With an invalid entry we never hit the
* server, so we should not delay processing the next event. * server, so we should not delay processing the next event.
skipping to change at line 1514 skipping to change at line 1541
/* Send one entry. */ /* Send one entry. */
error_log(LOG_DEBUG, thread, "Processing entry."); error_log(LOG_DEBUG, thread, "Processing entry.");
take_new = 0; take_new = 0;
/* Keep track of requests processed if we need to */ /* Keep track of requests processed if we need to */
if (max_worker_requests > 0) { if (max_worker_requests > 0) {
num_requests++; num_requests++;
} }
#ifdef WITH_PCRE2
pcre2_match_data = pcre2_match_data_create_from_pattern(logline_regex,
NULL);
rc = pcre2_match(logline_regex, entry->line, entry->line_size, 0, 0,
pcre2_match_data, NULL);
if (rc > 0) {
PCRE2_SIZE *pcre2_ovector = pcre2_get_ovector_pointer(pcre2_match_da
ta);
for (int i = 0; i < rc; i++) {
capturevector[2*i] = pcre2_ovector[2*i];
capturevector[2*i+1] = pcre2_ovector[2*i+1];
}
}
pcre2_match_data_free(pcre2_match_data);
if (rc == PCRE2_ERROR_NOMATCH) {
#else
rc = pcre_exec(logline_regex, NULL, entry->line, entry->line_size, 0, 0, rc = pcre_exec(logline_regex, NULL, entry->line, entry->line_size, 0, 0,
capturevector, CAPTUREVECTORSIZE); capturevector, CAPTUREVECTORSIZE);
if (rc == PCRE_ERROR_NOMATCH) { /* No match. */ if (rc == PCRE_ERROR_NOMATCH) {
#endif
error_log(LOG_WARNING, thread, error_log(LOG_WARNING, thread,
"Invalid entry (failed to match regex): %s", "Invalid entry (failed to match regex): %s",
_log_escape(tpool, entry->line, entry->line_size)); _log_escape(tpool, entry->line, entry->line_size));
take_new = 1; take_new = 1;
nodelay = 1; nodelay = 1;
} }
else if (rc < 0) { /* Error condition. */ else if (rc < 0) { /* Error condition. */
error_log(LOG_WARNING, thread, error_log(LOG_WARNING, thread,
"Invalid entry (PCRE error %d): %s", "Invalid entry (PCRE error %d): %s",
rc, _log_escape(tpool, entry->line, entry->line_size)); rc, _log_escape(tpool, entry->line, entry->line_size));
skipping to change at line 2264 skipping to change at line 2306
fprintf(stderr, " Options:\n"); fprintf(stderr, " Options:\n");
fprintf(stderr, " -f Force depletion of queue on exit\n"); fprintf(stderr, " -f Force depletion of queue on exit\n");
fprintf(stderr, " -v Version information\n"); fprintf(stderr, " -v Version information\n");
fprintf(stderr, " -h This help\n\n"); fprintf(stderr, " -h This help\n\n");
} }
/** /**
* Version text. * Version text.
*/ */
static void version(void) { static void version(void) {
#ifdef WITH_PCRE2
char pcre2_loaded_version_buffer[80] ={0};
char *pcre_loaded_version = pcre2_loaded_version_buffer;
pcre2_config(PCRE2_CONFIG_VERSION, pcre_loaded_version);
#endif
fprintf(stderr, fprintf(stderr,
"ModSecurity Log Collector (mlogc) v%s\n", VERSION); "ModSecurity Log Collector (mlogc) v%s\n", VERSION);
fprintf(stderr, fprintf(stderr,
" APR: compiled=\"%s\"; " " APR: compiled=\"%s\"; "
"loaded=\"%s\"\n", APR_VERSION_STRING, apr_version_string()); "loaded=\"%s\"\n", APR_VERSION_STRING, apr_version_string());
fprintf(stderr, fprintf(stderr,
" PCRE: compiled=\"%d.%d\"; " " PCRE: compiled=\"%d.%d\"; "
#ifdef WITH_PCRE2
"loaded=\"%s\"\n", PCRE2_MAJOR, PCRE2_MINOR, pcre_loaded_version);
#else
"loaded=\"%s\"\n", PCRE_MAJOR, PCRE_MINOR, pcre_version()); "loaded=\"%s\"\n", PCRE_MAJOR, PCRE_MINOR, pcre_version());
#endif
fprintf(stderr, fprintf(stderr,
" cURL: compiled=\"%s\"; " " cURL: compiled=\"%s\"; "
"loaded=\"%s\"\n", LIBCURL_VERSION, curl_version()); "loaded=\"%s\"\n", LIBCURL_VERSION, curl_version());
fprintf(stderr, "\n"); fprintf(stderr, "\n");
} }
/** /**
* This is the main entry point. * This is the main entry point.
*/ */
int main(int argc, const char * const argv[]) { int main(int argc, const char * const argv[]) {
 End of changes. 16 change blocks. 
5 lines changed or deleted 60 lines changed or added

Home  |  About  |  Features  |  All  |  Newest  |  Dox  |  Diffs  |  RSS Feeds  |  Screenshots  |  Comments  |  Imprint  |  Privacy  |  HTTP(S)