Skip to content

Commit e400046

Browse files
Felipe Zimmerledaniilyar
Felipe Zimmerle
authored and
daniilyar
committed
Nginx-related fixes
Refactoring on the nginx module, including: - Better handling larger posts; - Now using nginx echo module during the regression tests. - Better interacting with neginx chain rules - Separation of the request handling and content filters. - Better handling nginx sessions and resource counts to allow a more efficient garbage collector. - Handling both http/1.0 and 1.1, including keep-alive. - Tests are now capable to test nginx as a proxy or end-server. - Tested agains nginx 1.6 and 1.7. - better dealing with chunked request body - Refactoring: split lines longer than 80 characters, remove trailing whitespaces, change CRLF to LF - Copy the req body chain to be processed instead of move: Add a check for the definition MOVE_REQUEST_CHAIN_TO_MODSEC, whenever it is set the chain will be moved into the brigade. If it was not set the chain will be only copied. Moving was causing segfaults on the following regression tests: owasp-modsecurity#15 - SecRequestBodyInMemoryLimit owasp-modsecurity#16 - SecRequestBodyInMemoryLimit (greater) owasp-modsecurity#19 - SecRequestBodyLimitAction ProcessPartial (multipart/greater - chunked) (from: regression/config/10-request-directives.t)
1 parent 748a29a commit e400046

File tree

8 files changed

+833
-549
lines changed

8 files changed

+833
-549
lines changed

nginx/modsecurity/apr_bucket_nginx.c

Lines changed: 288 additions & 250 deletions
Large diffs are not rendered by default.

nginx/modsecurity/apr_bucket_nginx.h

Lines changed: 24 additions & 18 deletions
Original file line numberDiff line numberDiff line change
@@ -1,18 +1,24 @@
1-
#pragma once
2-
#include <ngx_core.h>
3-
#include "apr_buckets.h"
4-
5-
apr_bucket * apr_bucket_nginx_create(ngx_buf_t *buf,
6-
apr_pool_t *p,
7-
apr_bucket_alloc_t *list);
8-
9-
apr_bucket * apr_bucket_nginx_make(apr_bucket *e, ngx_buf_t *buf,
10-
apr_pool_t *pool);
11-
12-
#define ngx_buf_to_apr_bucket apr_bucket_nginx_create
13-
14-
ngx_buf_t * apr_bucket_to_ngx_buf(apr_bucket *e, ngx_pool_t *pool);
15-
16-
ngx_int_t move_chain_to_brigade(ngx_chain_t *chain, apr_bucket_brigade *bb, ngx_pool_t *pool, ngx_int_t last_buf);
17-
ngx_int_t move_brigade_to_chain(apr_bucket_brigade *bb, ngx_chain_t **chain, ngx_pool_t *pool);
18-
1+
#pragma once
2+
#include <ngx_core.h>
3+
#include "apr_buckets.h"
4+
5+
apr_bucket * apr_bucket_nginx_create(ngx_buf_t *buf,
6+
apr_pool_t *p,
7+
apr_bucket_alloc_t *list);
8+
9+
apr_bucket * apr_bucket_nginx_make(apr_bucket *e, ngx_buf_t *buf,
10+
apr_pool_t *pool);
11+
12+
#define ngx_buf_to_apr_bucket apr_bucket_nginx_create
13+
14+
ngx_buf_t * apr_bucket_to_ngx_buf(apr_bucket *e, ngx_pool_t *pool);
15+
16+
ngx_int_t copy_chain_to_brigade(ngx_chain_t *chain_orig,
17+
apr_bucket_brigade *bb, ngx_pool_t *pool, ngx_int_t last_buf);
18+
19+
ngx_int_t move_chain_to_brigade(ngx_chain_t *chain, apr_bucket_brigade *bb,
20+
ngx_pool_t *pool, ngx_int_t last_buf);
21+
22+
ngx_int_t move_brigade_to_chain(apr_bucket_brigade *bb, ngx_chain_t **chain,
23+
ngx_pool_t *pool);
24+

0 commit comments

Comments
 (0)