Skip to content

Commit 3f9e2cc

Browse files
spectrumjadeFelipe Zimmerle
spectrumjade
authored and
Felipe Zimmerle
committed
Stop buffering when the request is larger than SecRequestBodyLimit and in ProcessPartial mode
1 parent 1068da4 commit 3f9e2cc

File tree

2 files changed

+19
-9
lines changed

2 files changed

+19
-9
lines changed

apache2/apache2_io.c

Lines changed: 18 additions & 9 deletions
Original file line numberDiff line numberDiff line change
@@ -139,12 +139,14 @@ apr_status_t input_filter(ap_filter_t *f, apr_bucket_brigade *bb_out,
139139
if (rc == 0) {
140140
modsecurity_request_body_retrieve_end(msr);
141141

142-
bucket = apr_bucket_eos_create(f->r->connection->bucket_alloc);
143-
if (bucket == NULL) return APR_EGENERAL;
144-
APR_BRIGADE_INSERT_TAIL(bb_out, bucket);
142+
if (msr->if_seen_eos) {
143+
bucket = apr_bucket_eos_create(f->r->connection->bucket_alloc);
144+
if (bucket == NULL) return APR_EGENERAL;
145+
APR_BRIGADE_INSERT_TAIL(bb_out, bucket);
145146

146-
if (msr->txcfg->debuglog_level >= 4) {
147-
msr_log(msr, 4, "Input filter: Sent EOS.");
147+
if (msr->txcfg->debuglog_level >= 4) {
148+
msr_log(msr, 4, "Input filter: Sent EOS.");
149+
}
148150
}
149151

150152
/* We're done */
@@ -164,7 +166,7 @@ apr_status_t input_filter(ap_filter_t *f, apr_bucket_brigade *bb_out,
164166
*/
165167
apr_status_t read_request_body(modsec_rec *msr, char **error_msg) {
166168
request_rec *r = msr->r;
167-
unsigned int seen_eos;
169+
unsigned int finished_reading;
168170
apr_bucket_brigade *bb_in;
169171
apr_bucket *bucket;
170172

@@ -193,7 +195,8 @@ apr_status_t read_request_body(modsec_rec *msr, char **error_msg) {
193195
return -1;
194196
}
195197

196-
seen_eos = 0;
198+
finished_reading = 0;
199+
msr->if_seen_eos = 0;
197200
bb_in = apr_brigade_create(msr->mp, r->connection->bucket_alloc);
198201
if (bb_in == NULL) return -1;
199202
do {
@@ -283,6 +286,11 @@ apr_status_t read_request_body(modsec_rec *msr, char **error_msg) {
283286

284287
if (buflen != 0) {
285288
int rcbs = modsecurity_request_body_store(msr, buf, buflen, error_msg);
289+
290+
if (msr->reqbody_length > (apr_size_t)msr->txcfg->reqbody_limit && msr->txcfg->if_limit_action == REQUEST_BODY_LIMIT_ACTION_PARTIAL) {
291+
finished_reading = 1;
292+
}
293+
286294
if (rcbs < 0) {
287295
if (rcbs == -5) {
288296
if((msr->txcfg->is_enabled == MODSEC_ENABLED) && (msr->txcfg->if_limit_action == REQUEST_BODY_LIMIT_ACTION_REJECT)) {
@@ -309,12 +317,13 @@ apr_status_t read_request_body(modsec_rec *msr, char **error_msg) {
309317
}
310318

311319
if (APR_BUCKET_IS_EOS(bucket)) {
312-
seen_eos = 1;
320+
finished_reading = 1;
321+
msr->if_seen_eos = 1;
313322
}
314323
}
315324

316325
apr_brigade_cleanup(bb_in);
317-
} while(!seen_eos);
326+
} while(!finished_reading);
318327

319328
// TODO: Why ignore the return code here?
320329
modsecurity_request_body_end(msr, error_msg);

apache2/modsecurity.h

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -268,6 +268,7 @@ struct modsec_rec {
268268
unsigned int phase_request_body_complete;
269269

270270
apr_bucket_brigade *if_brigade;
271+
unsigned int if_seen_eos;
271272
unsigned int if_status;
272273
unsigned int if_started_forwarding;
273274

0 commit comments

Comments
 (0)