From 10175e3fae2b133e62bf15b866a5db5567b5532a Mon Sep 17 00:00:00 2001 From: Marc Stern Date: Wed, 12 Jun 2024 15:03:05 +0200 Subject: [PATCH 1/8] Update ci.yml --- .github/workflows/ci.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index d931133834..0c32ce189a 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -48,4 +48,5 @@ jobs: - name: start apache with module run: | sudo systemctl restart apache2.service + sudo cat /var/log/apache2/error.log From 9309050d017c029e35afcd373234c1c1e2d412da Mon Sep 17 00:00:00 2001 From: Marc Stern Date: Wed, 12 Jun 2024 15:26:29 +0200 Subject: [PATCH 2/8] Update ci.yml --- .github/workflows/ci.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 0c32ce189a..9957512386 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -49,4 +49,5 @@ jobs: run: | sudo systemctl restart apache2.service sudo cat /var/log/apache2/error.log + From d1742ee566a2444245036d4633c8af6cfb904646 Mon Sep 17 00:00:00 2001 From: Marc Stern Date: Tue, 25 Jun 2024 11:03:24 +0200 Subject: [PATCH 3/8] Update ci.yml --- .github/workflows/ci.yml | 2 -- 1 file changed, 2 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 9957512386..e0e9d1c334 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -49,5 +49,3 @@ jobs: run: | sudo systemctl restart apache2.service sudo cat /var/log/apache2/error.log - - From 188a924ad99bf02860f094c899584b7acb1441d3 Mon Sep 17 00:00:00 2001 From: Marc Stern Date: Tue, 25 Jun 2024 11:08:47 +0200 Subject: [PATCH 4/8] - --- .github/workflows/ci.yml | 52 ---------------------------------------- 1 file changed, 52 deletions(-) delete mode 100644 .github/workflows/ci.yml diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml deleted file mode 100644 index 0c32ce189a..0000000000 --- a/.github/workflows/ci.yml +++ /dev/null @@ -1,52 +0,0 @@ -name: Quality Assurance - -on: - push: - pull_request: - -jobs: - build-linux: - runs-on: ${{ matrix.os }} - strategy: - matrix: - os: [ubuntu-22.04] - platform: [x32, x64] - compiler: [gcc, clang] - configure: - - {label: "with pcre, no study, no jit", opt: "--enable-pcre-study=no" } - - {label: "with pcre, with study, no jit", opt: "--enable-pcre-study=yes" } - - {label: "with pcre, no study, with jit", opt: "--enable-pcre-study=no --enable-pcre-jit" } - - {label: "with pcre, with study, with jit", opt: "--enable-pcre-study=yes --enable-pcre-jit" } - - {label: "with pcre2", opt: "--with-pcre2 --enable-pcre-study=no" } - - {label: "with pcre2, with study, no jit", opt: "--with-pcre2 --enable-pcre-study=yes" } - - {label: "with pcre2, no study, with jit", opt: "--with-pcre2 --enable-pcre-study=no --enable-pcre-jit" } - - {label: "with pcre2, with study, with jit", opt: "--with-pcre2 --enable-pcre-study=yes --enable-pcre-jit" } - - {label: "with lua", opt: "--with-lua" } - - {label: "wo lua", opt: "--without-lua" } - steps: - - name: Setup Dependencies - run: | - sudo apt-get update -y -qq - sudo apt-get install -y apache2-dev libxml2-dev liblua5.1-0-dev libcurl4-gnutls-dev libpcre2-dev pkg-config libyajl-dev apache2 apache2-bin apache2-data - - uses: actions/checkout@v2 - - name: autogen.sh - run: ./autogen.sh - - name: configure ${{ matrix.configure.label }} - run: ./configure --enable-assertions ${{ matrix.configure.opt }} - - uses: ammaraskar/gcc-problem-matcher@master - - name: make - run: make -j `nproc` - - name: install module - run: sudo make install - - name: prepare config - run: | - sudo cp .github/security2.conf /etc/apache2/mods-enabled/ - sudo cp modsecurity.conf-recommended /etc/apache2/modsecurity.conf - sudo cp unicode.mapping /etc/apache2/ - sudo mkdir -p /var/cache/modsecurity - sudo chown -R www-data:www-data /var/cache/modsecurity - - name: start apache with module - run: | - sudo systemctl restart apache2.service - sudo cat /var/log/apache2/error.log - From 4cbf74e85b30b80ec441207e0850bdb917639033 Mon Sep 17 00:00:00 2001 From: Marc Stern Date: Tue, 25 Jun 2024 11:12:03 +0200 Subject: [PATCH 5/8] - --- .github/workflows/ci.yml | 52 ++++++++++++++++++++++++++++++++++++++++ 1 file changed, 52 insertions(+) create mode 100644 .github/workflows/ci.yml diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml new file mode 100644 index 0000000000..0c32ce189a --- /dev/null +++ b/.github/workflows/ci.yml @@ -0,0 +1,52 @@ +name: Quality Assurance + +on: + push: + pull_request: + +jobs: + build-linux: + runs-on: ${{ matrix.os }} + strategy: + matrix: + os: [ubuntu-22.04] + platform: [x32, x64] + compiler: [gcc, clang] + configure: + - {label: "with pcre, no study, no jit", opt: "--enable-pcre-study=no" } + - {label: "with pcre, with study, no jit", opt: "--enable-pcre-study=yes" } + - {label: "with pcre, no study, with jit", opt: "--enable-pcre-study=no --enable-pcre-jit" } + - {label: "with pcre, with study, with jit", opt: "--enable-pcre-study=yes --enable-pcre-jit" } + - {label: "with pcre2", opt: "--with-pcre2 --enable-pcre-study=no" } + - {label: "with pcre2, with study, no jit", opt: "--with-pcre2 --enable-pcre-study=yes" } + - {label: "with pcre2, no study, with jit", opt: "--with-pcre2 --enable-pcre-study=no --enable-pcre-jit" } + - {label: "with pcre2, with study, with jit", opt: "--with-pcre2 --enable-pcre-study=yes --enable-pcre-jit" } + - {label: "with lua", opt: "--with-lua" } + - {label: "wo lua", opt: "--without-lua" } + steps: + - name: Setup Dependencies + run: | + sudo apt-get update -y -qq + sudo apt-get install -y apache2-dev libxml2-dev liblua5.1-0-dev libcurl4-gnutls-dev libpcre2-dev pkg-config libyajl-dev apache2 apache2-bin apache2-data + - uses: actions/checkout@v2 + - name: autogen.sh + run: ./autogen.sh + - name: configure ${{ matrix.configure.label }} + run: ./configure --enable-assertions ${{ matrix.configure.opt }} + - uses: ammaraskar/gcc-problem-matcher@master + - name: make + run: make -j `nproc` + - name: install module + run: sudo make install + - name: prepare config + run: | + sudo cp .github/security2.conf /etc/apache2/mods-enabled/ + sudo cp modsecurity.conf-recommended /etc/apache2/modsecurity.conf + sudo cp unicode.mapping /etc/apache2/ + sudo mkdir -p /var/cache/modsecurity + sudo chown -R www-data:www-data /var/cache/modsecurity + - name: start apache with module + run: | + sudo systemctl restart apache2.service + sudo cat /var/log/apache2/error.log + From 42620f6d69d8c52f9face7a4f9a2b43d42155917 Mon Sep 17 00:00:00 2001 From: Marc Stern Date: Tue, 25 Jun 2024 11:13:53 +0200 Subject: [PATCH 6/8] - --- .github/workflows/ci.yml | 52 ---------------------------------------- 1 file changed, 52 deletions(-) delete mode 100644 .github/workflows/ci.yml diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml deleted file mode 100644 index 0c32ce189a..0000000000 --- a/.github/workflows/ci.yml +++ /dev/null @@ -1,52 +0,0 @@ -name: Quality Assurance - -on: - push: - pull_request: - -jobs: - build-linux: - runs-on: ${{ matrix.os }} - strategy: - matrix: - os: [ubuntu-22.04] - platform: [x32, x64] - compiler: [gcc, clang] - configure: - - {label: "with pcre, no study, no jit", opt: "--enable-pcre-study=no" } - - {label: "with pcre, with study, no jit", opt: "--enable-pcre-study=yes" } - - {label: "with pcre, no study, with jit", opt: "--enable-pcre-study=no --enable-pcre-jit" } - - {label: "with pcre, with study, with jit", opt: "--enable-pcre-study=yes --enable-pcre-jit" } - - {label: "with pcre2", opt: "--with-pcre2 --enable-pcre-study=no" } - - {label: "with pcre2, with study, no jit", opt: "--with-pcre2 --enable-pcre-study=yes" } - - {label: "with pcre2, no study, with jit", opt: "--with-pcre2 --enable-pcre-study=no --enable-pcre-jit" } - - {label: "with pcre2, with study, with jit", opt: "--with-pcre2 --enable-pcre-study=yes --enable-pcre-jit" } - - {label: "with lua", opt: "--with-lua" } - - {label: "wo lua", opt: "--without-lua" } - steps: - - name: Setup Dependencies - run: | - sudo apt-get update -y -qq - sudo apt-get install -y apache2-dev libxml2-dev liblua5.1-0-dev libcurl4-gnutls-dev libpcre2-dev pkg-config libyajl-dev apache2 apache2-bin apache2-data - - uses: actions/checkout@v2 - - name: autogen.sh - run: ./autogen.sh - - name: configure ${{ matrix.configure.label }} - run: ./configure --enable-assertions ${{ matrix.configure.opt }} - - uses: ammaraskar/gcc-problem-matcher@master - - name: make - run: make -j `nproc` - - name: install module - run: sudo make install - - name: prepare config - run: | - sudo cp .github/security2.conf /etc/apache2/mods-enabled/ - sudo cp modsecurity.conf-recommended /etc/apache2/modsecurity.conf - sudo cp unicode.mapping /etc/apache2/ - sudo mkdir -p /var/cache/modsecurity - sudo chown -R www-data:www-data /var/cache/modsecurity - - name: start apache with module - run: | - sudo systemctl restart apache2.service - sudo cat /var/log/apache2/error.log - From a2dcd4ffe56a7c293e5fde8337c139b971e74171 Mon Sep 17 00:00:00 2001 From: Marc Stern Date: Tue, 25 Jun 2024 11:17:18 +0200 Subject: [PATCH 7/8] - --- .github/workflows/ci.yml | 52 ++++++++++++++++++++++++++++++++++++++++ 1 file changed, 52 insertions(+) create mode 100644 .github/workflows/ci.yml diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml new file mode 100644 index 0000000000..0c32ce189a --- /dev/null +++ b/.github/workflows/ci.yml @@ -0,0 +1,52 @@ +name: Quality Assurance + +on: + push: + pull_request: + +jobs: + build-linux: + runs-on: ${{ matrix.os }} + strategy: + matrix: + os: [ubuntu-22.04] + platform: [x32, x64] + compiler: [gcc, clang] + configure: + - {label: "with pcre, no study, no jit", opt: "--enable-pcre-study=no" } + - {label: "with pcre, with study, no jit", opt: "--enable-pcre-study=yes" } + - {label: "with pcre, no study, with jit", opt: "--enable-pcre-study=no --enable-pcre-jit" } + - {label: "with pcre, with study, with jit", opt: "--enable-pcre-study=yes --enable-pcre-jit" } + - {label: "with pcre2", opt: "--with-pcre2 --enable-pcre-study=no" } + - {label: "with pcre2, with study, no jit", opt: "--with-pcre2 --enable-pcre-study=yes" } + - {label: "with pcre2, no study, with jit", opt: "--with-pcre2 --enable-pcre-study=no --enable-pcre-jit" } + - {label: "with pcre2, with study, with jit", opt: "--with-pcre2 --enable-pcre-study=yes --enable-pcre-jit" } + - {label: "with lua", opt: "--with-lua" } + - {label: "wo lua", opt: "--without-lua" } + steps: + - name: Setup Dependencies + run: | + sudo apt-get update -y -qq + sudo apt-get install -y apache2-dev libxml2-dev liblua5.1-0-dev libcurl4-gnutls-dev libpcre2-dev pkg-config libyajl-dev apache2 apache2-bin apache2-data + - uses: actions/checkout@v2 + - name: autogen.sh + run: ./autogen.sh + - name: configure ${{ matrix.configure.label }} + run: ./configure --enable-assertions ${{ matrix.configure.opt }} + - uses: ammaraskar/gcc-problem-matcher@master + - name: make + run: make -j `nproc` + - name: install module + run: sudo make install + - name: prepare config + run: | + sudo cp .github/security2.conf /etc/apache2/mods-enabled/ + sudo cp modsecurity.conf-recommended /etc/apache2/modsecurity.conf + sudo cp unicode.mapping /etc/apache2/ + sudo mkdir -p /var/cache/modsecurity + sudo chown -R www-data:www-data /var/cache/modsecurity + - name: start apache with module + run: | + sudo systemctl restart apache2.service + sudo cat /var/log/apache2/error.log + From d58f5498e577b9d735afcbc4359981952e5e5a2b Mon Sep 17 00:00:00 2001 From: Marc Stern Date: Tue, 25 Jun 2024 11:24:58 +0200 Subject: [PATCH 8/8] Passing address of lock instead of lock --- apache2/modsecurity.c | 35 +++++++++++++++-------------------- apache2/modsecurity.h | 2 +- 2 files changed, 16 insertions(+), 21 deletions(-) diff --git a/apache2/modsecurity.c b/apache2/modsecurity.c index 74b6eca9e1..366715d84d 100644 --- a/apache2/modsecurity.c +++ b/apache2/modsecurity.c @@ -122,7 +122,7 @@ msc_engine *modsecurity_create(apr_pool_t *mp, int processing_mode) { return msce; } -int acquire_global_lock(apr_global_mutex_t *lock, apr_pool_t *mp) { +int acquire_global_lock(apr_global_mutex_t **lock, apr_pool_t *mp) { apr_status_t rc; apr_file_t *lock_name; const char *temp_dir; @@ -146,22 +146,23 @@ int acquire_global_lock(apr_global_mutex_t *lock, apr_pool_t *mp) { // below func always return APR_SUCCESS apr_file_name_get(&filename, lock_name); - rc = apr_global_mutex_create(&lock, filename, APR_LOCK_DEFAULT, mp); + rc = apr_global_mutex_create(lock, filename, APR_LOCK_DEFAULT, mp); if (rc != APR_SUCCESS) { ap_log_perror(APLOG_MARK, APLOG_ERR, 0, NULL, " ModSecurity: Could not create global mutex"); return -1; } #if !defined(MSC_TEST) -#ifdef __SET_MUTEX_PERMS -#if AP_SERVER_MAJORVERSION_NUMBER > 1 && AP_SERVER_MINORVERSION_NUMBER > 2 - rc = ap_unixd_set_global_mutex_perms(lock); -#else - rc = unixd_set_global_mutex_perms(lock); -#endif +# ifdef __SET_MUTEX_PERMS +# if AP_SERVER_MAJORVERSION_NUMBER > 1 && AP_SERVER_MINORVERSION_NUMBER > 2 + rc = ap_unixd_set_global_mutex_perms(*lock); +# else + rc = unixd_set_global_mutex_perms(*lock); +# endif if (rc != APR_SUCCESS) { + ap_log_perror(APLOG_MARK, APLOG_ERR, 0, NULL, " ModSecurity: Could not set permissions on global mutex"); return -1; } -#endif /* SET_MUTEX_PERMS */ +# endif /* SET_MUTEX_PERMS */ #endif /* MSC_TEST */ return APR_SUCCESS; } @@ -189,21 +190,15 @@ int modsecurity_init(msc_engine *msce, apr_pool_t *mp) { curl_global_init(CURL_GLOBAL_ALL); #endif /* Serial audit log mutex */ - rc = acquire_global_lock(msce->auditlog_lock, mp); - if (rc != APR_SUCCESS) { - return -1; - } + rc = acquire_global_lock(&msce->auditlog_lock, mp); + if (rc != APR_SUCCESS) return -1; - rc = acquire_global_lock(msce->geo_lock, mp); - if (rc != APR_SUCCESS) { - return -1; - } + rc = acquire_global_lock(&msce->geo_lock, mp); + if (rc != APR_SUCCESS) return -1; #ifdef GLOBAL_COLLECTION_LOCK rc = acquire_global_lock(&msce->dbm_lock, mp); - if (rc != APR_SUCCESS) { - return -1; - } + if (rc != APR_SUCCESS) return -1; #endif /* GLOBAL_COLLECTION_LOCK */ return 1; diff --git a/apache2/modsecurity.h b/apache2/modsecurity.h index 143a82314b..d1aa1d8346 100644 --- a/apache2/modsecurity.h +++ b/apache2/modsecurity.h @@ -706,7 +706,7 @@ struct msc_parm { }; /* Reusable functions */ -int acquire_global_lock(apr_global_mutex_t *lock, apr_pool_t *mp); +int acquire_global_lock(apr_global_mutex_t **lock, apr_pool_t *mp); /* Engine functions */