From 076ecdad662851900d120423023df3b4e9187cbd Mon Sep 17 00:00:00 2001 From: yaoguangzhong Date: Fri, 6 Jan 2023 17:24:54 +0800 Subject: [PATCH 1/2] backport use uid if user name is not available Signed-off-by: Guangzhong Yao --- mod_security.spec | 6 +- ...se-uid-if-user-name-is-not-available.patch | 126 ++++++++++++++++++ 2 files changed, 131 insertions(+), 1 deletion(-) create mode 100644 modsecurity-2.9.5-use-uid-if-user-name-is-not-available.patch diff --git a/mod_security.spec b/mod_security.spec index 8a0eece..12ecc8d 100644 --- a/mod_security.spec +++ b/mod_security.spec @@ -7,7 +7,7 @@ Name: mod_security Version: 2.9.5 -Release: 2 +Release: 3 Summary: Security module for the Apache HTTP Server License: ASL 2.0 URL: http://www.modsecurity.org/ @@ -16,6 +16,7 @@ Source1: mod_security.conf Source2: 10-mod_security.conf Source3: modsecurity_localrules.conf Patch0000: modsecurity-2.9.5-lua-54.patch +Patch0001: modsecurity-2.9.5-use-uid-if-user-name-is-not-available.patch Requires: httpd httpd-mmn = %{_httpd_mmn} BuildRequires: gcc make perl-generators httpd-devel yajl yajl-devel @@ -98,6 +99,9 @@ install -m0755 mlogc/mlogc-batch-load.pl %{buildroot}%{_bindir}/mlogc-batch-load %endif %changelog +* Fri Jan 6 2023 yaoguangzhong - 2.9.5-3 +- backport use uid if user name is not available + * Fri Jan 7 liyanan - 2.9.5-2 - Fix build fail with lua 5.4.3 diff --git a/modsecurity-2.9.5-use-uid-if-user-name-is-not-available.patch b/modsecurity-2.9.5-use-uid-if-user-name-is-not-available.patch new file mode 100644 index 0000000..648e6e1 --- /dev/null +++ b/modsecurity-2.9.5-use-uid-if-user-name-is-not-available.patch @@ -0,0 +1,126 @@ +From 46c6cb2759327d94e619454dbe61f1e7639dd607 Mon Sep 17 00:00:00 2001 +From: Armin Abfalterer +Date: Tue, 12 Mar 2019 16:29:43 +0100 +Subject: [PATCH] use uid if user name is not available + +--- + apache2/msc_logging.c | 10 +++++++--- + apache2/persist_dbm.c | 29 +++++++++++++++++++---------- + 2 files changed, 26 insertions(+), 13 deletions(-) + +diff --git a/apache2/msc_logging.c b/apache2/msc_logging.c +index d50f709e..d1a867c3 100644 +--- a/apache2/msc_logging.c ++++ b/apache2/msc_logging.c +@@ -234,16 +234,20 @@ static char *construct_auditlog_filename(apr_pool_t *mp, const char *uniqueid) { + * This is required for mpm-itk & mod_ruid2, though should be harmless for other implementations + * It also changes the return statement. + */ +- char *username; ++ char *userinfo; ++ apr_status_t rc; + apr_uid_t uid; + apr_gid_t gid; + apr_uid_current(&uid, &gid, mp); +- apr_uid_name_get(&username, uid, mp); ++ rc = apr_uid_name_get(&userinfo, uid, mp); ++ if (rc != APR_SUCCESS) { ++ userinfo = apr_psprintf(mp, "%u", uid); ++ } + + apr_time_exp_lt(&t, apr_time_now()); + + apr_strftime(tstr, &len, 299, "/%Y%m%d/%Y%m%d-%H%M/%Y%m%d-%H%M%S", &t); +- return apr_psprintf(mp, "/%s%s-%s", username, tstr, uniqueid); ++ return apr_psprintf(mp, "/%s%s-%s", userinfo, tstr, uniqueid); + } + + /** +diff --git a/apache2/persist_dbm.c b/apache2/persist_dbm.c +index efbbf6eb..e4f8036f 100644 +--- a/apache2/persist_dbm.c ++++ b/apache2/persist_dbm.c +@@ -104,11 +104,14 @@ static apr_table_t *collection_retrieve_ex(apr_sdbm_t *existing_dbm, modsec_rec + /** + * This is required for mpm-itk & mod_ruid2, though should be harmless for other implementations + */ +- char *username; ++ char *userinfo; + apr_uid_t uid; + apr_gid_t gid; + apr_uid_current(&uid, &gid, msr->mp); +- apr_uid_name_get(&username, uid, msr->mp); ++ rc = apr_uid_name_get(&userinfo, uid, msr->mp); ++ if (rc != APR_SUCCESS) { ++ userinfo = apr_psprintf(msr->mp, "%u", uid); ++ } + + if (msr->txcfg->data_dir == NULL) { + msr_log(msr, 1, "collection_retrieve_ex: Unable to retrieve collection (name \"%s\", key \"%s\"). Use " +@@ -117,7 +120,7 @@ static apr_table_t *collection_retrieve_ex(apr_sdbm_t *existing_dbm, modsec_rec + goto cleanup; + } + +- dbm_filename = apr_pstrcat(msr->mp, msr->txcfg->data_dir, "/", username, "-", col_name, NULL); ++ dbm_filename = apr_pstrcat(msr->mp, msr->txcfg->data_dir, "/", userinfo, "-", col_name, NULL); + + if (msr->txcfg->debuglog_level >= 9) { + msr_log(msr, 9, "collection_retrieve_ex: collection_retrieve_ex: Retrieving collection (name \"%s\", filename \"%s\")",log_escape(msr->mp, col_name), +@@ -385,11 +388,14 @@ int collection_store(modsec_rec *msr, apr_table_t *col) { + /** + * This is required for mpm-itk & mod_ruid2, though should be harmless for other implementations + */ +- char *username; ++ char *userinfo; + apr_uid_t uid; + apr_gid_t gid; + apr_uid_current(&uid, &gid, msr->mp); +- apr_uid_name_get(&username, uid, msr->mp); ++ rc = apr_uid_name_get(&userinfo, uid, msr->mp); ++ if (rc != APR_SUCCESS) { ++ userinfo = apr_psprintf(msr->mp, "%u", uid); ++ } + + var_name = (msc_string *)apr_table_get(col, "__name"); + if (var_name == NULL) { +@@ -409,7 +415,7 @@ int collection_store(modsec_rec *msr, apr_table_t *col) { + } + + // ENH: lowercase the var name in the filename +- dbm_filename = apr_pstrcat(msr->mp, msr->txcfg->data_dir, "/", username, "-", var_name->value, NULL); ++ dbm_filename = apr_pstrcat(msr->mp, msr->txcfg->data_dir, "/", userinfo, "-", var_name->value, NULL); + + if (msr->txcfg->debuglog_level >= 9) { + msr_log(msr, 9, "collection_store: Retrieving collection (name \"%s\", filename \"%s\")",log_escape(msr->mp, var_name->value), +@@ -675,11 +681,14 @@ int collections_remove_stale(modsec_rec *msr, const char *col_name) { + /** + * This is required for mpm-itk & mod_ruid2, though should be harmless for other implementations + */ +- char *username; ++ char *userinfo; + apr_uid_t uid; + apr_gid_t gid; + apr_uid_current(&uid, &gid, msr->mp); +- apr_uid_name_get(&username, uid, msr->mp); ++ rc = apr_uid_name_get(&userinfo, uid, msr->mp); ++ if (rc != APR_SUCCESS) { ++ userinfo = apr_psprintf(msr->mp, "%u", uid); ++ } + + if (msr->txcfg->data_dir == NULL) { + /* The user has been warned about this problem enough times already by now. +@@ -690,9 +699,9 @@ int collections_remove_stale(modsec_rec *msr, const char *col_name) { + } + + if(strstr(col_name,"USER") || strstr(col_name,"SESSION") || strstr(col_name, "RESOURCE")) +- dbm_filename = apr_pstrcat(msr->mp, msr->txcfg->data_dir, "/", username, "-", msr->txcfg->webappid, "_", col_name, NULL); ++ dbm_filename = apr_pstrcat(msr->mp, msr->txcfg->data_dir, "/", userinfo, "-", msr->txcfg->webappid, "_", col_name, NULL); + else +- dbm_filename = apr_pstrcat(msr->mp, msr->txcfg->data_dir, "/", username, "-", col_name, NULL); ++ dbm_filename = apr_pstrcat(msr->mp, msr->txcfg->data_dir, "/", userinfo, "-", col_name, NULL); + + if (msr->txcfg->debuglog_level >= 9) { + msr_log(msr, 9, "collections_remove_stale: Retrieving collection (name \"%s\", filename \"%s\")",log_escape(msr->mp, col_name), +-- +2.27.0 + -- Gitee From 1b0289e1461a6b4979f54113060c875be230577b Mon Sep 17 00:00:00 2001 From: yaoguangzhong Date: Fri, 6 Jan 2023 17:49:13 +0800 Subject: [PATCH 2/2] backport properly cleanup XML parser contexts upon completion From: Vladimir Krivopalov Signed-off-by: Guangzhong Yao --- mod_security.spec | 6 +++- ...-XML-parser-contexts-upon-completion.patch | 36 +++++++++++++++++++ 2 files changed, 41 insertions(+), 1 deletion(-) create mode 100644 modsecurity-2.9.5-Properly-cleanup-XML-parser-contexts-upon-completion.patch diff --git a/mod_security.spec b/mod_security.spec index 12ecc8d..878d39f 100644 --- a/mod_security.spec +++ b/mod_security.spec @@ -7,7 +7,7 @@ Name: mod_security Version: 2.9.5 -Release: 3 +Release: 4 Summary: Security module for the Apache HTTP Server License: ASL 2.0 URL: http://www.modsecurity.org/ @@ -17,6 +17,7 @@ Source2: 10-mod_security.conf Source3: modsecurity_localrules.conf Patch0000: modsecurity-2.9.5-lua-54.patch Patch0001: modsecurity-2.9.5-use-uid-if-user-name-is-not-available.patch +Patch0002: modsecurity-2.9.5-Properly-cleanup-XML-parser-contexts-upon-completion.patch Requires: httpd httpd-mmn = %{_httpd_mmn} BuildRequires: gcc make perl-generators httpd-devel yajl yajl-devel @@ -99,6 +100,9 @@ install -m0755 mlogc/mlogc-batch-load.pl %{buildroot}%{_bindir}/mlogc-batch-load %endif %changelog +* Fri Jan 6 2023 yaoguangzhong - 2.9.5-4 +- backport properly cleanup XML parser contexts upon completion + * Fri Jan 6 2023 yaoguangzhong - 2.9.5-3 - backport use uid if user name is not available diff --git a/modsecurity-2.9.5-Properly-cleanup-XML-parser-contexts-upon-completion.patch b/modsecurity-2.9.5-Properly-cleanup-XML-parser-contexts-upon-completion.patch new file mode 100644 index 0000000..e74ddde --- /dev/null +++ b/modsecurity-2.9.5-Properly-cleanup-XML-parser-contexts-upon-completion.patch @@ -0,0 +1,36 @@ +From 6a5ec1ff7bd5a4a653da417f9a49a50cf5b2429d Mon Sep 17 00:00:00 2001 +From: Vladimir Krivopalov +Date: Mon, 13 Jan 2020 16:36:09 -0800 +Subject: [PATCH] Properly cleanup XML parser contexts upon completion + +It is currently possible that the XML parsing context is not properly +cleaned up if a parsed XML document is malformed. + +This fix makes sure that the context is taken care of. + +Signed-off-by: Vladimir Krivopalov +--- + apache2/msc_xml.c | 7 +++++++ + 1 file changed, 7 insertions(+) + +diff --git a/apache2/msc_xml.c b/apache2/msc_xml.c +index a31decb5..9cc4da65 100644 +--- a/apache2/msc_xml.c ++++ b/apache2/msc_xml.c +@@ -137,6 +137,13 @@ int xml_complete(modsec_rec *msr, char **error_msg) { + * Frees the resources used for XML parsing. + */ + apr_status_t xml_cleanup(modsec_rec *msr) { ++ if (msr->xml->parsing_ctx != NULL) { ++ if (msr->xml->parsing_ctx->myDoc) { ++ xmlFreeDoc(msr->xml->parsing_ctx->myDoc); ++ } ++ xmlFreeParserCtxt(msr->xml->parsing_ctx); ++ msr->xml->parsing_ctx = NULL; ++ } + if (msr->xml->doc != NULL) { + xmlFreeDoc(msr->xml->doc); + msr->xml->doc = NULL; +-- +2.27.0 + -- Gitee