Skip to content

RESPONSE_BODY variable is unfilled #8

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
p0pr0ck5 opened this issue Feb 19, 2016 · 1 comment
Closed

RESPONSE_BODY variable is unfilled #8

p0pr0ck5 opened this issue Feb 19, 2016 · 1 comment

Comments

@p0pr0ck5
Copy link
Contributor

It seems that ngx_http_modsecurity_body_filter.c makes some assumptions about the ngx_chain_t struct passed to ngx_http_modsecurity_body_filter. Examine the following:

Given the following nginx 1.8.1 build:

poprocks@soter:~/code/C/ModSecurity-nginx/src$ /usr/local/nginx/sbin/nginx -V
nginx version: nginx/1.8.1
built by gcc 4.8.4 (Ubuntu 4.8.4-2ubuntu1~14.04) 
configure arguments: --with-debug --add-module=/home/poprocks/code/C/ModSecurity-nginx

And given the following inline modsecurity config: https://gist.github.com/p0pr0ck5/3864f5f18ae5ba5cb7aa

Given this diff for debug purposes - https://gist.github.com/p0pr0ck5/a24b2f8f8cd00997df41 -

Given a request to localhost/index.html (which will read the file from disk) we will find ourselves stepping through to here:

ngx_http_modsecurity_body_filter (r=0xfefee0, in=0x7ffff21ab810)
    at /home/poprocks/code/C/ModSecurity-nginx/src/ngx_http_modsecurity_body_filter.c:53
53      if (ctx == NULL) {
(gdb) 
59          dd("checking chain %p", chain);
(gdb) 
61          if (chain->buf->last_buf)
(gdb) 
63              buffer_fully_loadead = 1;
(gdb) 
57      for (; chain != NULL; chain = chain->next)
(gdb) 
67      if (buffer_fully_loadead == 1)
(gdb) 
73              dd("checking chain %p", chain);
(gdb) 
75              u_char *data = chain->buf->start;
(gdb) 
77              dd("data length is %ld", chain->buf->end - data);

We will see the following in the error log:

modsec *** ngx_http_modsecurity_body_filter: body filter, recovering ctx: 0xff0e50 at /home/poprocks/code/C/ModSecurity-nginx/src/ngx_http_modsecurity_body_filter.c line 51.
modsec *** ngx_http_modsecurity_body_filter: checking chain 0x7ffff21ab810 at /home/poprocks/code/C/ModSecurity-nginx/src/ngx_http_modsecurity_body_filter.c line 59.
modsec *** ngx_http_modsecurity_body_filter: checking chain 0x7ffff21ab810 at /home/poprocks/code/C/ModSecurity-nginx/src/ngx_http_modsecurity_body_filter.c line 73.

Examining the chain:

(gdb) print *(ngx_chain_t *) 0x7ffff21ab810
$1 = {buf = 0x1064250, next = 0x0}

Okay, we have a single buffer. The buffers contents:

(gdb) print *(ngx_buf_t *) 0x1064250
$2 = {pos = 0x0, last = 0x0, file_pos = 0, file_last = 612, start = 0x0, end = 0x0, tag = 0x0, file = 0x10642a0, shadow = 0x0, 
  temporary = 0, memory = 0, mmap = 0, recycled = 0, in_file = 1, flush = 0, sync = 0, last_buf = 1, last_in_chain = 1, 
  last_shadow = 0, temp_file = 0, num = 0}

So there is no buffer to pass to msc_append_response_body since the contents come from disk.
zimmerle added a commit that referenced this issue Mar 17, 2016
@zimmerle
Keep the response body in memory
221a134 
This commit fix the issue #8. This patch needs to be polished, it is
only necessary if the SecResponseBody is enabled.
@zimmerle
Copy link
Contributor

Hi @p0pr0ck5,

Thanks for the bug report :) it seems that the missing piece was:

r->filter_need_in_memory = 1;

See the commit: 221a134

@mimugmail mimugmail mentioned this issue Feb 4, 2017
Closed
@vipul-sharma-code vipul-sharma-code mentioned this issue Mar 23, 2018
Closed
@dennus dennus mentioned this issue Mar 23, 2018
Closed
dennus pushed a commit to dennus/ModSecurity-nginx that referenced this issue Apr 23, 2018
Merge pull request owasp-modsecurity#8 in SECURITYGW/ngx_http_modsecu…
20509be 
…rity from fix/try_to_fix_core_dump to develop

* commit '7f0eb0455125a4c662e37534bb87176bf02282f5':
  Try to fix core dumps
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@zimmerle @p0pr0ck5