diff --git a/src/ngx_http_modsecurity_body_filter.c b/src/ngx_http_modsecurity_body_filter.c index f8b3c71..fd286d0 100644 --- a/src/ngx_http_modsecurity_body_filter.c +++ b/src/ngx_http_modsecurity_body_filter.c @@ -35,7 +35,6 @@ ngx_http_modsecurity_body_filter_init(void) ngx_int_t ngx_http_modsecurity_body_filter(ngx_http_request_t *r, ngx_chain_t *in) { - int buffer_fully_loadead = 0; ngx_chain_t *chain = in; ngx_http_modsecurity_ctx_t *ctx = NULL; #if defined(MODSECURITY_SANITY_CHECKS) && (MODSECURITY_SANITY_CHECKS) @@ -135,47 +134,43 @@ ngx_http_modsecurity_body_filter(ngx_http_request_t *r, ngx_chain_t *in) } #endif + int is_request_processed = 0; for (; chain != NULL; chain = chain->next) { -/* XXX: chain->buf->last_buf || chain->buf->last_in_chain */ - if (chain->buf->last_buf) { - buffer_fully_loadead = 1; + u_char *data = chain->buf->pos; + int ret; + + msc_append_response_body(ctx->modsec_transaction, data, chain->buf->last - data); + ret = ngx_http_modsecurity_process_intervention(ctx->modsec_transaction, r); + if (ret > 0) { + return ngx_http_filter_finalize_request(r, + &ngx_http_modsecurity_module, ret); } - } - if (buffer_fully_loadead == 1) - { - int ret; - ngx_pool_t *old_pool; +/* XXX: chain->buf->last_buf || chain->buf->last_in_chain */ + is_request_processed = chain->buf->last_buf; - for (chain = in; chain != NULL; chain = chain->next) - { - u_char *data = chain->buf->start; + if (is_request_processed) { + ngx_pool_t *old_pool; + + old_pool = ngx_http_modsecurity_pcre_malloc_init(r->pool); + msc_process_response_body(ctx->modsec_transaction); + ngx_http_modsecurity_pcre_malloc_done(old_pool); - msc_append_response_body(ctx->modsec_transaction, data, chain->buf->end - data); +/* XXX: I don't get how body from modsec being transferred to nginx's buffer. If so - after adjusting of nginx's + XXX: body we can proceed to adjust body size (content-length). see xslt_body_filter() for example */ ret = ngx_http_modsecurity_process_intervention(ctx->modsec_transaction, r); if (ret > 0) { - return ngx_http_filter_finalize_request(r, - &ngx_http_modsecurity_module, ret); + return ret; } - } - - old_pool = ngx_http_modsecurity_pcre_malloc_init(r->pool); - msc_process_response_body(ctx->modsec_transaction); - ngx_http_modsecurity_pcre_malloc_done(old_pool); + else if (ret < 0) { + return ngx_http_filter_finalize_request(r, + &ngx_http_modsecurity_module, NGX_HTTP_INTERNAL_SERVER_ERROR); -/* XXX: I don't get how body from modsec being transferred to nginx's buffer. If so - after adjusting of nginx's - XXX: body we can proceed to adjust body size (content-length). see xslt_body_filter() for example */ - ret = ngx_http_modsecurity_process_intervention(ctx->modsec_transaction, r); - if (ret > 0) { - return ret; - } - else if (ret < 0) { - return ngx_http_filter_finalize_request(r, - &ngx_http_modsecurity_module, NGX_HTTP_INTERNAL_SERVER_ERROR); + } } } - else + if (!is_request_processed) { dd("buffer was not fully loaded! ctx: %p", ctx); } diff --git a/src/ngx_http_modsecurity_pre_access.c b/src/ngx_http_modsecurity_pre_access.c index 70f9feb..6f4cbcb 100644 --- a/src/ngx_http_modsecurity_pre_access.c +++ b/src/ngx_http_modsecurity_pre_access.c @@ -163,10 +163,10 @@ ngx_http_modsecurity_pre_access_handler(ngx_http_request_t *r) while (chain && !already_inspected) { - u_char *data = chain->buf->start; + u_char *data = chain->buf->pos; msc_append_request_body(ctx->modsec_transaction, data, - chain->buf->last - chain->buf->pos); + chain->buf->last - data); if (chain->buf->last_buf) { break;