Skip to content

Commit

Permalink
Move log opening to appropriate execution phase
Browse files Browse the repository at this point in the history 
When piped logs are opened during parsing of configuration
it results in unexpected situations in apache httpd
and can cause hang of process which is trying to log
into auditlog.
  • Loading branch information
@TomasKorbar
TomasKorbar committed Jan 2, 2024
1 parent 8038a52 commit 5698426
Show file tree
Hide file tree
Showing 4 changed files with 78 additions and 58 deletions.
58 changes: 0 additions & 58 deletions apache2/apache2_config.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1209,35 +1209,6 @@ static const char *cmd_audit_log(cmd_parms *cmd, void *_dcfg, const char *p1)
directory_config *dcfg = _dcfg;

dcfg->auditlog_name = (char *)p1;

if (dcfg->auditlog_name[0] == '|') {
const char *pipe_name = dcfg->auditlog_name + 1;
piped_log *pipe_log;

pipe_log = ap_open_piped_log(cmd->pool, pipe_name);
if (pipe_log == NULL) {
return apr_psprintf(cmd->pool, "ModSecurity: Failed to open the audit log pipe: %s",
pipe_name);
}
dcfg->auditlog_fd = ap_piped_log_write_fd(pipe_log);
}
else {
const char *file_name = ap_server_root_relative(cmd->pool, dcfg->auditlog_name);
apr_status_t rc;

if (dcfg->auditlog_fileperms == NOT_SET) {
dcfg->auditlog_fileperms = CREATEMODE;
}
rc = apr_file_open(&dcfg->auditlog_fd, file_name,
APR_WRITE | APR_APPEND | APR_CREATE | APR_BINARY,
dcfg->auditlog_fileperms, cmd->pool);

if (rc != APR_SUCCESS) {
return apr_psprintf(cmd->pool, "ModSecurity: Failed to open the audit log file: %s",
file_name);
}
}

return NULL;
}

Expand All @@ -1250,35 +1221,6 @@ static const char *cmd_audit_log2(cmd_parms *cmd, void *_dcfg, const char *p1)
}

dcfg->auditlog2_name = (char *)p1;

if (dcfg->auditlog2_name[0] == '|') {
const char *pipe_name = ap_server_root_relative(cmd->pool, dcfg->auditlog2_name + 1);
piped_log *pipe_log;

pipe_log = ap_open_piped_log(cmd->pool, pipe_name);
if (pipe_log == NULL) {
return apr_psprintf(cmd->pool, "ModSecurity: Failed to open the secondary audit log pipe: %s",
pipe_name);
}
dcfg->auditlog2_fd = ap_piped_log_write_fd(pipe_log);
}
else {
const char *file_name = ap_server_root_relative(cmd->pool, dcfg->auditlog2_name);
apr_status_t rc;

if (dcfg->auditlog_fileperms == NOT_SET) {
dcfg->auditlog_fileperms = CREATEMODE;
}
rc = apr_file_open(&dcfg->auditlog2_fd, file_name,
APR_WRITE | APR_APPEND | APR_CREATE | APR_BINARY,
dcfg->auditlog_fileperms, cmd->pool);

if (rc != APR_SUCCESS) {
return apr_psprintf(cmd->pool, "ModSecurity: Failed to open the secondary audit log file: %s",
file_name);
}
}

return NULL;
}

Expand Down
1 change: 1 addition & 0 deletions apache2/mod_security2.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1732,6 +1732,7 @@ static void register_hooks(apr_pool_t *mp) {

/* Logging */
ap_hook_error_log(hook_error_log, NULL, NULL, APR_HOOK_MIDDLE);
ap_hook_open_logs(modsec_open_logs, NULL, NULL, APR_HOOK_MIDDLE);
ap_hook_log_transaction(hook_log_transaction, NULL, transaction_afterme_list, APR_HOOK_MIDDLE);

/* Filter hooks */
Expand Down
74 changes: 74 additions & 0 deletions apache2/msc_logging.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2325,3 +2325,77 @@ void sec_audit_logger(modsec_rec *msr) {
}
#endif
}

int modsec_open_logs(apr_pool_t *pconf, apr_pool_t *p, apr_pool_t *ptemp, server_rec *s_main) {
directory_config *dcfg = ap_get_module_config(s_main->lookup_defaults, &security2_module);

if (dcfg->auditlog_name == NOT_SET_P) {
return OK;
}
if (dcfg->auditlog_name[0] == '|') {
const char *pipe_name = dcfg->auditlog_name + 1;
piped_log *pipe_log;

pipe_log = ap_open_piped_log(p, pipe_name);
if (pipe_log == NULL) {
ap_log_error(APLOG_MARK, APLOG_ERR, 0, NULL,
"ModSecurity: Failed to open the audit log pipe: %s", pipe_name);
return DONE;
}
dcfg->auditlog_fd = ap_piped_log_write_fd(pipe_log);
}
else {
const char *file_name = ap_server_root_relative(p, dcfg->auditlog_name);
apr_status_t rc;

if (dcfg->auditlog_fileperms == NOT_SET) {
dcfg->auditlog_fileperms = CREATEMODE;
}
rc = apr_file_open(&dcfg->auditlog_fd, file_name,
APR_WRITE | APR_APPEND | APR_CREATE | APR_BINARY,
dcfg->auditlog_fileperms, p);

if (rc != APR_SUCCESS) {
ap_log_error(APLOG_MARK, APLOG_ERR, 0, NULL,
"ModSecurity: Failed to open the audit log file: %s", file_name);
return DONE;
}
}

if (dcfg->auditlog2_name == NOT_SET_P) {
return OK;
}
if (dcfg->auditlog2_name[0] == '|') {
const char *pipe_name = ap_server_root_relative(p, dcfg->auditlog2_name + 1);
piped_log *pipe_log;

pipe_log = ap_open_piped_log(p, pipe_name);
if (pipe_log == NULL) {
ap_log_error(APLOG_MARK, APLOG_WARNING, 0, NULL,
"ModSecurity: Failed to open the secondary audit log pipe: %s",
pipe_name);
return OK;
}
dcfg->auditlog2_fd = ap_piped_log_write_fd(pipe_log);
}
else {
const char *file_name = ap_server_root_relative(p, dcfg->auditlog2_name);
apr_status_t rc;

if (dcfg->auditlog_fileperms == NOT_SET) {
dcfg->auditlog_fileperms = CREATEMODE;
}
rc = apr_file_open(&dcfg->auditlog2_fd, file_name,
APR_WRITE | APR_APPEND | APR_CREATE | APR_BINARY,
dcfg->auditlog_fileperms, p);

if (rc != APR_SUCCESS) {
ap_log_error(APLOG_MARK, APLOG_WARNING, 0, NULL,
"ModSecurity: Failed to open the secondary audit log file: %s",
file_name);
return OK;
}
}

return OK;
}
3 changes: 3 additions & 0 deletions apache2/msc_logging.h
View file
Original file line number Diff line number Diff line change
Expand Up @@ -43,6 +43,7 @@
#define AUDITLOG_PART_ENDMARKER 'Z'

#include "modsecurity.h"
#include "httpd.h"
#include "apr_pools.h"

int DSOLOCAL is_valid_parts_specification(char *p);
Expand All @@ -51,4 +52,6 @@ char DSOLOCAL *construct_log_vcombinedus_limited(modsec_rec *msr, int _limit, in

void DSOLOCAL sec_audit_logger(modsec_rec *msr);

int modsec_open_logs(apr_pool_t *pconf, apr_pool_t *p, apr_pool_t *ptemp, server_rec *s_main);

#endif

0 comments on commit 5698426

Please sign in to comment.