Merge branch 'master' into fix/conf_cleanup_pool

AirisX · web-flow · commit 7efd4f0ca9d5 · 2018-04-05T16:42:54.000+04:00
diff --git a/.travis.yml b/.travis.yml
@@ -16,8 +16,8 @@ addons:
     - liblmdb-dev
 
 env:
-  - VER_NGINX=1.13.4
-  - VER_NGINX=1.12.1
+  - VER_NGINX=1.13.10
+  - VER_NGINX=1.12.2
 
 before_script:
   - cd ..
diff --git a/AUTHORS b/AUTHORS
@@ -1 +1,2 @@
 zimmerle = Felipe Zimmerle <felipe@zimmerle.org>
+defanator = Andrei Belov <defanator@gmail.com>
diff --git a/CHANGES b/CHANGES
@@ -1,5 +1,16 @@
-DD mmm YYYY  - 1.0.0
+v1.0.x - YYYY-MMM-DD (To be released)
+-------------------------------------
+
+ - Fix memory leak in intervention processing
+   [Issue #100 - @defanator]
+ - Emit connector version in error log
+   [Issue #88 - @defanator]
+ - Fixed memory leak on config cleanup.
+   [Issue #80 - @AirisX, @defanator]
+
+
+v1.0.0 - 2017-Dec-20
 --------------------
 
- * First version of the ModSecurity-nginx 
-   [Felipe Zimmerle]
+ - First version of ModSecurity-nginx connector
+
diff --git a/release.sh b/release.sh
@@ -0,0 +1,20 @@
+#!/bin/bash
+
+git clean -xfdi
+git submodule foreach --recursive git clean -xfdi
+
+VERSION=`git describe --tags`
+DIR_NAME="modsecurity-nginx-$VERSION"
+TAR_NAME="modsecurity-nginx-$VERSION.tar.gz"
+
+MY_DIR=${PWD##*/}
+
+cd ..
+tar --transform "s/^$MY_DIR/$DIR_NAME/" -cvzf $TAR_NAME --exclude .git $MY_DIR
+
+sha256sum $TAR_NAME > $TAR_NAME.sha256
+gpg --detach-sign -a $TAR_NAME
+
+cd -
+echo $TAR_NAME ": done."
+
diff --git a/src/ngx_http_modsecurity_common.h b/src/ngx_http_modsecurity_common.h
@@ -26,6 +26,37 @@
 #include <modsecurity/transaction.h>
 #include <modsecurity/rules.h>
 
+
+/**
+ * TAG_NUM:
+ *
+ * Alpha  - 001
+ * Beta   - 002
+ * Dev    - 010
+ * Rc1    - 051
+ * Rc2    - 052
+ * ...    - ...
+ * Release- 100
+ *
+ */
+
+#define MODSECURITY_NGINX_MAJOR "1"
+#define MODSECURITY_NGINX_MINOR "0"
+#define MODSECURITY_NGINX_PATCHLEVEL "0"
+#define MODSECURITY_NGINX_TAG ""
+#define MODSECURITY_NGINX_TAG_NUM "100"
+
+#define MODSECURITY_NGINX_VERSION MODSECURITY_NGINX_MAJOR "." \
+    MODSECURITY_NGINX_MINOR "." MODSECURITY_NGINX_PATCHLEVEL \
+    MODSECURITY_NGINX_TAG
+
+#define MODSECURITY_NGINX_VERSION_NUM MODSECURITY_NGINX_MAJOR \
+    MODSECURITY_NGINX_MINOR MODSECURITY_NGINX_PATCHLEVEL \
+    MODSECURITY_NGINX_TAG_NUM
+
+#define MODSECURITY_NGINX_WHOAMI "ModSecurity-nginx v" \
+    MODSECURITY_NGINX_VERSION
+
 typedef struct {
     ngx_str_t name;
     ngx_str_t value;
diff --git a/src/ngx_http_modsecurity_module.c b/src/ngx_http_modsecurity_module.c
@@ -132,6 +132,7 @@ ngx_inline char *ngx_str_to_char(ngx_str_t a, ngx_pool_t *p)
 ngx_inline int
 ngx_http_modsecurity_process_intervention (Transaction *transaction, ngx_http_request_t *r)
 {
+    char *log = NULL;
     ModSecurityIntervention intervention;
     intervention.status = 200;
     intervention.url = NULL;
@@ -145,11 +146,16 @@ ngx_http_modsecurity_process_intervention (Transaction *transaction, ngx_http_re
         return 0;
     }
 
+    log = intervention.log;
     if (intervention.log == NULL) {
-        intervention.log = "(no log message was specified)";
+        log = "(no log message was specified)";
     }
 
-    ngx_log_error(NGX_LOG_WARN, (ngx_log_t *)r->connection->log, 0, "%s", intervention.log);
+    ngx_log_error(NGX_LOG_WARN, (ngx_log_t *)r->connection->log, 0, "%s", log);
+
+    if (intervention.log != NULL) {
+        free(intervention.log);
+    }
 
     if (intervention.url != NULL)
     {
@@ -496,6 +502,8 @@ ngx_http_modsecurity_create_main_conf(ngx_conf_t *cf)
 {
     ngx_http_modsecurity_conf_t *conf;
 
+    ngx_log_error(NGX_LOG_NOTICE, cf->log, 0, MODSECURITY_NGINX_WHOAMI);
+
     /* ngx_pcalloc already sets all of this scructure to zeros. */
     conf = ngx_http_modsecurity_create_conf(cf);
 
@@ -515,7 +523,7 @@ ngx_http_modsecurity_create_main_conf(ngx_conf_t *cf)
     }
 
     /* Provide our connector information to LibModSecurity */
-    msc_set_connector_info(conf->modsec, "ModSecurity-nginx v0.1.1-beta");
+    msc_set_connector_info(conf->modsec, MODSECURITY_NGINX_WHOAMI);
     msc_set_log_cb(conf->modsec, ngx_http_modsecurity_log);
 
     return conf;
@@ -545,6 +553,7 @@ static void *ngx_http_modsecurity_create_conf(ngx_conf_t *cf)
     conf->enable = NGX_CONF_UNSET;
     conf->sanity_checks_enabled = NGX_CONF_UNSET;
     conf->rules_set = msc_create_rules_set();
+    conf->modsec = NULL;
     conf->pool = cf->pool;
 
     cln = ngx_pool_cleanup_add(cf->pool, 0);
@@ -652,9 +661,11 @@ ngx_http_modsecurity_config_cleanup(void *data)
 
     old_pool = ngx_http_modsecurity_pcre_malloc_init(t->pool);
     msc_rules_cleanup(t->rules_set);
+    msc_cleanup(t->modsec);
     ngx_http_modsecurity_pcre_malloc_done(old_pool);
 
     t->rules_set = NULL;
+    t->modsec = NULL;
 }
 
 

Original file line number	Diff line number	Diff line change
`@@ -1 +1,2 @@`
`1`	`1`	`zimmerle = Felipe Zimmerle <[email protected]>`
	`2`	`+defanator = Andrei Belov <[email protected]>`