@@ -33,14 +33,12 @@ ngx_http_modsecurity_body_filter_init(void)
3333
3434 return NGX_OK ;
3535}
36+
3637ngx_int_t
3738ngx_http_modsecurity_body_filter (ngx_http_request_t * r , ngx_chain_t * in )
3839{
39- ngx_http_modsecurity_ctx_t * ctx = NULL ;
4040 ngx_chain_t * chain = in ;
41- ngx_int_t ret ;
42- ngx_pool_t * old_pool ;
43- ngx_int_t is_request_processed = 0 ;
41+ ngx_http_modsecurity_ctx_t * ctx = NULL ;
4442#if defined(MODSECURITY_SANITY_CHECKS ) && (MODSECURITY_SANITY_CHECKS )
4543 ngx_http_modsecurity_conf_t * mcf ;
4644 ngx_list_part_t * part = & r -> headers_out .headers .part ;
@@ -49,18 +47,14 @@ ngx_http_modsecurity_body_filter(ngx_http_request_t *r, ngx_chain_t *in)
4947#endif
5048
5149 if (in == NULL ) {
52- ngx_log_debug0 (NGX_LOG_DEBUG_HTTP , r -> connection -> log , 0 , "MDS input chain is null" );
53-
5450 return ngx_http_next_body_filter (r , in );
5551 }
5652
57- /* get context for request */
58- ctx = ngx_http_modsecurity_get_module_ctx ( r );
53+ ctx = ngx_http_get_module_ctx ( r , ngx_http_modsecurity_module );
54+
5955 dd ("body filter, recovering ctx: %p" , ctx );
6056
61- if (ctx == NULL || r -> filter_finalize || ctx -> response_body_filtered ) {
62- if (ctx && ctx -> response_body_filtered )
63- r -> filter_finalize = 1 ;
57+ if (ctx == NULL ) {
6458 return ngx_http_next_body_filter (r , in );
6559 }
6660
@@ -146,81 +140,47 @@ ngx_http_modsecurity_body_filter(ngx_http_request_t *r, ngx_chain_t *in)
146140 }
147141#endif
148142
149- for (chain = in ; chain != NULL ; chain = chain -> next ) {
150-
151- ngx_buf_t * copy_buf ;
152- ngx_chain_t * copy_chain ;
153- is_request_processed = chain -> buf -> last_buf ;
143+ int is_request_processed = 0 ;
144+ for (; chain != NULL ; chain = chain -> next )
145+ {
154146 u_char * data = chain -> buf -> pos ;
155- msc_append_response_body ( ctx -> modsec_transaction , data ,
156- chain -> buf -> last - data );
157- ret = ngx_http_modsecurity_process_intervention (ctx -> modsec_transaction ,
158- r , 0 );
147+ int ret ;
148+
149+ msc_append_response_body (ctx -> modsec_transaction , data , chain -> buf -> last - data );
150+ ret = ngx_http_modsecurity_process_intervention ( ctx -> modsec_transaction , r , 0 );
159151 if (ret > 0 ) {
160152 return ngx_http_filter_finalize_request (r ,
161153 & ngx_http_modsecurity_module , ret );
162154 }
163- if (!chain -> buf -> last_buf ){
164- copy_chain = ngx_alloc_chain_link (r -> pool );
165- if (copy_chain == NULL ) {
166- return NGX_ERROR ;
167- }
168- copy_buf = ngx_calloc_buf (r -> pool );
169- if (copy_buf == NULL ) {
170- return NGX_ERROR ;
171- }
172- copy_buf -> pos = chain -> buf -> pos ;
173- copy_buf -> end = chain -> buf -> end ;
174- copy_buf -> last = chain -> buf -> last ;
175- copy_buf -> temporary = (chain -> buf -> temporary == 1 ) ? 1 : 0 ;
176- copy_buf -> memory = (chain -> buf -> memory == 1 ) ? 1 : 0 ;
177- copy_chain -> buf = copy_buf ;
178- copy_chain -> buf -> last_buf = chain -> buf -> last_buf ;
179- copy_chain -> next = NULL ;
180- chain -> buf -> pos = chain -> buf -> last ;
181- }
182- else
183- copy_chain = chain ;
184- if (ctx -> temp_chain == NULL ) {
185- ctx -> temp_chain = copy_chain ;
186- } else {
187- if (ctx -> current_chain == NULL ) {
188- ctx -> temp_chain -> next = copy_chain ;
189- ctx -> temp_chain -> buf -> last_buf = 0 ;
190- } else {
191- ctx -> current_chain -> next = copy_chain ;
192- ctx -> current_chain -> buf -> last_buf = 0 ;
193- }
194- ctx -> current_chain = copy_chain ;
195- }
196155
197- }
156+ /* XXX: chain->buf->last_buf || chain->buf->last_in_chain */
157+ is_request_processed = chain -> buf -> last_buf ;
198158
199- if (is_request_processed ) {
200- old_pool = ngx_http_modsecurity_pcre_malloc_init (r -> pool );
201- msc_process_response_body (ctx -> modsec_transaction );
202- ngx_http_modsecurity_pcre_malloc_done (old_pool );
203- ret = ngx_http_modsecurity_process_intervention (ctx -> modsec_transaction , r , 0 );
204- if (ret > 0 ) {
205- if (ret < NGX_HTTP_BAD_REQUEST && ctx -> header_pt != NULL ){
206- ctx -> header_pt (r );
207- }
208- else {
209- ctx -> response_body_filtered = 1 ;
210- return ngx_http_filter_finalize_request (r ,
211- & ngx_http_modsecurity_module
212- , ret );
213- }
214- } else if (ret < 0 ) {
215- ctx -> response_body_filtered = 1 ;
216- return ngx_http_filter_finalize_request (r ,
159+ if (is_request_processed ) {
160+ ngx_pool_t * old_pool ;
161+
162+ old_pool = ngx_http_modsecurity_pcre_malloc_init (r -> pool );
163+ msc_process_response_body (ctx -> modsec_transaction );
164+ ngx_http_modsecurity_pcre_malloc_done (old_pool );
165+
166+ /* XXX: I don't get how body from modsec being transferred to nginx's buffer. If so - after adjusting of nginx's
167+ XXX: body we can proceed to adjust body size (content-length). see xslt_body_filter() for example */
168+ ret = ngx_http_modsecurity_process_intervention (ctx -> modsec_transaction , r , 0 );
169+ if (ret > 0 ) {
170+ return ret ;
171+ }
172+ else if (ret < 0 ) {
173+ return ngx_http_filter_finalize_request (r ,
217174 & ngx_http_modsecurity_module , NGX_HTTP_INTERNAL_SERVER_ERROR );
175+
176+ }
218177 }
219- ctx -> response_body_filtered = 1 ;
220- if (ctx -> header_pt != NULL )
221- ctx -> header_pt (r );
222- return ngx_http_next_body_filter (r , ctx -> temp_chain );
223- } else {
224- return NGX_AGAIN ;
225178 }
179+ if (!is_request_processed )
180+ {
181+ dd ("buffer was not fully loaded! ctx: %p" , ctx );
182+ }
183+
184+ /* XXX: xflt_filter() -- return NGX_OK here */
185+ return ngx_http_next_body_filter (r , in );
226186}
0 commit comments