Skip to content

Fixed: ngx_http_read_client_request_body returned unexpected buffer type #22

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 6 commits into from
Jan 4, 2013
Merged

Fixed: ngx_http_read_client_request_body returned unexpected buffer type #22

merged 6 commits into from
Jan 4, 2013

Conversation

chaizhenhua
Copy link
Contributor

after request body phase, POSTed request body is saved in memory buffer chain and request_body_in_file_only option is ignored, so if other module set request_body_in_file_only on and call ngx_http_read_client_request_body after modsecurity handler, the module will receive unexpected buffer. for example http_dav_handler for PUT request.

@chaizhenhua
Fixed: ngx_http_read_client_request_body returned unexpected buffer type
77ccd0b 
- after post request is processed
the calling to ngx_http_read_client_request_body will ingore
r->request_body_in_file_only option, which is not expected.
@chaizhenhua
read client body in a better manner
5f97bec
@chaizhenhua
Added cleanup handler for finalize request
344ec7d
@kyprizel
Copy link

kyprizel commented Jan 3, 2013

Nice catch, but looks like there is a problem with modsecurity_read_body_cb.
I tested it with the following settings:

nginx:  client_max_body_size 10m;
ModSecurity: SecRequestBodyLimit 10048576;

Upload 5Mb file and always get the same error:

2013/01/04 00:55:16 [info] 27981#0: [client 127.0.0.1] ModSecurity: Request body is larger than the configured limit (10048576).. Deny with code (413)
 [hostname "standalone"] [uri "/test_post.php"] [unique_id "12345"]

@chaizhenhua
Copy link
Contributor Author

Fixed 'Request body is larger‘ error.

brenosilva added a commit that referenced this pull request Jan 4, 2013
@brenosilva
Merge pull request #22 from chaizhenhua/read_client_request_body
48030ca 
Fixed: ngx_http_read_client_request_body returned unexpected buffer type
@brenosilva brenosilva merged commit 48030ca into owasp-modsecurity:remotes/trunk Jan 4, 2013
@brenosilva
Copy link
Contributor

Applied. Thanks!

@brenosilva
Copy link
Contributor

Hello Sirs,

When applied this patch and run ab -n 1000 -c 1 "http://192.168.0.110/index.html" , i'm seeing a lot of seg faults in error.log.

Could you take a look ?

@brenosilva brenosilva mentioned this pull request Jan 9, 2013
Merged
@brenosilva
Copy link
Contributor

I'm going to build a new VM and redo my tests. My current VM is not 100%. Let's see

@brenosilva
Copy link
Contributor

I can confirm the issues in a fresh VM.

@brenosilva
Copy link
Contributor

OK. the bug (ab related one ) disappeared when disable SecAuditEngine... should be related to https://www.modsecurity.org/tracker/browse/MODSEC-374

@akamatgi akamatgi mentioned this pull request Mar 19, 2014
Closed
@ghost ghost mentioned this pull request Apr 19, 2014
Closed
@Menahem1 Menahem1 mentioned this pull request Feb 11, 2017
Closed
@wergoth wergoth mentioned this pull request Jul 25, 2017
Closed
@majordaw majordaw mentioned this pull request Sep 26, 2017
Closed
@monkburger monkburger mentioned this pull request Mar 10, 2018
Closed
@markblackman markblackman mentioned this pull request Jul 9, 2019
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@chaizhenhua @kyprizel @brenosilva