From 4765a3cd770f10c3d64e5b0b3710ef1071173067 Mon Sep 17 00:00:00 2001 From: ADD-SP Date: Thu, 7 Jul 2022 23:38:24 +0800 Subject: [PATCH] fix(*) compatible with `nginx-1.23.0` https://trac.nginx.org/nginx/ticket/2312 --- bison/parser.yacc | 6 +- inc/ngx_http_waf_module_check.h | 10 +- inc/ngx_http_waf_module_config.h | 17 ++-- inc/ngx_http_waf_module_core.h | 17 ++-- inc/ngx_http_waf_module_ip_trie.h | 6 +- inc/ngx_http_waf_module_lru_cache.h | 6 +- inc/ngx_http_waf_module_mem_pool.h | 6 +- inc/ngx_http_waf_module_type.h | 11 +-- inc/ngx_http_waf_module_under_attack.h | 8 +- inc/ngx_http_waf_module_util.h | 8 +- inc/ngx_http_waf_module_vm.h | 7 +- src/ngx_http_waf_module_check.c | 132 +++++++++++-------------- src/ngx_http_waf_module_under_attack.c | 106 +++++++++----------- 13 files changed, 152 insertions(+), 188 deletions(-) diff --git a/bison/parser.yacc b/bison/parser.yacc index cbcfd27f..1dcaa4e1 100644 --- a/bison/parser.yacc +++ b/bison/parser.yacc @@ -1,11 +1,11 @@ %{ + #include + #include + #include #include #include #include #include - #include - #include - #include int ngx_http_waf_lex (void); void ngx_http_waf_error (UT_array* array, ngx_pool_t* pool, const char* msg); void ngx_http_waf_gen_push_str_code(UT_array* array, char* str); diff --git a/inc/ngx_http_waf_module_check.h b/inc/ngx_http_waf_module_check.h index dfe58b27..f708cb4e 100644 --- a/inc/ngx_http_waf_module_check.h +++ b/inc/ngx_http_waf_module_check.h @@ -3,23 +3,17 @@ * @brief 检查诸如 IP,URL 等是否命中规则。 */ -#include -#include -#include -#include -#include -#include -#include #include #include #include #include #include +#include +#include #include #include #include - #ifndef NGX_HTTP_WAF_MODLULE_CHECK_H #define NGX_HTTP_WAF_MODLULE_CHECK_H diff --git a/inc/ngx_http_waf_module_config.h b/inc/ngx_http_waf_module_config.h index 8b8300ea..162117d2 100644 --- a/inc/ngx_http_waf_module_config.h +++ b/inc/ngx_http_waf_module_config.h @@ -3,14 +3,6 @@ * @brief 读取 nginx.conf 内的配置以及规则文件。 */ -#include - -#ifndef __STDC_WANT_LIB_EXT1__ -#define __STDC_WANT_LIB_EXT1__ 1 -#endif - -#include -#include #include #include #include @@ -22,9 +14,18 @@ #include +#ifndef __STDC_WANT_LIB_EXT1__ +#define __STDC_WANT_LIB_EXT1__ 1 +#endif + +#include +#include +#include + #ifndef NGX_HTTP_WAF_MODULE_CONFIG_H #define NGX_HTTP_WAF_MODULE_CONFIG_H + ngx_int_t ngx_http_waf_handler_access_phase(ngx_http_request_t* r); /** diff --git a/inc/ngx_http_waf_module_core.h b/inc/ngx_http_waf_module_core.h index b6ebc85f..2687a154 100644 --- a/inc/ngx_http_waf_module_core.h +++ b/inc/ngx_http_waf_module_core.h @@ -3,24 +3,23 @@ * @brief 配置块的初始化和请求检测函数。 */ -#include -#include -#include -#include -#include -#include -#include -#include -#include + #include #include #include #include #include +#include +#include +#include +#include + + #ifndef NGX_HTTP_WAF_MODULE_CORE_H #define NGX_HTTP_WAF_MODULE_CORE_H + /** * @defgroup core 核心模块 * @brief 配置块的初始化和请求检测函数。 diff --git a/inc/ngx_http_waf_module_ip_trie.h b/inc/ngx_http_waf_module_ip_trie.h index ea5b2235..f53fdce0 100644 --- a/inc/ngx_http_waf_module_ip_trie.h +++ b/inc/ngx_http_waf_module_ip_trie.h @@ -3,13 +3,13 @@ * @brief IP 前缀树。 */ -#ifndef NGX_HTTP_WAF_MODULE_IP_TRIE_h -#define NGX_HTTP_WAF_MODULE_IP_TRIE_h - #include #include #include +#ifndef NGX_HTTP_WAF_MODULE_IP_TRIE_h +#define NGX_HTTP_WAF_MODULE_IP_TRIE_h + /** * @defgroup ip_trie IP 前缀树 * @addtogroup ip_trie IP 前缀树 diff --git a/inc/ngx_http_waf_module_lru_cache.h b/inc/ngx_http_waf_module_lru_cache.h index 2130e693..14c37f27 100644 --- a/inc/ngx_http_waf_module_lru_cache.h +++ b/inc/ngx_http_waf_module_lru_cache.h @@ -3,13 +3,13 @@ * @brief LRU 缓存管理器 */ -#ifndef __NGX_HTTP_WAF_MODULE_LRU_CACHE_H__ -#define __NGX_HTTP_WAF_MODULE_LRU_CACHE_H__ - #include #include #include +#ifndef __NGX_HTTP_WAF_MODULE_LRU_CACHE_H__ +#define __NGX_HTTP_WAF_MODULE_LRU_CACHE_H__ + void lru_cache_init(lru_cache_t** lru, size_t capacity, mem_pool_type_e pool_type, void* native_pool); diff --git a/inc/ngx_http_waf_module_mem_pool.h b/inc/ngx_http_waf_module_mem_pool.h index d1b10cd0..4899cb84 100644 --- a/inc/ngx_http_waf_module_mem_pool.h +++ b/inc/ngx_http_waf_module_mem_pool.h @@ -3,13 +3,13 @@ * @brief 内存池 */ +#include +#include + #ifndef __NGX_HTTP_WAF_MODULE_MEMORY_POOL_H__ #define __NGX_HTTP_WAF_MODULE_MEMORY_POOL_H__ -#include -#include - /** * @brief 初始化一个内存池 diff --git a/inc/ngx_http_waf_module_type.h b/inc/ngx_http_waf_module_type.h index 76695e82..03ebde2e 100644 --- a/inc/ngx_http_waf_module_type.h +++ b/inc/ngx_http_waf_module_type.h @@ -3,21 +3,20 @@ * @brief 相关结构体的定义 */ -#include -#include -#include #include #include #include -#include -#include +// #include +// #include #include +#include +#include +#include #ifndef NGX_HTTP_WAF_MODULE_TYPE_H #define NGX_HTTP_WAF_MODULE_TYPE_H - /** * @typedef ngx_http_waf_check * @brief 请求检查函数的函数指针 diff --git a/inc/ngx_http_waf_module_under_attack.h b/inc/ngx_http_waf_module_under_attack.h index aac6c51b..109365e8 100644 --- a/inc/ngx_http_waf_module_under_attack.h +++ b/inc/ngx_http_waf_module_under_attack.h @@ -1,11 +1,11 @@ -#ifndef __NGX_HTTP_WAF_MODULE_UNDER_ATTACK_H__ -#define __NGX_HTTP_WAF_MODULE_UNDER_ATTACK_H__ - - #include #include #include +#ifndef __NGX_HTTP_WAF_MODULE_UNDER_ATTACK_H__ +#define __NGX_HTTP_WAF_MODULE_UNDER_ATTACK_H__ + + extern ngx_module_t ngx_http_waf_module; /**< 模块详情 */ /** diff --git a/inc/ngx_http_waf_module_util.h b/inc/ngx_http_waf_module_util.h index 5388b355..f476a9a5 100644 --- a/inc/ngx_http_waf_module_util.h +++ b/inc/ngx_http_waf_module_util.h @@ -3,14 +3,16 @@ * @brief IPV4 字符串解析,nginx 风格转化为 C 风格字符串。 */ -#ifndef NGX_HTTP_WAF_MODULE_UTIL_H -#define NGX_HTTP_WAF_MODULE_UTIL_H -#include #include #include +#include #include +#ifndef NGX_HTTP_WAF_MODULE_UTIL_H +#define NGX_HTTP_WAF_MODULE_UTIL_H + + /** * @defgroup util 工具代码 * @addtogroup util 工具代码 diff --git a/inc/ngx_http_waf_module_vm.h b/inc/ngx_http_waf_module_vm.h index 7a56d7fb..10318a59 100644 --- a/inc/ngx_http_waf_module_vm.h +++ b/inc/ngx_http_waf_module_vm.h @@ -1,16 +1,15 @@ -#ifndef __NGX_HTTP_WAF_MODULE_VM_H__ -#define __NGX_HTTP_WAF_MODULE_VM_H__ - #include #include #include #include -#include #include #include #include #include +#ifndef __NGX_HTTP_WAF_MODULE_VM_H__ +#define __NGX_HTTP_WAF_MODULE_VM_H__ + void ngx_http_waf_print_code(UT_array* array); diff --git a/src/ngx_http_waf_module_check.c b/src/ngx_http_waf_module_check.c index a67da4ad..145d91af 100644 --- a/src/ngx_http_waf_module_check.c +++ b/src/ngx_http_waf_module_check.c @@ -610,96 +610,74 @@ ngx_int_t ngx_http_waf_handler_check_black_cookie(ngx_http_request_t* r, ngx_int ngx_log_debug(NGX_LOG_DEBUG_CORE, r->connection->log, 0, "ngx_waf_debug: Because this Inspection is disabled in the configuration, no Inspection is performed."); ret_value = NGX_HTTP_WAF_NOT_MATCHED; - } else if (r->headers_in.cookies.nelts != 0) { - ngx_log_debug(NGX_LOG_DEBUG_CORE, r->connection->log, 0, - "ngx_waf_debug: Inspection has begun."); - - ngx_table_elt_t** ppcookie = r->headers_in.cookies.elts; - size_t i; - for (i = 0; i < r->headers_in.cookies.nelts; i++, ppcookie++) { - ngx_str_t* native_cookies = &((**ppcookie).value); - UT_array* cookies = NULL; - if (ngx_http_waf_parse_cookie(native_cookies, &cookies) != NGX_HTTP_WAF_SUCCESS) { - continue; - } - - ngx_str_t* key = NULL; - ngx_str_t* value = NULL; - ngx_str_t* p = NULL; - - do { - if (key = (ngx_str_t*)utarray_next(cookies, p), p = key, key == NULL) { - break; - } - - if (value = (ngx_str_t*)utarray_next(cookies, p), p = value, value == NULL) { - break; - } - - ngx_str_t temp; - temp.len = key->len + value->len; - temp.data = (u_char*)ngx_pcalloc(r->pool, sizeof(u_char*) * temp.len); - - if (temp.data == NULL) { - utarray_free(cookies); - goto exception; - } - - ngx_memcpy(temp.data, key->data, key->len); - ngx_memcpy(temp.data + key->len, value->data, sizeof(u_char) * value->len); + } else { +#if (nginx_version >= 1023000) + if (r->headers_in.cookie == NULL) { + return NGX_HTTP_WAF_NOT_MATCHED; + } - ngx_array_t* regex_array = loc_conf->black_cookie; - lru_cache_t* cache = loc_conf->black_cookie_inspection_cache; + ngx_table_elt_t* p = r->headers_in.cookie; - ret_value = ngx_http_waf_regex_exec_arrray_sqli_xss(r, - &temp, - regex_array, - (u_char*)"BLACK-COOKIE", - cache, - NGX_HTTP_WAF_TRUE, - NGX_HTTP_WAF_TRUE); + for (p = r->headers_in.cookie; p != NULL; p = p->next) { + size_t len = p->key.len + p->value.len + 1; + u_char* buf = ngx_pcalloc(r->pool, sizeof(u_char) * (len + 1)); - if (ret_value != NGX_HTTP_WAF_MATCHED) { - ret_value = ngx_http_waf_regex_exec_arrray_sqli_xss(r, - key, - regex_array, - (u_char*)"BLACK-COOKIE", - cache, - NGX_HTTP_WAF_TRUE, - NGX_HTTP_WAF_TRUE); - } + size_t offset = 0; + ngx_memcpy(buf + offset, p->key.data, sizeof(u_char) * p->key.len); - if (ret_value != NGX_HTTP_WAF_MATCHED) { - ret_value = ngx_http_waf_regex_exec_arrray_sqli_xss(r, - value, - regex_array, - (u_char*)"BLACK-COOKIE", - cache, - NGX_HTTP_WAF_TRUE, - NGX_HTTP_WAF_TRUE); - } + offset += sizeof(u_char) * p->key.len; + buf[offset] = '='; - ngx_pfree(r->pool, temp.data); - - if (ret_value == NGX_HTTP_WAF_MATCHED) { - ctx->blocked = NGX_HTTP_WAF_TRUE; - *out_http_status = loc_conf->waf_http_status; - break; - } + ++offset; + ngx_memcpy(buf + offset, p->value.data, sizeof(u_char) * p->value.len); - } while (p != NULL); + ngx_str_t cookie; + cookie.len = len; + cookie.data = buf; - utarray_free(cookies); + ngx_array_t* regex_array = loc_conf->black_cookie; + lru_cache_t* cache = loc_conf->black_cookie_inspection_cache; + ret_value = ngx_http_waf_regex_exec_arrray_sqli_xss(r, + &cookie, + regex_array, + (u_char*)"BLACK-COOKIE", + cache, + NGX_HTTP_WAF_TRUE, + NGX_HTTP_WAF_TRUE); - if (ctx->blocked == NGX_HTTP_WAF_TRUE) { + if (ret_value == NGX_HTTP_WAF_MATCHED) { + ctx->blocked = 1; + *out_http_status = loc_conf->waf_http_status; break; } } + #else + if (r->headers_in.cookies.nelts == 0) { + return NGX_HTTP_WAF_NOT_MATCHED; + } - exception: + ngx_table_elt_t** ppcookie = r->headers_in.cookies.elts; + size_t i; + for (i = 0; i < r->headers_in.cookies.nelts; i++, ppcookie++) { + ngx_str_t* native_cookies = &((**ppcookie).value); - ngx_log_debug(NGX_LOG_DEBUG_CORE, r->connection->log, 0, - "ngx_waf_debug: Inspection is over."); + ngx_array_t* regex_array = loc_conf->black_cookie; + lru_cache_t* cache = loc_conf->black_cookie_inspection_cache; + ret_value = ngx_http_waf_regex_exec_arrray_sqli_xss(r, + native_cookies, + regex_array, + (u_char*)"BLACK-COOKIE", + cache, + NGX_HTTP_WAF_TRUE, + NGX_HTTP_WAF_TRUE); + + if (ret_value == NGX_HTTP_WAF_MATCHED) { + ctx->blocked = 1; + *out_http_status = loc_conf->waf_http_status; + break; + } + } +#endif } ngx_log_debug(NGX_LOG_DEBUG_CORE, r->connection->log, 0, diff --git a/src/ngx_http_waf_module_under_attack.c b/src/ngx_http_waf_module_under_attack.c index ad0354de..6a64ef0c 100644 --- a/src/ngx_http_waf_module_under_attack.c +++ b/src/ngx_http_waf_module_under_attack.c @@ -30,7 +30,6 @@ ngx_int_t ngx_http_waf_check_under_attack(ngx_http_request_t* r, ngx_int_t* out_ ngx_log_debug(NGX_LOG_DEBUG_CORE, r->connection->log, 0, "ngx_waf_debug: Begin the processing flow."); - ngx_table_elt_t **ppcookie = (ngx_table_elt_t **)(r->headers_in.cookies.elts); ngx_str_t __waf_under_attack_time = { 0, NULL }; ngx_str_t __waf_under_attack_uid = { 0, NULL }; ngx_str_t __waf_under_attack_verification = { 0, NULL }; @@ -38,64 +37,57 @@ ngx_int_t ngx_http_waf_check_under_attack(ngx_http_request_t* r, ngx_int_t* out_ ngx_log_debug(NGX_LOG_DEBUG_CORE, r->connection->log, 0, "ngx_waf_debug: Start parsing cookies."); - for (size_t i = 0; i < r->headers_in.cookies.nelts; i++, ppcookie++) { - ngx_table_elt_t *native_cookie = *ppcookie; - UT_array* cookies = NULL; - if (ngx_http_waf_parse_cookie(&(native_cookie->value), &cookies) != NGX_HTTP_WAF_SUCCESS) { - continue; +#if (nginx_version >= 1023000) + if (r->headers_in.cookie != NULL) { + ngx_table_elt_t* cookies = r->headers_in.cookie; +#else + if (r->headers_in.cookies.nelts > 0) { + ngx_array_t* cookies = &(r->headers_in.cookies); +#endif + ngx_str_t key, value; + + + ngx_str_set(&key, "__waf_under_attack_time"); + ngx_str_null(&value); + +#if (nginx_version >= 1023000) + if (ngx_http_parse_multi_header_lines(r, cookies, &key, &value) != NULL) { +#else + if (ngx_http_parse_multi_header_lines(cookies, &key, &value) != NGX_DECLINED) { +#endif + __waf_under_attack_time.data = ngx_pcalloc(r->pool, value.len + 1); + __waf_under_attack_time.len = value.len; + ngx_memcpy(__waf_under_attack_time.data, value.data, value.len); + } - ngx_str_t* key = NULL; - ngx_str_t* value = NULL; - ngx_str_t* p = NULL; - - do { - if (key = (ngx_str_t*)utarray_next(cookies, p), p = key, key == NULL) { - break; - } - - if (value = (ngx_str_t*)utarray_next(cookies, p), p = value, value == NULL) { - break; - } - - if (ngx_strcmp(key->data, "__waf_under_attack_time") == 0) { - ngx_log_debug(NGX_LOG_DEBUG_CORE, r->connection->log, 0, - "ngx_waf_debug: Being parsed __waf_under_attack_time."); - __waf_under_attack_time.data = ngx_pnalloc(r->pool, sizeof(u_char) * (NGX_HTTP_WAF_UNDER_ATTACH_TIME_LEN + 1)); - ngx_memzero(__waf_under_attack_time.data, sizeof(u_char) * (NGX_HTTP_WAF_UNDER_ATTACH_TIME_LEN + 1)); - ngx_memcpy(__waf_under_attack_time.data, value->data, - sizeof(u_char) * ngx_min(value->len, NGX_HTTP_WAF_UNDER_ATTACH_TIME_LEN)); - __waf_under_attack_time.len = value->len; - ngx_log_debug(NGX_LOG_DEBUG_CORE, r->connection->log, 0, - "ngx_waf_debug: Successfully get __waf_under_attack_time."); - } - else if (ngx_strcmp(key->data, "__waf_under_attack_uid") == 0) { - ngx_log_debug(NGX_LOG_DEBUG_CORE, r->connection->log, 0, - "ngx_waf_debug: Being parsed __waf_under_attack_uid."); - size_t len = ngx_min(value->len, NGX_HTTP_WAF_UNDER_ATTACH_UID_LEN); - __waf_under_attack_uid.data = ngx_pnalloc(r->pool, sizeof(u_char) * (len + 1)); - ngx_memzero(__waf_under_attack_uid.data, sizeof(u_char) * (len + 1)); - ngx_memcpy(__waf_under_attack_uid.data, value->data, sizeof(u_char) * len); - __waf_under_attack_uid.len = value->len; - ngx_log_debug(NGX_LOG_DEBUG_CORE, r->connection->log, 0, - "ngx_waf_debug: Successfully get __waf_under_attack_uid."); - } - else if (ngx_strcmp(key->data, "__waf_under_attack_verification") == 0) { - ngx_log_debug(NGX_LOG_DEBUG_CORE, r->connection->log, 0, - "ngx_waf_debug: Being parsed __waf_under_attack_verification."); - size_t len = ngx_min(value->len, NGX_HTTP_WAF_SHA256_HEX_LEN); - __waf_under_attack_verification.data = ngx_pnalloc(r->pool, sizeof(u_char) * (len + 1)); - ngx_memzero(__waf_under_attack_verification.data, sizeof(u_char) * (len + 1)); - ngx_memcpy(__waf_under_attack_verification.data, value->data, sizeof(u_char) * len); - __waf_under_attack_verification.len = value->len; - ngx_log_debug(NGX_LOG_DEBUG_CORE, r->connection->log, 0, - "ngx_waf_debug: Successfully get __waf_under_attack_verification."); - } - - } while (p != NULL); - - - utarray_free(cookies); + ngx_str_set(&key, "__waf_under_attack_uid"); + ngx_str_null(&value); + +#if (nginx_version >= 1023000) + if (ngx_http_parse_multi_header_lines(r, cookies, &key, &value) != NULL) { +#else + if (ngx_http_parse_multi_header_lines(cookies, &key, &value) != NGX_DECLINED) { +#endif + __waf_under_attack_uid.data = ngx_pcalloc(r->pool, value.len + 1); + __waf_under_attack_uid.len = value.len; + ngx_memcpy(__waf_under_attack_uid.data, value.data, value.len); + + } + + ngx_str_set(&key, "__waf_under_attack_verification"); + ngx_str_null(&value); + +#if (nginx_version >= 1023000) + if (ngx_http_parse_multi_header_lines(r, cookies, &key, &value) != NULL) { +#else + if (ngx_http_parse_multi_header_lines(cookies, &key, &value) != NGX_DECLINED) { +#endif + __waf_under_attack_verification.data = ngx_pcalloc(r->pool, value.len + 1); + __waf_under_attack_verification.len = value.len; + ngx_memcpy(__waf_under_attack_verification.data, value.data, value.len); + + } }