~guilhem-fr/nginx/naxsi

« back to all changes in this revision

Viewing changes to naxsi_runtime.c

Committer: orixxx at gmail
Date: 2013-05-10 15:32:53 UTC
Revision ID: svn-v4:38cfc0d1-1855-38ab-c664-02d32d4e92d7:trunk/naxsi_src:597

Fixing multi-line logs :)

files modified:
naxsi_runtime.c

Show diffs side-by-side

added added

removed removed

naxsi_runtime.c

575

ngx_http_request_t *r,

576

ngx_array_t *ostr, ngx_str_t **ret_uri)

577

{

578

u_int /*len,*/ sz_left, sub, offset = 0, seed = 0, i;

578

u_int sz_left, sub, psub, offset = 0, seed = 0, i;

579

ngx_str_t *fragment, *tmp_uri;

580

const char *fmt_base = "ip=%.*s&server=%.*s&uri=%.*s&learning=%d&vers=%.*s&total_processed=%zu&total_blocked=%zu";

581

const char *fmt_rm = "&zone%d=%s&id%d=%d&var_name%d=%.*s";

620

if (ctx->matched) {

621

mr = ctx->matched->elts;

622

sub = 0;

623

for (i = 0; i < ctx->matched->nelts; i++) {

623

i = 0;

624

do {

624

625

memset(tmp_zone, 0, 30);

625

626

if (mr[i].body_var)

626

627

strcat(tmp_zone, "BODY");

640

641

642

** This one would not fit :

642

643

** append a seed to the current fragment,

643

** store it, and start a new one

644

** and start a new one

644

645

646

if (sub >= sz_left)

646

647

{

647

648

** if event's len alone cannot fit in maximum size,

649

** truncate it. Don't even warn the user, as

650

** it has no chance of being legitimate,

651

652

if (sub >= MAX_LINE_SIZE - MAX_SEED_LEN) {

653

sub = snprintf((char *)fragment->data+offset, sz_left,

654

fmt_rm, i, tmp_zone, i, mr[i].rule->rule_id, i,

655

mr[i].name->len, mr[i].name->data);

656

offset += (sz_left-1);

657

sz_left = 0;

658

659

** if it's the only one, don't append a seed,

660

** this would cause fake missing lines

661

662

if (i+1 >= ctx->matched->nelts)

663

break;

664

}

665

/* else, append it to next fragment. */

666

else

667

i--;

668

/* not real random, just to avoid collisions,

648

psub = sub;

649

650

** not real random, just to avoid collisions,

669

651

** seed are used as link, as 2 random seeds can be

670

652

** present per string

671

653

681

663

sub = snprintf((char *)fragment->data, MAX_SEED_LEN, "seed_end=%d", seed);

682

664

sz_left = MAX_LINE_SIZE - sub;

683

665

offset = sub;

666

/* if it did not fit because the event itself is too big,

667

truncate it, and append to the new fragment */

668

if (psub > MAX_LINE_SIZE - MAX_SEED_LEN - 1) {

669

sub = snprintf((char *)fragment->data+offset, sz_left,

670

fmt_rm, i, tmp_zone, i, mr[i].rule->rule_id, i,

671

mr[i].name->len, mr[i].name->data);

672

offset = sz_left - 1;

673

sz_left = 0;

674

i++;

675

}

684

676

continue;

685

677

}

686

678

sub = snprintf((char *)fragment->data+offset, sz_left,

688

680

mr[i].name->len, mr[i].name->data);

689

681

sz_left -= sub;

690

682

offset += sub;

691

692

}

683

i += 1;

684

} while(i < ctx->matched->nelts);

685

} else {

686

ngx_log_error(NGX_LOG_ERR, r->connection->log,

687

0, "NAXSI_FMT: NOTHING TO MATCH ?!");

693

688

}

694

fragment->len = offset+sub;

689

fragment->len = offset;

695

690

return (NGX_HTTP_OK);

696

691

}

697

692

Older »