[packages/nginx] - modsecurity fixing patch (https://github.com/SpiderLabs/ModSecurity/issues/582)

Sat Aug 1 00:01:00 CEST 2015

commit 7ce2935cc5ca3aa2ea15cd8707127c32b343fc22
Author: Adam Osuchowski <adwol at pld-linux.org>
Date:   Fri Jul 31 23:59:24 2015 +0200

    - modsecurity fixing patch (https://github.com/SpiderLabs/ModSecurity/issues/582)

 nginx-modsecurity-xheaders.patch | 83 ++++++++++++++++++++++++++++++++++++++++
 nginx.spec                       |  2 +
 2 files changed, 85 insertions(+)
---

diff --git a/nginx.spec b/nginx.spec
index ad59d5c..0f24de2 100644
--- a/nginx.spec
+++ b/nginx.spec
@@ -65,6 +65,7 @@ Source22:	http://www.modsecurity.org/tarball/%{modsecurity_version}/modsecurity-
 Source101:	https://github.com/arut/nginx-rtmp-module/archive/v%{rtmp_version}/nginx-rtmp-module-%{rtmp_version}.tar.gz
 # Source101-md5:	8006de2560db3e55bb15d110220076ac
 Patch0:		%{name}-no-Werror.patch
+Patch1:		%{name}-modsecurity-xheaders.patch
 URL:		http://nginx.net/
 %{?with_modsecurity:BuildRequires: lua-devel}
 BuildRequires:	mailcap
@@ -283,6 +284,7 @@ Plik monitrc do monitorowania serwera WWW nginx.
 %prep
 %setup -q %{?with_rtmp:-a101} %{?with_modsecurity:-a22}
 %patch0 -p0
+%{?with_modsecurity:%patch1 -p0}
 
 %if %{with rtmp}
 mv nginx-rtmp-module-%{rtmp_version} nginx-rtmp-module
diff --git a/nginx-modsecurity-xheaders.patch b/nginx-modsecurity-xheaders.patch
new file mode 100644
index 0000000..1391d17
--- /dev/null
+++ b/nginx-modsecurity-xheaders.patch
@@ -0,0 +1,83 @@
+diff -ruNp modsecurity-2.9.0.orig/nginx/modsecurity/ngx_http_modsecurity.c modsecurity-2.9.0/nginx/modsecurity/ngx_http_modsecurity.c
+--- modsecurity-2.9.0.orig/nginx/modsecurity/ngx_http_modsecurity.c	2015-02-12 20:08:31.000000000 +0100
++++ modsecurity-2.9.0/nginx/modsecurity/ngx_http_modsecurity.c	2015-07-31 23:34:31.601688075 +0200
+@@ -28,6 +28,7 @@
+ 
+ typedef struct {
+     ngx_flag_t                  enable;
++    ngx_flag_t                  x_headers;
+     directory_config            *config;
+ 
+     ngx_str_t                   *file;
+@@ -83,6 +84,12 @@ static ngx_command_t  ngx_http_modsecuri
+     NGX_HTTP_LOC_CONF_OFFSET,
+     offsetof(ngx_http_modsecurity_loc_conf_t, enable),
+     NULL },
++  { ngx_string("ModSecurityXHeaders"),
++    NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_HTTP_SIF_CONF|NGX_HTTP_LOC_CONF|NGX_HTTP_LIF_CONF|NGX_CONF_TAKE1,
++    ngx_conf_set_flag_slot,
++    NGX_HTTP_LOC_CONF_OFFSET,
++    offsetof(ngx_http_modsecurity_loc_conf_t, x_headers),
++    NULL },
+   ngx_null_command
+ };
+ 
+@@ -432,7 +439,11 @@ ngx_http_modsecurity_save_headers_in_vis
+     }
+ 
+     ngx_strlow(h->lowcase_key, h->key.data, h->key.len);
++    h->lowcase_key[h->key.len] = '\0';
+ 
++    if (!ngx_strcmp(h->lowcase_key, "host"))
++        return 1;
++ 
+     h->hash = ngx_hash_key(h->lowcase_key, h->key.len);
+ 
+     cmcf = ngx_http_get_module_main_conf(r, ngx_http_core_module);
+@@ -737,8 +748,10 @@ ngx_http_modsecurity_save_headers_out_vi
+     ngx_table_elt_t                *h, he;
+     ngx_http_upstream_header_t     *hh;
+     ngx_http_upstream_main_conf_t  *umcf;
++    ngx_table_elt_t                *tmp_header;
+ 
+     umcf = ngx_http_get_module_main_conf(r, ngx_http_upstream_module);
++    ngx_http_modsecurity_loc_conf_t *conf = ngx_http_get_module_loc_conf(r, ngx_http_modsecurity);
+ 
+     h = &he;
+ 
+@@ -755,6 +768,19 @@ ngx_http_modsecurity_save_headers_out_vi
+ 
+     ngx_strlow(h->lowcase_key, h->key.data, h->key.len);
+ 
++    if (conf->x_headers) {
++        h->lowcase_key[h->key.len] = '\0';
++        if (h->lowcase_key[0] == 'x' &&
++            h->lowcase_key[1] == '-') {
++
++            tmp_header = ngx_list_push(&r->headers_out.headers);
++            tmp_header->key = h->key;
++            tmp_header->value = h->value;
++            tmp_header->hash = 1;
++            return 1;
++        }
++    }
++
+     h->hash = ngx_hash_key(h->lowcase_key, h->key.len);
+ 
+     hh = ngx_hash_find(&umcf->headers_in_hash, h->hash,
+@@ -810,6 +836,7 @@ ngx_http_modsecurity_create_loc_conf(ngx
+ 
+     conf->config = NGX_CONF_UNSET_PTR;
+     conf->enable = NGX_CONF_UNSET;
++    conf->x_headers = NGX_CONF_UNSET;
+ 
+     return conf;
+ }
+@@ -823,6 +850,7 @@ ngx_http_modsecurity_merge_loc_conf(ngx_
+     ngx_http_modsecurity_loc_conf_t  *conf = child;
+ 
+     ngx_conf_merge_value(conf->enable, prev->enable, 0);
++    ngx_conf_merge_value(conf->x_headers, prev->x_headers, 0);
+     ngx_conf_merge_ptr_value(conf->config, prev->config, NULL);
+ 
+     if (conf->enable && conf->config == NULL) {
================================================================

---- gitweb:

http://git.pld-linux.org/gitweb.cgi/packages/nginx.git/commitdiff/7ce2935cc5ca3aa2ea15cd8707127c32b343fc22

