Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Browse files

Obtain port from r->connection->local_sockaddr.

This eliminates segfaults caused by unset (NULL) r->port_start
and non-NULL r->port_end. In fact, r->port_start is always NULL,
so it is useless to rely on this pointer.
  • Loading branch information...
commit b058a9f8ba90849262302a9e987d021bad02de84 1 parent db20746
@defanator defanator authored zimmerle committed
Showing with 29 additions and 5 deletions.
  1. +29 −5 nginx/modsecurity/ngx_http_modsecurity.c
View
34 nginx/modsecurity/ngx_http_modsecurity.c
@@ -279,9 +279,13 @@ ngx_http_modsecurity_load_request(ngx_http_request_t *r)
{
ngx_http_modsecurity_ctx_t *ctx;
request_rec *req;
- ngx_str_t str;
size_t root;
ngx_str_t path;
+ ngx_uint_t port;
+ struct sockaddr_in *sin;
+#if (NGX_HAVE_INET6)
+ struct sockaddr_in6 *sin6;
+#endif
ctx = ngx_http_get_module_ctx(r, ngx_http_modsecurity);
req = ctx->req;
@@ -324,10 +328,30 @@ ngx_http_modsecurity_load_request(ngx_http_request_t *r)
req->parsed_uri.path = (char *)ngx_pstrdup0(r->pool, &r->uri);
req->parsed_uri.is_initialized = 1;
- str.data = r->port_start;
- str.len = r->port_end - r->port_start;
- req->parsed_uri.port = ngx_atoi(str.data, str.len);
- req->parsed_uri.port_str = (char *)ngx_pstrdup0(r->pool, &str);
+ switch (r->connection->local_sockaddr->sa_family) {
+
+#if (NGX_HAVE_INET6)
+ case AF_INET6:
+ sin6 = (struct sockaddr_in6 *) r->connection->local_sockaddr;
+ port = ntohs(sin6->sin6_port);
+ break;
+#endif
+
+#if (NGX_HAVE_UNIX_DOMAIN)
+ case AF_UNIX:
+ port = 0;
+ break;
+#endif
+
+ default: /* AF_INET */
+ sin = (struct sockaddr_in *) r->connection->local_sockaddr;
+ port = ntohs(sin->sin_port);
+ break;
+ }
+
+ req->parsed_uri.port = port;
+ req->parsed_uri.port_str = ngx_pnalloc(r->pool, sizeof("65535"));
+ (void) ngx_sprintf((u_char *)req->parsed_uri.port_str, "%ui%c", port, '\0');
req->parsed_uri.query = r->args.len ? req->args : NULL;
req->parsed_uri.dns_looked_up = 0;
Please sign in to comment.
Something went wrong with that request. Please try again.