Stop segfaults caused by NULL request_body #271
Conversation
|
In the case of this patch, viewing with ignoring whitespace changes emphasizes the simplicity of this change: On another note, I just realized that nginx checks r->request_body->bufs for NULL when checking |
|
Unfortunately, reproducing the segfault appears to require building nginx with a module that sets request_body to NULL and triggering it, but perhaps it would be sufficient to observe that making sure request_body is not NULL does not break anything. On my test machine, I've built nginx with ModSecurity-nginx and lua-nginx-module and added a location to the nginx config that uses Lua to trigger setting |
Actually, checking |
ModSecurity-nginx assumes
ngx_http_request_t.request_bodyis never NULL and encounters a segfault when therequest_bodyis in fact NULL.We have seen this happen when ModSecurity-nginx is used in conjunction with lua-nginx-module. When a subrequest is made using this lua API, it can result in the
request_bodybeing set to NULL here.I considered whether this was more of a bug with lua-nginx-module, but nginx's codebase appears to recognize a NULL
request_bodyis possible (some examples: a, b, c). Also, it seems reasonable for ModSecurity-nginx to be a little more defensive in this case.This is a patch to fix that issue by wrapping the code that process the request_body in an if-NULL check. With this patch, msc_append_request_body() will not be called when the
request_bodyis NULL, and this seems like it will be OK because ModSecurity's Transaction's m_requestBody is a std::ostringstream that will simply not have any data.