Re: modify request_rec->args
I was able to get it to work, by modifying r->args directly. Not sure why changing the pointer didn't work, but maybe there was a flaw in my testing. Thanks for the help. On 25 March 2016 at 11:24, Eric Covener <cove...@gmail.com> wrote: > On Fri, Mar 25, 2016 at 10:22 AM, Justin Kennedy > <jus...@justinkennedy.ca> wrote: > > The plan is for the module to do other things, this is just the first > step. > > Any suggestions? Thank you. > > > It should work. Who sees the unchanged query string? I think it exists > in apr_uri_t form somewhere too. > > -- > Eric Covener > cove...@gmail.com >
Re: modify request_rec->args
Hi Sorin, The plan is for the module to do other things, this is just the first step. Any suggestions? Thank you. On 25 March 2016 at 05:30, Sorin Manolache <sor...@gmail.com> wrote: > On 2016-03-25 00:59, Justin Kennedy wrote: > >> Hello, >> >> I have a simple module, with just a quick_hander, it's sole function is to >> check if there is a specific key=value on the query string, and modify the >> value, so it gets picked up by a separate module. >> >> For example: if "foo=1" is in r->args, then replace it with "foo=0", >> decline the request so it gets picked up by the other module. >> >> In my first attempt, I created a new string and assigned the pointer to >> r->args, but it doesn't seem to "stick" when it gets to the second module. >> Do I have to modify r->args directly, without changing the pointer? It's >> been awhile since I've worked with C strings. >> >> > You don't need a module to do that. You can use some mod_rewrite > directives that you place inside your or : > > RewriteEngine On > > RewriteCond %{QUERY_STRING} ^(|.*&)foo=([^&]*)(&.*|$) > RewriteRule (.*) $1?%1foo=new_value%3 > > -- > Sorin > > -- Justin Kennedy Software Developer 506 645 1195 888 406 0624
modify request_rec->args
Hello, I have a simple module, with just a quick_hander, it's sole function is to check if there is a specific key=value on the query string, and modify the value, so it gets picked up by a separate module. For example: if "foo=1" is in r->args, then replace it with "foo=0", decline the request so it gets picked up by the other module. In my first attempt, I created a new string and assigned the pointer to r->args, but it doesn't seem to "stick" when it gets to the second module. Do I have to modify r->args directly, without changing the pointer? It's been awhile since I've worked with C strings. Thank you, -Justin
"hello world" module crashes 2.4 on CentOS 6.7
Good day, I have a pretty simple module that is crashing my server as soon as I dereference a pointer that comes from the request_rec pool. This is on CentOS 6.7, with Apache 2.4 compiled. It's a fresh VM on AWS. The module was compiled with apxs. The code is listed below. The output I get in the log files is: [Date...] [:error] [client ] [pid ...] ***--- not nulll [Date...] [core:notice] [pid ...] AH00052: child pid 1365 exit signal Segmentation fault (11) CODE #include #include #include #include #include #include #include #include #include #define EXAMPLE_NAME "mod_example" static int example_handler(request_rec *r) { const char *url; url = apr_psprintf(r->pool, "%s", "test"); if(url == NULL) { ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, "***--- null"); } else { ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, "***--- not nulll"); ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, "***--- url is: %s", url); } ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, "***--- done "); return DECLINED; } static void example_register_hooks(apr_pool_t *pool) { ap_hook_handler(example_handler, NULL, NULL, APR_HOOK_LAST); } module AP_MODULE_DECLARE_DATA example_module = { STANDARD20_MODULE_STUFF, NULL, NULL, NULL, NULL, NULL, example_register_hooks }; Any help is appreciated. -Justin
server directives are lost when activating module in vhost
Greetings, I have these two directives specified in the root httpd.conf: ServerTokens Prod ServerSignature Off Those directives are being honored and all is well, until I activate my module within a virtual host. Once that happens, these directives are ignored. Is it possible for my module to be interfering with the other directives outside of my module configuration? If so, I'm thinking this could this be happening in my merge configuration hook, even though I only deal with directives related to my module. Any ideas? For debugging, it would be helpful if I could output the value of this directive in the various methods of my module. How can I access the value of this directive from within my module? Thank you, -- Justin
Re: Preventing Path Traversal Attack
HI Yann, The variable r is the request_rec that is passed into the module's handler hook. Based on my testing, r-unparsed_uri does indeed have a space (it's not encoded to %20). I need to compare against an unparsed URI because r-uri is vulnerable to a path traversal attack. For instance, this: http://abc.me/unprotected_path/../protected_path becomes: http://abc.me/protected_path Maybe I'm going about it the wrong way, so I'm hoping for some guidance from more experienced developers. Thank you, On Thu, Dec 4, 2014 at 6:33 PM, Yann Ylavic ylavic@gmail.com wrote: Hello, On Thu, Dec 4, 2014 at 4:20 PM, Justin Kennedy jkenn...@pingidentity.com wrote: Here is the code in question: /* ensure r-uri and r-unparsed_uri are similar to prevent path traversal attacks */ unparsed_uri = apr_pstrdup(r-pool, r-unparsed_uri); /* get the unparsed base uri (everything up to '?') */ unparsed_uri_base = apr_strtok(unparsed_uri, ?, buf); buf = strstr(r-uri, unparsed_uri_base); /*** ISSUE: If there is a space in the URL then r-uri will have the encoded space as %20 and r-unparsed_uri will not */ There can't be a space in the HTTP URL received by httpd, the space must %20-escaped (urlencoded) by the client to form a valid HTTP request line. Hence both r-unparsed_uri and r-uri should have the %20 (see read_request_line() and ap_parse_uri()), unlike r-parsed_uri.path which is later ap_unescape()d in ap_process_request_internal(), where r-uri is also sanitized against all forms dot-slashes. /* compare unparsed base with parsed uri */ if(buf == NULL || strlen(r-uri) != strlen(buf)) { Where does this r-uri come from? error( cfg, Malformed URI ); return HTTP_INTERNAL_SERVER_ERROR; } Regards, Yann. -- [image: Ping Identity logo] https://www.pingidentity.com/ Justin Kennedy Sr. Development Engineer @ jkenn...@pingidentity.com [image: phone] +1 604.697.7055 Connect with us… [image: twitter logo] https://twitter.com/pingidentity [image: youtube logo] https://www.youtube.com/user/PingIdentityTV [image: LinkedIn logo] https://www.linkedin.com/company/21870 [image: Facebook logo] https://www.facebook.com/pingidentitypage [image: Google+ logo] https://plus.google.com/u/0/114266977739397708540 [image: slideshare logo] http://www.slideshare.net/PingIdentity [image: flipboard logo] http://flip.it/vjBF7 [image: rss feed icon] https://www.pingidentity.com/blogs/
Preventing Path Traversal Attack
Good day, In my handler hook I've implemented some code in an attempt to prevent this attack. Unfortunately it doesn't take into account that there might be spaces in the URL. Has anyone already overcome this or can provide a proper solution? Here is the code in question: /* ensure r-uri and r-unparsed_uri are similar to prevent path traversal attacks */ unparsed_uri = apr_pstrdup(r-pool, r-unparsed_uri); /* get the unparsed base uri (everything up to '?') */ unparsed_uri_base = apr_strtok(unparsed_uri, ?, buf); buf = strstr(r-uri, unparsed_uri_base); /*** ISSUE: If there is a space in the URL then r-uri will have the encoded space as %20 and r-unparsed_uri will not */ /* compare unparsed base with parsed uri */ if(buf == NULL || strlen(r-uri) != strlen(buf)) { error( cfg, Malformed URI ); return HTTP_INTERNAL_SERVER_ERROR; } -- [image: Ping Identity logo] https://www.pingidentity.com/ Justin Kennedy Sr. Development Engineer @ jkenn...@pingidentity.com [image: phone] +1 604.697.7055 Connect with us… [image: twitter logo] https://twitter.com/pingidentity [image: youtube logo] https://www.youtube.com/user/PingIdentityTV [image: LinkedIn logo] https://www.linkedin.com/company/21870 [image: Facebook logo] https://www.facebook.com/pingidentitypage [image: Google+ logo] https://plus.google.com/u/0/114266977739397708540 [image: slideshare logo] http://www.slideshare.net/PingIdentity [image: flipboard logo] http://flip.it/vjBF7 [image: rss feed icon] https://www.pingidentity.com/blogs/