mod_security-rpm/mod_security-fix-error-500-for-invalid-requests.patch

From f9c253952c564ffefd6c10b8327ef836832facea Mon Sep 17 00:00:00 2001
From: root <root@ip-10-124-52-70.us-east-1.aws.cloud.in.here.com>
Date: Fri, 29 Jan 2016 08:43:28 +0000
Subject: [PATCH] This is fix for reborn of
 https://github.com/SpiderLabs/ModSecurity/issues/334 This bug has been
 reborn, because Apache (at least in RedHat/CentOS) since version 2.2.15-47
 returns in same case APR_INCOMPLETE (not APR_EOF). Based on same patch I have
 added handler for APR_INCOMPLETE.

---
 apache2/apache2_io.c    | 3 +++
 apache2/mod_security2.c | 7 +++++++
 2 files changed, 10 insertions(+)

diff --git a/apache2/apache2_io.c b/apache2/apache2_io.c
index 0d59613..c14dd41 100644
--- a/apache2/apache2_io.c
+++ b/apache2/apache2_io.c
@@ -208,6 +208,9 @@ apr_status_t read_request_body(modsec_rec *msr, char **error_msg) {
              *      too large and APR_EGENERAL when the client disconnects.
              */
             switch(rc) {
+                case APR_INCOMPLETE :
+                    *error_msg = apr_psprintf(msr->mp, "Error reading request body: %s", get_apr_error(msr->mp, rc));
+                    return -7;
                 case APR_EOF :
                     *error_msg = apr_psprintf(msr->mp, "Error reading request body: %s", get_apr_error(msr->mp, rc));
                     return -6;
diff --git a/apache2/mod_security2.c b/apache2/mod_security2.c
index 5404fd8..14e9f44 100644
--- a/apache2/mod_security2.c
+++ b/apache2/mod_security2.c
@@ -1030,6 +1030,13 @@ static int hook_request_late(request_rec *r) {
                 r->connection->keepalive = AP_CONN_CLOSE;
                 return HTTP_BAD_REQUEST;
                 break;
+            case -7 : /* Partial recieved */
+                if (my_error_msg != NULL) {
+                    msr_log(msr, 4, "%s", my_error_msg);
+                }
+                r->connection->keepalive = AP_CONN_CLOSE;
+                return HTTP_BAD_REQUEST;
+                break;
             default :
                 /* allow through */
                 break;
-- 
2.7.4
Add a fix for failing on PUT/POST requests with http 500 error (RHBZ 2016-06-16 03:02:47 +02:00			`From f9c253952c564ffefd6c10b8327ef836832facea Mon Sep 17 00:00:00 2001`
			`From: root <root@ip-10-124-52-70.us-east-1.aws.cloud.in.here.com>`
			`Date: Fri, 29 Jan 2016 08:43:28 +0000`
			`Subject: [PATCH] This is fix for reborn of`
			`https://github.com/SpiderLabs/ModSecurity/issues/334 This bug has been`
			`reborn, because Apache (at least in RedHat/CentOS) since version 2.2.15-47`
			`returns in same case APR_INCOMPLETE (not APR_EOF). Based on same patch I have`
			`added handler for APR_INCOMPLETE.`

			`---`
			`apache2/apache2_io.c \| 3 +++`
			`apache2/mod_security2.c \| 7 +++++++`
			`2 files changed, 10 insertions(+)`

			`diff --git a/apache2/apache2_io.c b/apache2/apache2_io.c`
			`index 0d59613..c14dd41 100644`
			`--- a/apache2/apache2_io.c`
			`+++ b/apache2/apache2_io.c`
			`@@ -208,6 +208,9 @@ apr_status_t read_request_body(modsec_rec msr, char *error_msg) {`
			`* too large and APR_EGENERAL when the client disconnects.`
			`*/`
			`switch(rc) {`
			`+ case APR_INCOMPLETE :`
			`+ *error_msg = apr_psprintf(msr->mp, "Error reading request body: %s", get_apr_error(msr->mp, rc));`
			`+ return -7;`
			`case APR_EOF :`
			`*error_msg = apr_psprintf(msr->mp, "Error reading request body: %s", get_apr_error(msr->mp, rc));`
			`return -6;`
			`diff --git a/apache2/mod_security2.c b/apache2/mod_security2.c`
			`index 5404fd8..14e9f44 100644`
			`--- a/apache2/mod_security2.c`
			`+++ b/apache2/mod_security2.c`
			`@@ -1030,6 +1030,13 @@ static int hook_request_late(request_rec *r) {`
			`r->connection->keepalive = AP_CONN_CLOSE;`
			`return HTTP_BAD_REQUEST;`
			`break;`
			`+ case -7 : /* Partial recieved */`
			`+ if (my_error_msg != NULL) {`
			`+ msr_log(msr, 4, "%s", my_error_msg);`
			`+ }`
			`+ r->connection->keepalive = AP_CONN_CLOSE;`
			`+ return HTTP_BAD_REQUEST;`
			`+ break;`
			`default :`
			`/* allow through */`
			`break;`
			`--`
			`2.7.4`