fix(*) compatible with nginx-1.23.0

ADD-SP · ADD-SP · commit 324bb394d20e · 2022-07-09T10:39:00.000+08:00
diff --git a/src/ngx_http_waf_module_captcha.c b/src/ngx_http_waf_module_captcha.c
@@ -436,14 +436,24 @@ static ngx_int_t _verify_cookies(ngx_http_request_t* r) {
     ngx_memzero(under_attack_client, sizeof(_info_t));
     ngx_memzero(under_attack_expect, sizeof(_info_t));
 
+#if (nginx_version >= 1023000)
+    if (r->headers_in.cookie != NULL) {
+        ngx_table_elt_t* cookies = r->headers_in.cookie;
+#else
     if (r->headers_in.cookies.nelts > 0) {
+        ngx_array_t* cookies = &(r->headers_in.cookies);
+#endif
         ngx_str_t key, value;
 
         ngx_str_set(&key, "__waf_captcha_uid");
         ngx_str_null(&value);
         ngx_http_waf_dpf(r, "searching cookie %V", &key);
 
-        if (ngx_http_parse_multi_header_lines(&(r->headers_in.cookies), &key, &value) != NGX_DECLINED) {
+#if (nginx_version >= 1023000)
+        if (ngx_http_parse_multi_header_lines(r, cookies, &key, &value) != NULL) {
+#else
+        if (ngx_http_parse_multi_header_lines(cookies, &key, &value) != NGX_DECLINED) {
+#endif
             ngx_http_waf_dpf(r, "found cookie %V", &value);
             ngx_memcpy(under_attack_client->uid, value.data, value.len);
 
@@ -455,7 +465,11 @@ static ngx_int_t _verify_cookies(ngx_http_request_t* r) {
         ngx_str_null(&value);
         ngx_http_waf_dpf(r, "searching cookie %V", &key);
 
-        if (ngx_http_parse_multi_header_lines(&(r->headers_in.cookies), &key, &value) != NGX_DECLINED) {
+#if (nginx_version >= 1023000)
+        if (ngx_http_parse_multi_header_lines(r, cookies, &key, &value) != NULL) {
+#else
+        if (ngx_http_parse_multi_header_lines(cookies, &key, &value) != NGX_DECLINED) {
+#endif
             ngx_http_waf_dpf(r, "found cookie %V", &value);
             ngx_memcpy(under_attack_client->hmac, value.data, value.len);
 
@@ -467,7 +481,11 @@ static ngx_int_t _verify_cookies(ngx_http_request_t* r) {
         ngx_str_null(&value);
         ngx_http_waf_dpf(r, "searching cookie %V", &key);
 
-        if (ngx_http_parse_multi_header_lines(&(r->headers_in.cookies), &key, &value) != NGX_DECLINED) {
+#if (nginx_version >= 1023000)
+        if (ngx_http_parse_multi_header_lines(r, cookies, &key, &value) != NULL) {
+#else
+        if (ngx_http_parse_multi_header_lines(cookies, &key, &value) != NGX_DECLINED) {
+#endif
             ngx_http_waf_dpf(r, "found cookie %V", &value);
             ngx_memcpy(under_attack_client->time, value.data, value.len);
 
diff --git a/src/ngx_http_waf_module_check.c b/src/ngx_http_waf_module_check.c
@@ -578,11 +578,56 @@ ngx_int_t ngx_http_waf_handler_check_black_cookie(ngx_http_request_t* r) {
         return NGX_HTTP_WAF_NOT_MATCHED;
     }
 
+#if (nginx_version >= 1023000)
+    if (r->headers_in.cookie == NULL) {
+        ngx_http_waf_dp(r, "empty cookies ... return");
+        return NGX_HTTP_WAF_NOT_MATCHED;
+    }
+
+    ngx_table_elt_t* p = r->headers_in.cookie;
+
+    for (p = r->headers_in.cookie; p != NULL; p = p->next) {
+        size_t len = p->key.len + p->value.len + 1;
+        u_char* buf = ngx_pcalloc(r->pool, sizeof(u_char) * (len + 1));
+
+        size_t offset = 0;
+        ngx_memcpy(buf + offset, p->key.data, sizeof(u_char) * p->key.len);
+
+        offset += sizeof(u_char) * p->key.len;
+        buf[offset] = '=';
+
+        ++offset;
+        ngx_memcpy(buf + offset, p->value.data, sizeof(u_char) * p->value.len);
+
+        ngx_str_t cookie;
+        cookie.len = len;
+        cookie.data = buf;
+
+        ngx_array_t* regex_array = loc_conf->black_cookie;
+        lru_cache_t* cache = loc_conf->black_cookie_inspection_cache;
+        ret_value = ngx_http_waf_regex_exec_arrray(r, &cookie, regex_array, (u_char*)"BLACK-COOKIE", cache);
+
+        if (ret_value == NGX_HTTP_WAF_MATCHED) {
+            ngx_http_waf_dp(r, "matched");
+            ctx->gernal_logged = 1;
+            ctx->blocked = 1;
+            ngx_http_waf_append_action_chain(r, action);
+
+        } else {
+            ngx_http_waf_dp(r, "not matched");
+        }
+
+        if (ctx->blocked) {
+            ngx_http_waf_dp(r, "blocked ... break");
+            break;
+        }
+    }
+#else
     if (r->headers_in.cookies.nelts == 0) {
         ngx_http_waf_dp(r, "empty cookies ... return");
         return NGX_HTTP_WAF_NOT_MATCHED;
     }
-    
+
     ngx_table_elt_t** ppcookie = r->headers_in.cookies.elts;
     size_t i;
     for (i = 0; i < r->headers_in.cookies.nelts; i++, ppcookie++) {
@@ -609,6 +654,7 @@ ngx_int_t ngx_http_waf_handler_check_black_cookie(ngx_http_request_t* r) {
             break;
         }
     }
+#endif
 
     ngx_http_waf_dp_func_end(r);
     return ret_value;
diff --git a/src/ngx_http_waf_module_under_attack.c b/src/ngx_http_waf_module_under_attack.c
@@ -35,15 +35,25 @@ ngx_int_t ngx_http_waf_handler_under_attack(ngx_http_request_t* r) {
     _info_t* under_attack_client = ngx_pcalloc(r->pool, sizeof(_info_t));
     _info_t* under_attack_expect = ngx_pcalloc(r->pool, sizeof(_info_t));
 
-
+#if (nginx_version >= 1023000)
+    if (r->headers_in.cookie != NULL) {
+        ngx_table_elt_t* cookies = r->headers_in.cookie;
+#else
     if (r->headers_in.cookies.nelts > 0) {
+        ngx_array_t* cookies = &(r->headers_in.cookies);
+#endif
         ngx_str_t key, value;
 
+
         ngx_str_set(&key, "__waf_under_attack_time");
         ngx_str_null(&value);
         ngx_http_waf_dpf(r, "searching cookie %V", &key);
 
-        if (ngx_http_parse_multi_header_lines(&(r->headers_in.cookies), &key, &value) != NGX_DECLINED) {
+#if (nginx_version >= 1023000)
+        if (ngx_http_parse_multi_header_lines(r, cookies, &key, &value) != NULL) {
+#else
+        if (ngx_http_parse_multi_header_lines(cookies, &key, &value) != NGX_DECLINED) {
+#endif
             ngx_http_waf_dpf(r, "found cookie %V", &key);
             ngx_memcpy(under_attack_client->time, value.data, value.len);
 
@@ -55,7 +65,11 @@ ngx_int_t ngx_http_waf_handler_under_attack(ngx_http_request_t* r) {
         ngx_str_null(&value);
         ngx_http_waf_dpf(r, "searching cookie %V", &key);
 
-        if (ngx_http_parse_multi_header_lines(&(r->headers_in.cookies), &key, &value) != NGX_DECLINED) {
+#if (nginx_version >= 1023000)
+        if (ngx_http_parse_multi_header_lines(r, cookies, &key, &value) != NULL) {
+#else
+        if (ngx_http_parse_multi_header_lines(cookies, &key, &value) != NGX_DECLINED) {
+#endif
             ngx_http_waf_dpf(r, "found cookie %V", &key);
             ngx_memcpy(under_attack_client->uid, value.data, value.len);
 
@@ -67,7 +81,11 @@ ngx_int_t ngx_http_waf_handler_under_attack(ngx_http_request_t* r) {
         ngx_str_null(&value);
         ngx_http_waf_dpf(r, "searching cookie %V", &key);
 
-        if (ngx_http_parse_multi_header_lines(&(r->headers_in.cookies), &key, &value) != NGX_DECLINED) {
+#if (nginx_version >= 1023000)
+        if (ngx_http_parse_multi_header_lines(r, cookies, &key, &value) != NULL) {
+#else
+        if (ngx_http_parse_multi_header_lines(cookies, &key, &value) != NGX_DECLINED) {
+#endif
             ngx_http_waf_dpf(r, "found cookie %V", &key);
             ngx_memcpy(under_attack_client->hmac, value.data, value.len);
 
