diff options
Diffstat (limited to 'sca-cpp/branches/lightweight-sca/patches')
4 files changed, 143 insertions, 0 deletions
diff --git a/sca-cpp/branches/lightweight-sca/patches/apr-util-1.4.1.patch b/sca-cpp/branches/lightweight-sca/patches/apr-util-1.4.1.patch new file mode 100644 index 0000000000..2b88d3575f --- /dev/null +++ b/sca-cpp/branches/lightweight-sca/patches/apr-util-1.4.1.patch @@ -0,0 +1,12 @@ +--- memcache/apr_memcache.c ++++ memcache/apr_memcache.c +@@ -301,9 +301,6 @@ + } + + rv = apr_socket_connect(conn->sock, sa); +- if (rv != APR_SUCCESS) { +- return rv; +- } + + rv = apr_socket_timeout_set(conn->sock, -1); + if (rv != APR_SUCCESS) { diff --git a/sca-cpp/branches/lightweight-sca/patches/modsecurity-crs_2.2.2.patch b/sca-cpp/branches/lightweight-sca/patches/modsecurity-crs_2.2.2.patch new file mode 100644 index 0000000000..a0935b5bc2 --- /dev/null +++ b/sca-cpp/branches/lightweight-sca/patches/modsecurity-crs_2.2.2.patch @@ -0,0 +1,14 @@ +--- base_rules/modsecurity_crs_40_generic_attacks.conf ++++ base_rules/modsecurity_crs_40_generic_attacks.conf +164,165c164,165 +< SecRule ARGS "(?:ft|htt)ps?.*\?+$" \ +< "phase:2,rev:'2.2.2',t:none,t:htmlEntityDecode,t:lowercase,capture,ctl:auditLogParts=+E,block,status:501,msg:'Remote File Inclusion Attack',id:'950119',severity:'2',setvar:'tx.msg=%{rule.msg}',setvar:tx.anomaly_score=+%{tx.critical_anomaly_score},setvar:tx.rfi_score=+%{tx.critical_anomaly_score},setvar:tx.%{rule.id}-WEB_ATTACK/RFI-%{matched_var_name}=%{tx.0}" +--- +> #SecRule ARGS "(?:ft|htt)ps?.*\?+$" \ +> # "phase:2,rev:'2.2.2',t:none,t:htmlEntityDecode,t:lowercase,capture,ctl:auditLogParts=+E,block,status:501,msg:'Remote File Inclusion Attack',id:'950119',severity:'2',setvar:'tx.msg=%{rule.msg}',setvar:tx.anomaly_score=+%{tx.critical_anomaly_score},setvar:tx.rfi_score=+%{tx.critical_anomaly_score},setvar:tx.%{rule.id}-WEB_ATTACK/RFI-%{matched_var_name}=%{tx.0}" +--- base_rules/modsecurity_crs_50_outbound.conf ++++ base_rules/modsecurity_crs_50_outbound.conf +39c39 +< SecRule RESPONSE_BODY "\<\%" "phase:4,rev:'2.2.2',chain,t:none,capture,ctl:auditLogParts=+E,block,msg:'ASP/JSP source code leakage',id:'970903',tag:'LEAKAGE/SOURCE_CODE_ASP_JSP',tag:'WASCTC/WASC-13',tag:'OWASP_TOP_10/A6',tag:'PCI/6.5.6',severity:'3'" +--- +> #SecRule RESPONSE_BODY "\<\%" "phase:4,rev:'2.2.2',chain,t:none,capture,ctl:auditLogParts=+E,block,msg:'ASP/JSP source code leakage',id:'970903',tag:'LEAKAGE/SOURCE_CODE_ASP_JSP',tag:'WASCTC/WASC-13',tag:'OWASP_TOP_10/A6',tag:'PCI/6.5.6',severity:'3'" diff --git a/sca-cpp/branches/lightweight-sca/patches/scribe-2.2.patch b/sca-cpp/branches/lightweight-sca/patches/scribe-2.2.patch new file mode 100644 index 0000000000..16c2e3871e --- /dev/null +++ b/sca-cpp/branches/lightweight-sca/patches/scribe-2.2.patch @@ -0,0 +1,78 @@ +--- src/common.h ++++ src/common.h +@@ -42,6 +42,8 @@ + #include <sys/types.h> + #include <sys/stat.h> + #include <unistd.h> ++#include <signal.h> ++#include <fcntl.h> + #include <boost/shared_ptr.hpp> + #include <boost/filesystem/operations.hpp> + #include <boost/filesystem/convenience.hpp> + +--- src/file.cpp ++++ src/file.cpp +@@ -74,9 +74,21 @@ + } + + bool StdFile::openWrite() { ++ // if file is a fifo, temporarily open it for read ++ int fd = -1; ++ struct stat st; ++ int s = stat(filename.c_str(), &st); ++ if (s != -1 && S_ISFIFO(st.st_mode)) ++ fd = ::open(filename.c_str(), O_RDONLY | O_NONBLOCK); ++ + // open file for write in append mode + ios_base::openmode mode = fstream::out | fstream::app; +- return open(mode); ++ bool r = open(mode); ++ ++ // close fifo ++ if (fd != -1) ++ ::close(fd); ++ return r; + } + + bool StdFile::openTruncate() { + +--- src/scribe_server.cpp ++++ src/scribe_server.cpp +@@ -55,6 +55,8 @@ + if (-1 == setrlimit(RLIMIT_NOFILE, &r_fd)) { + LOG_OPER("setrlimit error (setting max fd size)"); + } ++ ++ signal(SIGPIPE, SIG_IGN); + + int next_option; + const char* const short_options = "hp:c:"; +@@ -110,7 +112,7 @@ + } + + TNonblockingServer server(processor, binaryProtocolFactory, +- g_Handler->port, thread_manager); ++ g_Handler->host, g_Handler->port, thread_manager); + + LOG_OPER("Starting scribe server on port %lu", g_Handler->port); + fflush(stderr); +@@ -583,6 +585,8 @@ + throw runtime_error("No port number configured"); + } + ++ config.getString("host", host); ++ + // check if config sets the size to use for the ThreadManager + unsigned long int num_threads; + if (config.getUnsigned("num_thrift_server_threads", num_threads)) { + +--- src/scribe_server.h ++++ src/scribe_server.h +@@ -51,6 +51,7 @@ + void setStatusDetails(const std::string& new_status_details); + + unsigned long int port; // it's long because that's all I implemented in the conf class ++ std::string host; + + // number of threads processing new Thrift connections + size_t numThriftServerThreads; diff --git a/sca-cpp/branches/lightweight-sca/patches/thrift-0.2.0.patch b/sca-cpp/branches/lightweight-sca/patches/thrift-0.2.0.patch new file mode 100644 index 0000000000..a834faca02 --- /dev/null +++ b/sca-cpp/branches/lightweight-sca/patches/thrift-0.2.0.patch @@ -0,0 +1,39 @@ +--- lib/cpp/src/server/TNonblockingServer.cpp ++++ lib/cpp/src/server/TNonblockingServer.cpp +@@ -622,8 +622,8 @@ + hints.ai_flags = AI_PASSIVE | AI_ADDRCONFIG; + sprintf(port, "%d", port_); + +- // Wildcard address +- error = getaddrinfo(NULL, port, &hints, &res0); ++ // Wildcard or specified address ++ error = getaddrinfo(host_ == "" || host_ =="*"? NULL : host_.c_str(), port, &hints, &res0); + if (error) { + string errStr = "TNonblockingServer::serve() getaddrinfo " + string(gai_strerror(error)); + GlobalOutput(errStr.c_str()); + +--- lib/cpp/src/server/TNonblockingServer.h ++++ lib/cpp/src/server/TNonblockingServer.h +@@ -65,6 +65,9 @@ + // Server socket file descriptor + int serverSocket_; + ++ // Host server runs on ++ std::string host_; ++ + // Port server runs on + int port_; + +@@ -117,10 +120,12 @@ + + TNonblockingServer(boost::shared_ptr<TProcessor> processor, + boost::shared_ptr<TProtocolFactory> protocolFactory, ++ std::string host, + int port, + boost::shared_ptr<ThreadManager> threadManager = boost::shared_ptr<ThreadManager>()) : + TServer(processor), + serverSocket_(-1), ++ host_(host), + port_(port), + threadManager_(threadManager), + eventBase_(NULL), |