* [Buildroot] [PATCH v2, 1/1] package/nginx-naxsi: fix build with pcre2
@ 2023-02-19 17:35 Fabrice Fontaine
2023-02-20 20:57 ` Thomas Petazzoni via buildroot
0 siblings, 1 reply; 2+ messages in thread
From: Fabrice Fontaine @ 2023-02-19 17:35 UTC (permalink / raw)
To: buildroot; +Cc: Fabrice Fontaine
Fix the following build failure raised since bump of nginx to version
1.22.1 in commit 722b84eafa5e3d9540e0a80bae0c971a3a778358:
/home/buildroot/autobuild/run/instance-2/output-1/build/nginx-naxsi-1.3/naxsi_src/naxsi_runtime.c: In function 'ngx_http_process_basic_rule_buffer':
/home/buildroot/autobuild/run/instance-2/output-1/build/nginx-naxsi-1.3/naxsi_src/naxsi_runtime.c:205:61: error: invalid use of incomplete typedef 'ngx_regex_t' {aka 'struct pcre2_real_code_8'}
205 | (tmp_idx < len && (match = pcre_exec(rl->br->rx->regex->code,
| ^~
Fixes:
- http://autobuild.buildroot.org/results/7fff888bd36710e2d2f5bb39a38597e8c04305ce
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
---
Changes v1 -> v2:
- Fix patch number
.../0002-PCRE2-compatibility.patch | 221 ++++++++++++++++++
1 file changed, 221 insertions(+)
create mode 100644 package/nginx-naxsi/0002-PCRE2-compatibility.patch
diff --git a/package/nginx-naxsi/0002-PCRE2-compatibility.patch b/package/nginx-naxsi/0002-PCRE2-compatibility.patch
new file mode 100644
index 0000000000..aa3df4dff7
--- /dev/null
+++ b/package/nginx-naxsi/0002-PCRE2-compatibility.patch
@@ -0,0 +1,221 @@
+From 2937c44276cba21601ade4e265d32515f570d68c Mon Sep 17 00:00:00 2001
+From: Danila Vershinin <ciapnz@gmail.com>
+Date: Thu, 16 Jun 2022 01:22:23 +0300
+Subject: [PATCH] PCRE2 compatibility (#587)
+
+* Fix: use pcre2 when building with nginx >= 1.21.5
+
+I've tried to compile naxsi 1.3 as module for nginx 1.21.6, and got the error:
+
+error: invalid use of incomplete typedef 'ngx_regex_t' {aka 'struct pcre2_real_code_8'}
+ 205 | (tmp_idx < len && (match = pcre_exec(rl->br->rx->regex->code,
+
+I found this issue report: Ref: https://github.com/nbs-system/naxsi/issues/580
+then i tried to solve the pcre2 compatibility issue.
+
+I've included an helper function that is 'copied' from: https://github.com/nginx/nginx/blob/master/src/core/ngx_regex.c#L393
+that it is called in place of 'pcre_exec' when nginx_version >= 1021005
+
+Not sure if this is the best solution, but I managed to build naxsi 1.3 as module for nginx 1.21.6 succesfully, and it seems to work well.
+
+I'm not used to develop in C anymore (since 25 years ago, at least!), but I hope that this patch I made can help anybody else.
+
+* Added a check for nginx_version >= 1021005
+
+Added a check for nginx_version >= 1021005 to avoid helper function definition on older versions
+
+* Use NGX_PCRE2 conditional
+
+Update naxsi.h
+
+Don't include pcre.h in order for compilation to work both against pcre and pcre2
+
+Fix pcre vs pcre2 compilation
+
+Co-authored-by: laluigino <99279306+laluigino@users.noreply.github.com>
+[Retrieved from:
+https://github.com/nbs-system/naxsi/commit/2937c44276cba21601ade4e265d32515f570d68c]
+Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
+---
+ naxsi_src/naxsi.h | 1 -
+ naxsi_src/naxsi_config.c | 9 ++++-
+ naxsi_src/naxsi_runtime.c | 82 ++++++++++++++++++++++++++++++++++++++-
+ naxsi_src/naxsi_utils.c | 8 ++++
+ 4 files changed, 96 insertions(+), 4 deletions(-)
+
+diff --git a/naxsi_src/naxsi.h b/naxsi_src/naxsi.h
+index 53df1bd8..b2f5c1a5 100644
+--- a/naxsi_src/naxsi.h
++++ b/naxsi_src/naxsi.h
+@@ -19,7 +19,6 @@
+ #include <ngx_http.h>
+ #include <ngx_http_core_module.h>
+ #include <ngx_md5.h>
+-#include <pcre.h>
+
+ extern ngx_module_t ngx_http_naxsi_module;
+
+diff --git a/naxsi_src/naxsi_config.c b/naxsi_src/naxsi_config.c
+index 4ea15567..6d2f0e23 100644
+--- a/naxsi_src/naxsi_config.c
++++ b/naxsi_src/naxsi_config.c
+@@ -322,8 +322,11 @@ naxsi_zone(ngx_conf_t* r, ngx_str_t* tmp, ngx_http_rule_t* rule)
+
+ custom_rule->target_rx = ngx_pcalloc(r->pool, sizeof(ngx_regex_compile_t));
+ return_value_if(!custom_rule->target_rx, NGX_CONF_ERROR);
+-
++#if (NGX_PCRE2)
++ custom_rule->target_rx->options = PCRE2_CASELESS | PCRE2_MULTILINE;
++#else
+ custom_rule->target_rx->options = PCRE_CASELESS | PCRE_MULTILINE;
++#endif
+ custom_rule->target_rx->pattern = custom_rule->target;
+ custom_rule->target_rx->pool = r->pool;
+ custom_rule->target_rx->err.len = 0;
+@@ -442,7 +445,11 @@ naxsi_rx(ngx_conf_t* r, ngx_str_t* tmp, ngx_http_rule_t* rule)
+ ha.len = tmp->len - strlen(RX_T);
+ rgc = ngx_pcalloc(r->pool, sizeof(ngx_regex_compile_t));
+ return_value_if(!rgc, NGX_CONF_ERROR);
++#if (NGX_PCRE2)
++ rgc->options = PCRE2_CASELESS | PCRE2_MULTILINE;
++#else
+ rgc->options = PCRE_CASELESS | PCRE_MULTILINE;
++#endif
+ rgc->pattern = ha;
+ rgc->pool = r->pool;
+ rgc->err.len = 0;
+diff --git a/naxsi_src/naxsi_runtime.c b/naxsi_src/naxsi_runtime.c
+index d548ce37..784852b0 100644
+--- a/naxsi_src/naxsi_runtime.c
++++ b/naxsi_src/naxsi_runtime.c
+@@ -181,6 +181,75 @@ ngx_http_naxsi_rawbody_parse(ngx_http_request_ctx_t* ctx,
+ unsigned char*
+ ngx_utf8_check(ngx_str_t* str);
+
++#if defined nginx_version && (nginx_version >= 1021005)
++/*
++ * variables to use pcre2
++ */
++static pcre2_match_data *ngx_pcre2_match_data;
++static ngx_uint_t ngx_pcre2_match_data_size;
++
++/*
++ * helper function to use pcre2
++ */
++ngx_int_t
++ngx_pcre2_exec(ngx_regex_t *re, unsigned char* str, unsigned int len, ngx_int_t tmp_idx, int *captures, ngx_uint_t size)
++{
++ size_t *ov;
++ ngx_int_t rc;
++ ngx_uint_t n, i;
++
++ /*
++ * The pcre2_match() function might allocate memory for backtracking
++ * frames, typical allocations are from 40k and above. So the allocator
++ * is configured to do direct allocations from heap during matching.
++ */
++
++ if (ngx_pcre2_match_data == NULL
++ || size > ngx_pcre2_match_data_size)
++ {
++ /*
++ * Allocate a match data if not yet allocated or smaller than
++ * needed.
++ */
++
++ if (ngx_pcre2_match_data) {
++ pcre2_match_data_free(ngx_pcre2_match_data);
++ }
++
++ ngx_pcre2_match_data_size = size;
++ ngx_pcre2_match_data = pcre2_match_data_create(size / 3, NULL);
++
++ if (ngx_pcre2_match_data == NULL) {
++ rc = PCRE2_ERROR_NOMEMORY;
++ goto failed;
++ }
++ }
++
++ rc = pcre2_match(re, str, len, tmp_idx, 0, ngx_pcre2_match_data, NULL);
++
++ if (rc < 0) {
++ goto failed;
++ }
++
++ n = pcre2_get_ovector_count(ngx_pcre2_match_data);
++ ov = pcre2_get_ovector_pointer(ngx_pcre2_match_data);
++
++ if (n > size / 3) {
++ n = size / 3;
++ }
++
++ for (i = 0; i < n; i++) {
++ captures[i * 2] = ov[i * 2];
++ captures[i * 2 + 1] = ov[i * 2 + 1];
++ }
++
++failed:
++
++ return rc;
++
++}
++#endif
++
+ /*
+ ** in : string to inspect, associated rule
+ ** does : apply the rule on the string, return 1 if matched,
+@@ -201,7 +270,14 @@ ngx_http_process_basic_rule_buffer(ngx_str_t* str, ngx_http_rule_t* rl, ngx_int_
+ tmp_idx = 0;
+ len = str->len;
+ while
+-#if defined nginx_version && (nginx_version >= 1002002 && nginx_version != 1003000)
++#if (NGX_PCRE2)
++ (tmp_idx < len && (match = ngx_pcre2_exec(rl->br->rx->regex,
++ str->data,
++ str->len,
++ tmp_idx,
++ captures,
++ 30)) >= 0)
++#elif defined nginx_version && (nginx_version >= 1002002 && nginx_version != 1003000)
+ (tmp_idx < len && (match = pcre_exec(rl->br->rx->regex->code,
+ 0,
+ (const char*)str->data,
+@@ -496,7 +572,9 @@ ngx_http_naxsi_pcre_wrapper(ngx_regex_compile_t* rx, unsigned char* str, unsigne
+ int match;
+ int captures[30];
+
+-#if defined nginx_version && (nginx_version >= 1002002 && nginx_version != 1003000)
++#if (NGX_PCRE2)
++ match = ngx_pcre2_exec(rx->regex, str, len, 0, captures, 1);
++#elif defined nginx_version && (nginx_version >= 1002002 && nginx_version != 1003000)
+ match = pcre_exec(rx->regex->code, 0, (const char*)str, len, 0, 0, captures, 1);
+ #elif defined nginx_version && (nginx_version > 1001011)
+ match = pcre_exec(rx->regex->pcre, 0, (const char*)str, len, 0, 0, captures, 1);
+diff --git a/naxsi_src/naxsi_utils.c b/naxsi_src/naxsi_utils.c
+index e3d6f185..d2ecedec 100644
+--- a/naxsi_src/naxsi_utils.c
++++ b/naxsi_src/naxsi_utils.c
+@@ -800,7 +800,11 @@ ngx_http_naxsi_create_hashtables_n(ngx_http_naxsi_loc_conf_t* dlc, ngx_conf_t* c
+ ngx_pcalloc(cf->pool, sizeof(ngx_regex_compile_t));
+ rgc = custloc_array(curr_r->br->custom_locations->elts)[name_idx].target_rx;
+ if (rgc) {
++#if (NGX_PCRE2)
++ rgc->options = PCRE2_CASELESS | PCRE2_MULTILINE;
++#else
+ rgc->options = PCRE_CASELESS | PCRE_MULTILINE;
++#endif
+ rgc->pattern = custloc_array(curr_r->br->custom_locations->elts)[name_idx].target;
+ rgc->pool = cf->pool;
+ rgc->err.len = 0;
+@@ -816,7 +820,11 @@ ngx_http_naxsi_create_hashtables_n(ngx_http_naxsi_loc_conf_t* dlc, ngx_conf_t* c
+ ngx_pcalloc(cf->pool, sizeof(ngx_regex_compile_t));
+ rgc = custloc_array(curr_r->br->custom_locations->elts)[uri_idx].target_rx;
+ if (rgc) {
++#if (NGX_PCRE2)
++ rgc->options = PCRE2_CASELESS | PCRE2_MULTILINE;
++#else
+ rgc->options = PCRE_CASELESS | PCRE_MULTILINE;
++#endif
+ rgc->pattern = custloc_array(curr_r->br->custom_locations->elts)[uri_idx].target;
+ rgc->pool = cf->pool;
+ rgc->err.len = 0;
--
2.39.0
_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot
^ permalink raw reply related [flat|nested] 2+ messages in thread
end of thread, other threads:[~2023-02-21 2:07 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2023-02-19 17:35 [Buildroot] [PATCH v2, 1/1] package/nginx-naxsi: fix build with pcre2 Fabrice Fontaine
2023-02-20 20:57 ` Thomas Petazzoni via buildroot
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.