Security: fix critical vulnerabilities and harden module
Security fixes:
#1 Buffer overflow: Validate socket path length against sun_path limit
- Add MAX_SOCKET_PATH_LEN constant
- Reject paths >= 108 bytes before snprintf
#2,#3 NULL pointer dereference: Add NULL checks
- r->connection->local_ip: use conditional append
- r->protocol: fallback to "UNKNOWN" if NULL
#4 Sensitive headers blacklist: Prevent credential leakage
- Add DEFAULT_SENSITIVE_HEADERS[] blacklist
- Block: Authorization, Cookie, Set-Cookie, X-Api-Key, etc.
- Log skipped headers at DEBUG level only
#5 Memory exhaustion DoS: Add MAX_JSON_SIZE limit (64KB)
- Check buffer size before adding headers
- Truncate header list if limit reached
#6 Socket permissions: Change 0o666 → 0o660
- Owner and group only (not world-writable)
- Apache user must be in socket's group
#7 Race condition: Add mutex for FD access in worker/event MPMs
- apr_thread_mutex_t protects socket_fd
- FD_MUTEX_LOCK/UNLOCK macros
- Created in reqin_log_create_server_conf()
#8 Timestamp overflow: Document 2262 limitation
- Add comment explaining apr_time_t limits
- Safe until ~2262 (uint64 nanoseconds)
#9 Error logging verbosity: Reduce information disclosure
- APLOG_ERR: Generic messages only
- APLOG_DEBUG: Detailed error information
#10 Socket path security: Move from /tmp to /var/run
- Update socket_consumer.py, test scripts
- Use environment variable MOD_REQIN_LOG_SOCKET
- More secure default location
Files modified:
- src/mod_reqin_log.c: All security fixes
- scripts/socket_consumer.py: Permissions, path
- scripts/run_integration_tests.sh: Path security
- scripts/test_unix_socket.sh: Path security
- tests/integration/test_integration.py: Path security
Co-authored-by: Qwen-Coder <qwen-coder@alibabacloud.com>
e44059865b