Hi, I'm trying to create a port of libmodsecurity for OpenBSD. Unfortunately, src/utils/string.cc and src/utils/system.ccneed the header wordexp.h which is not available on OpenBSD. Can you make a workaround for this?. The OpenBSD developers will never implement this API.
I suggest using glob(3). wordexp is evil especially since most libc wordexp implementations execute a shell to glob the input.
@juanfra684 Working on the patch below as workaround. Worked fine so far on my Linux and OpenBSD builds, except that my Linker on BSD is a bit unhappy at the moment with some flags. Still investigating this other issue, but you may have different results...
From b93ecb5eec8276c3bf36d123f0a9c6e4a6fa1b8b Mon Sep 17 00:00:00 2001
From: Victor Hora <[email protected]>
Date: Thu, 19 Jul 2018 02:42:13 -0400
Subject: [PATCH] Use glob.h on OpenBSD
---
src/utils/string.cc | 4 ++++
src/utils/system.cc | 16 +++++++++++++++-
2 files changed, 19 insertions(+), 1 deletion(-)
diff --git a/src/utils/string.cc b/src/utils/string.cc
index 4732eec4..37c20a0d 100644
--- a/src/utils/string.cc
+++ b/src/utils/string.cc
@@ -17,7 +17,11 @@
#include <stdlib.h>
#include <stddef.h>
#include <string.h>
+#ifdef __OpenBSD__
+#include <glob.h>
+#else
#include <wordexp.h>
+#endif
#include <stdint.h>
#include <inttypes.h>
diff --git a/src/utils/system.cc b/src/utils/system.cc
index d832640e..730999e9 100644
--- a/src/utils/system.cc
+++ b/src/utils/system.cc
@@ -17,7 +17,11 @@
#include <stdlib.h>
#include <stddef.h>
#include <string.h>
+#ifdef __OpenBSD__
+#include <glob.h>
+#else
#include <wordexp.h>
+#endif
#include <stdint.h>
#include <inttypes.h>
@@ -119,10 +123,17 @@ std::string get_path(const std::string& file) {
std::list<std::string> expandEnv(const std::string& var, int flags) {
std::list<std::string> vars;
+#ifdef __OpenBSD__
+ glob_t p;
+ if (glob(var.c_str(), flags, NULL, &p) == false) {
+ if (p.gl_pathc) {
+ for (char** exp = p.gl_pathv; *exp; ++exp) {
+#else
wordexp_t p;
if (wordexp(var.c_str(), &p, flags) == false) {
if (p.we_wordc) {
for (char** exp = p.we_wordv; *exp; ++exp) {
+#endif
std::ifstream *iss = new std::ifstream(exp[0], std::ios::in);
if (iss->is_open()) {
iss->close();
@@ -131,12 +142,15 @@ std::list<std::string> expandEnv(const std::string& var, int flags) {
delete iss;
}
}
+#ifdef __OpenBSD__
+ globfree(&p);
+#else
wordfree(&p);
+#endif
}
return vars;
}
-
bool createDir(std::string dir, int mode, std::string *error) {
int ret = mkdir(dir.data(), mode);
if (ret != 0 && errno != EEXIST) {
--
2.17.0
@victorhora Robert found the problem with the linker:
@@ -18872,7 +18872,7 @@ fi
# General link options
-if test "$PLATFORM" != "MacOSX"; then
+if test "$PLATFORM" != "MacOSX" -a "$PLATFORM" != "OpenBSD"; then
GLOBAL_LDADD="-lrt "
fi
I'm waiting the approval for the libmodsecurity/nginx-modsecurity port. I will try to test your patch in the next days.
Oh damn. I wish I saw your comment before @juanfra684. Spent some time digging this issue until I've realized OpenBSD doesn't like static and I came out with the same patch as you did haha :/
Well I'll submit a pull request with both as soon as I can confirm it's not breaking anything on my local tests.
By the way, if you run into this issue: multi.c:62:24: error: variable has incomplete type 'struct timeval
You should be fine as ModSec is already compiled/linked, it's just the examples. If you want to omit the error message you can disable the examples compilation with:
./configure --enable-examples=no
I'll see if I can fix this and the testcases as well. Thanks.
The approval for the port is taking more time that the expected, so feel free to commit the change if you consider it correct.
@juanfra684 https://github.com/SpiderLabs/ModSecurity/pull/1852 is up for evaluation. Let us know if you face other issues with the OpenBSD build. Thanks.
Merged already. Closing this issue. Thanks!
Most helpful comment
@victorhora Robert found the problem with the linker:
I'm waiting the approval for the libmodsecurity/nginx-modsecurity port. I will try to test your patch in the next days.