[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#1112093: bookworm-pu: package modsecurity-apache/2.9.7-1+deb12u2

On Tue, Aug 26, 2025 at 10:57:07AM +0200, Alberto Gonzalez Iniesta wrote:
>...
> ++    if (rc != OK) {
> ++        if (my_error_msg != NULL) {
> ++            msr_log(msr, 1, "%s", my_error_msg);
> +         }
> +-
> +         msr->msc_reqbody_error = 1;
> +         msr->msc_reqbody_error_msg = my_error_msg;
> ++        if (rc == HTTP_REQUEST_ENTITY_TOO_LARGE) {
> ++            msr->inbound_error = 1;
> ++        }
> ++        r->connection->keepalive = AP_CONN_CLOSE;
> ++        return rc;
>...

This keeps the lines

        msr->msc_reqbody_error = 1;
        msr->msc_reqbody_error_msg = my_error_msg;

These lines are removed in the upstream fix [1] and in the
trixie diff (#1112097).

Is this an intentional difference?

cu
Adrian

[1] https://github.com/owasp-modsecurity/ModSecurity/commit/dfbde557acc41d858dbe04d4b6eaec64478347ff#diff-bed0e89713f19f2d99baeb2645c2d8c15dc9172d400dcba1d844f73193d1775fL1083-L1084
Reply to: