Hi Breno,

I was trying to run the regression tests and "config/10-misc-directives.t:SecWebAppId" was failing sporadically.

Whenever it failed, in the server errors log I saw the following msg
"Audit log: Failed writing (requested 15 bytes, written 0)"

On tracing, I found that during "config/10-misc-directives.t:SecTmpDir/SecUploadDir/SecUploadKeepFiles" test, which was before SecWebAppId test, ModSecurity opened a multipart temp file, wrote some test data and closed it and during cleanup (called during the reconfiguration of the server to pick up the next test configuration) it was again trying to close the same file descriptor which was by then allocated for SecWebAppId test's audit log file.

HTH,
Seema.

On Tue, Jul 24, 2012 at 6:49 PM, Breno Silva <breno.silva@gmail.com> wrote:
Thanks Seema i will take a look.

What kind of effect are you seeing ? any error message ?

Thanks

Breno

On Tue, Jul 24, 2012 at 7:52 AM, seema deepak <seema.deepak@gmail.com> wrote:
Hi,

I came across a bug while using ModSecurity 2.6.5 with our server.
Multipart code tries to close the descriptor more than once; once in multipart_process_boundary() and again in multipart_cleanup().

Below change in multipart_process_boundary() fixed the issue.
================================
--- modsecurity-apache/apache2/msc_multipart.c Fri Jul 20 06:08:39 2012 -0700
+++ modsecurity-apache/apache2/msc_multipart.c Fri Jul 20 06:11:42 2012 -0700
@@ -581,6 +581,7 @@
&&(msr->mpd->mpp->tmp_file_fd != 0))
         {
             close(msr->mpd->mpp->tmp_file_fd);
+            msr->mpd->mpp->tmp_file_fd = -1;
         }
================================

I don't know if this has already been fixed in the latest version.

Thanks and Regards,
Seema.
------------------------------------------------------------------------------
Live Security Virtual Conference
Exclusive live event will cover all the ways today's security and
threat landscape has changed and how IT managers can respond. Discussions
will include endpoint security, mobile security and the latest in malware
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
_______________________________________________
mod-security-developers mailing list
mod-security-developers@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/mod-security-developers
ModSecurity Services from Trustwave's SpiderLabs:
https://www.trustwave.com/spiderLabs.php


------------------------------------------------------------------------------
Live Security Virtual Conference
Exclusive live event will cover all the ways today's security and
threat landscape has changed and how IT managers can respond. Discussions
will include endpoint security, mobile security and the latest in malware
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
_______________________________________________
mod-security-developers mailing list
mod-security-developers@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/mod-security-developers
ModSecurity Services from Trustwave's SpiderLabs:
https://www.trustwave.com/spiderLabs.php