Yes. Looks like for some reason the regex is not being compiled.

I will investigate it


On Wed, May 22, 2013 at 9:47 AM, Pavel Mateja <pavel@netsafe.cz> wrote:
> You should do:
>
> Make sure there is a core dump area with something like:
>
>   CoreDumpDirectory /tmp
>
> Make sure limits are set to dump core:
>
>   ulimit -c unlimited
>
> Restart and trigger the error.  A core file should be in the directory
> you specified.
>
> Then use gdb to get a backtrace:
>
> gdb /path/to/httpd /path/to/core --batch --quiet \
>   -ex "thread apply all bt full" > backtrace.log

Hi again. I'm confused.

The bug is triggered by msc_test forked by make test not httpd. Just like the
core says:
core: ELF 32-bit LSB core file Intel 80386, version 1 (SYSV), SVR4-style, from
'./msc_test -t op -n rx -p (?^i:^([^=])\s*=\s*((?:abc)+(?:def|ghi){2})$) -D 0
-r'
And gdb complains about right binary:
warning: core file may not match specified executable file.

I tried to get backtrace against msc_test but I got:
warning: Can't read pathname for load map: Input/output error.
and the backtrace is useless:

[New LWP 2179]
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib/i386-linux-
gnu/i686/nosegneg/libthread_db.so.1".
Core was generated by `./msc_test -t op -n rx -p
(?^i:^([^=])\s*=\s*((?:abc)+(?:def|ghi){2})$) -D 0 -r'.
Program terminated with signal 11, Segmentation fault.
#0  0x080561d6 in msre_op_rx_execute ()

Thread 1 (Thread 0x4046c870 (LWP 2179)):
#0  0x080561d6 in msre_op_rx_execute ()
No symbol table info available.
#1  0x0804c40e in test_op ()
No symbol table info available.
#2  0x0804d9d3 in main ()
No symbol table info available.
--
Pavel Mateja

> On Wed, May 22, 2013 at 9:32 AM, Pavel Mateja <pavel@netsafe.cz> wrote:
> > > Hello Pavel,
> > >
> > > Are you running make CFLAGS=-DMSC_TEST test right ?
> >
> > Yes, I am.
> >
> > > Can you send me your backtrace ?
> >
> > Sure. What exactly do you need?
> >
> > > Thanks
> > >
> > > On Wed, May 22, 2013 at 8:05 AM, Rainer Jung <rainer.jung@kippdata.de
> > >
> > >wrote:
> > > > On 22.05.2013 10:22, Pavel Mateja wrote:
> > > > > Hi guys,
> > > > > I've upgraded our debian servers from wheezy to squeeze and I can't
> > > > > pass
> > > >
> > > > "make
> > > >
> > > > > test" of modsecurity any more:
> > > > >
> > > > > Loaded 8 tests from ./op/rx.t
> > > > >
> > > > >      1) op "rx": passed (Pattern match "" at UNIT_TEST.)
> > > > >      2) op "rx": passed
> > > > >      3) op "rx": passed (Pattern match "" at UNIT_TEST.)
> > > > >      4) op "rx": passed (Pattern match "abc" at UNIT_TEST.)
> > > > >      5) op "rx": passed (Pattern match "def" at UNIT_TEST.)
> > > > >      6) op "rx": passed (Pattern match "ghi" at UNIT_TEST.)
> > > > >      7) op "rx": passed
> > > > >
> > > > > ERROR: Failed to create rule for op "rx": Error creating rule:
> > > > > Error
> > > >
> > > > compiling
> > > >
> > > > > pattern (offset 2): unrecognized character after (? or (?-
> > > > > Test exited with signal 11.
> > > > > Executed: ./msc_test "-t" "op" "-n" "rx" "-p"
> > > > > "(?^i:^([^=])\s*=\s*((?:abc)+(?:def|ghi){2})$)" "-D" "0" "-r" "1"
> > > > >
> > > > >      8) op "rx": failed
> > > > >
> > > > > Passed:  7; Failed:  1
> > > > >
> > > > > I've tried version 2.7.2 which passed test on old debian and latest
> > > >
> > > > 2.7.3.
> > > >
> > > > > Both failed on the same place.
> > > > >
> > > > > Compilation parameters were:
> > > > > ./configure --prefix=/apache/modules/ --with-apxs=/apache/bin/apxs
> > > >
> > > > --with-
> > > >
> > > > > apr=/apache/bin/apr-1-config --with-apu=/apache/bin/apu-1-config
> > > >
> > > > --enable-pcre-
> > > >
> > > > > match-limit=50000 --enable-pcre-match-limit-recursion=10000
> > > >
> > > > --disable-mlogc
> > > >
> > > > Since it exits with signal 11 it might be related to this bug:
> > > >
> > > > https://github.com/SpiderLabs/ModSecurity/issues/23
> > > >
> > > > It was fixed in this commit
> >
> > https://github.com/SpiderLabs/ModSecurity/commit/3f6c14de5993b8b2c66e6317
> >
> > > > af1680f2a007aead
> > > >
> > > > and should be part of 2.7.2 and later. Maybe the fix didn't catch all
> > > > similar situations?
> > > >
> > > > Regards,
> > > >
> > > > Rainer
> >
> > -------------------------------------------------------------------------
> >
> > > > ----- Try New Relic Now & We'll Send You this Cool Shirt
> > > > New Relic is the only SaaS-based application performance monitoring
> > > > service that delivers powerful full stack analytics. Optimize and
> > > > monitor your browser, app, & servers with just a few lines of code.
> > > > Try New Relic and get this awesome Nerd Life shirt!
> > > > http://p.sf.net/sfu/newrelic_d2d_may
> > > > _______________________________________________
> > > > mod-security-developers mailing list
> > > > mod-security-developers@lists.sourceforge.net
> > > > https://lists.sourceforge.net/lists/listinfo/mod-security-developers
> > > > ModSecurity Services from Trustwave's SpiderLabs:
> > > > https://www.trustwave.com/spiderLabs.php
> >
> > --
> > Pavel Mateja
> >
> >
> > -------------------------------------------------------------------------
> > ----- Try New Relic Now & We'll Send You this Cool Shirt
> > New Relic is the only SaaS-based application performance monitoring
> > service that delivers powerful full stack analytics. Optimize and
> > monitor your browser, app, & servers with just a few lines of code. Try
> > New Relic and get this awesome Nerd Life shirt!
> > http://p.sf.net/sfu/newrelic_d2d_may
> > _______________________________________________
> > mod-security-developers mailing list
> > mod-security-developers@lists.sourceforge.net
> > https://lists.sourceforge.net/lists/listinfo/mod-security-developers
> > ModSecurity Services from Trustwave's SpiderLabs:
> > https://www.trustwave.com/spiderLabs.php

------------------------------------------------------------------------------
Try New Relic Now & We'll Send You this Cool Shirt
New Relic is the only SaaS-based application performance monitoring service
that delivers powerful full stack analytics. Optimize and monitor your
browser, app, & servers with just a few lines of code. Try New Relic
and get this awesome Nerd Life shirt! http://p.sf.net/sfu/newrelic_d2d_may
_______________________________________________
mod-security-developers mailing list
mod-security-developers@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/mod-security-developers
ModSecurity Services from Trustwave's SpiderLabs:
https://www.trustwave.com/spiderLabs.php