Re: [Mod-security-developers] segfaults on JSON request body processor
Brought to you by:
victorhora,
zimmerletw
From: Felipe C. <FC...@tr...> - 2014-02-13 03:26:02
|
Hi Bruno, Thank you for the report. Do you mind to generate more information using GDB? I've just create a guide on how to use GDB to help in the bug reporting process, it is available under our wiki: https://github.com/SpiderLabs/ModSecurity/wiki/Debugging-ModSecurity Thanks, Felipe "Zimmerle" Costa Security Researcher, SpiderLabs Trustwave | SMART SECURITY ON DEMAND www.trustwave.com<http://www.trustwave.com/> On Feb 12, 2014, at 9:23 AM, Bruno Savioli de Almeida <br...@sa...<mailto:br...@sa...>> wrote: Hi, I'm testing the JSON patches from the json_top_of_2_7_7 branch and I'm getting what appears to be random segfaults. I say random because I haven't managed to identify any patterns on the type of requests that segfaults. Test environment: Centos 6.5 x86_64 httpd-2.2.15-29.el6.centos.x86_64 mod_security compiled with yajl-2.0.5 I'm running mod_security in DETECTION_ONLY mode, with the owasp crs and JSON requestBodyProcessor enabled When the request segfaults, the audit log only records parts A and B: To avoid making this email too long, logs are here: http://pastebin.com/MnehgvJw Let me know if I can help with any more information. Thanks, -- - Bruno ------------------------------------------------------------------------------ Android apps run on BlackBerry 10 Introducing the new BlackBerry 10.2.1 Runtime for Android apps. Now with support for Jelly Bean, Bluetooth, Mapview and more. Get your Android app in front of a whole new audience. Start now. http://pubads.g.doubleclick.net/gampad/clk?id=124407151&iu=/4140/ostg.clktrk_______________________________________________ mod-security-developers mailing list mod...@li... https://lists.sourceforge.net/lists/listinfo/mod-security-developers ModSecurity Services from Trustwave's SpiderLabs: https://www.trustwave.com/spiderLabs.php ________________________________ This transmission may contain information that is privileged, confidential, and/or exempt from disclosure under applicable law. If you are not the intended recipient, you are hereby notified that any disclosure, copying, distribution, or use of the information contained herein (including any reliance thereon) is strictly prohibited. If you received this transmission in error, please immediately contact the sender and destroy the material in its entirety, whether in electronic or hard copy format. |