Hello Peter,

This doesn't make sense audit test (10-audit-directives.) crashes SecUnicode directives.
For some reason your unicode filename is your audit log

mapfn ="/home/user/tmp/modsecurity/apache_2.6.6/tests/regression/server_root/logs/modsec_audit.log"

Is it happing when you start apache ? or just when run this regression audit test ?

Thanks
 

On Fri, Jul 27, 2012 at 1:54 AM, Peter Heimann <heimannp@web.de> wrote:
Environment: ModSecurity 2.6.6, Apache 2.2.22, AIX 5.3, IBM C compiler.
mod_security2.so makes Apache dump core during config file parsing.

ModSecurity 2.5.12 can be used in the same environment without crashes.

The core dump can be reproduced with the regression tests:

% ./run-regression-tests.pl regression/config/10-audit-directives.t 1

Loaded 11 tests from regression/config/10-audit-directives.t
Httpd start failed with signal 0.

Segmentation fault in unicode_map_init at line 151 in file
"msc_unicode.c" ($t1)
  151   }
(dbx) where
unicode_map_init(dcfg = 0x20032610, mapfn =
"/home/user/tmp/modsecurity-apache_2.6.6/tests/regression/server_root/logs/modsec_audit.log",
error_msg = 0x203e0ea8), line 151 in "msc_unicode.c"
unnamed block in cmd_audit_log(cmd = 0x2ff220e8, _dcfg = 0x200a6b58, p1
=
"/home/user/tmp/modsecurity-apache_2.6.6/tests/regression/server_root/logs/modsec_audit.log"),
line 1015 in "apache2_config.c"
invoke_cmd(cmd = 0x2039e838, parms = 0x2ff220e8, mconfig = 0x200a6b58,
args = ""), line 790 in "config.c"
unnamed block in ap_walk_config_sub(current = 0x200b1810, parms =
0x2ff220e8, section_vector = 0x2005dd00), line 1163 in "config.c"
ap_walk_config_sub(current = 0x200b1810, parms = 0x2ff220e8,
section_vector = 0x2005dd00), line 1163 in "config.c"
unnamed block in ap_walk_config(current = 0x200b1810, parms =
0x2ff220e8, section_vector = 0x2005dd00), line 1196 in "config.c"
ap_walk_config(current = 0x200b1810, parms = 0x2ff220e8, section_vector
= 0x2005dd00), line 1196 in "config.c"
ap_process_config_tree(s = 0x2005c970, conftree = 0x20073fd8, p =
0x20032610, ptemp = 0x20070800), line 1765 in "config.c"
main(argc = 11, argv = 0x2ff2225c), line 645 in "main.c"

(dbx) p *dcfg
(mp = 0x20030600, ruleset = 0x203de1e0, is_enabled = 0, reqbody_access =
537085480, reqintercept_oe = 537553736, reqbody_buffering = 537345736,
reqbody_inmemory_limit = 537052504, reqbody_limit = 0,
reqbody_no_files_limit = 0, resbody_access = 537593144, of_limit =
536874776, of_mime_types = 0x203e01d8, of_mime_types_cleared =
537077240, of_limit_action = 537077328, if_limit_action = 0,
debuglog_name = (nil), debuglog_level = 537077264, debuglog_fd =
0x200a6160, cookie_format = 537077328, argument_separator = 0,
rule_inheritance = 0, rule_exceptions = 0x00000100, auditlog_flag = 264,
auditlog_type = 511, auditlog_dirperms = -249061308, auditlog_fileperms
= 0, auditlog_name = (nil), auditlog2_name = "", auditlog_fd =
0x200328d0, auditlog2_fd = 0x20032978, auditlog_storage_dir = "",
auditlog_parts = "", auditlog_relevant_regex = 0x20032860, tmp_dir =
(nil), upload_dir = "", upload_keep_files = 0, upload_validates_files =
0, upload_filemode = 537077688, upload_file_limit = 537078024,
tmp_chain_starter = 0x200329a8, tmp_default_actionset = 0x20032898,
tmp_rule_placeholders = 0x20032788, data_dir = (nil), webappid = (nil),
content_injection_enabled = 536994072, stream_inbody_inspection =
-249061416, stream_outbody_inspection = 0, geo = 0x2000d650, gsb =
0x200085e0, u_map = (nil), cache_trans = 1013213554,
cache_trans_incremental = 1701016687, cache_trans_min = 1920532480,
cache_trans_max = 0, cache_trans_maxitems = 0, component_signatures =
0x945f8b11, request_encoding = "<directory", disable_backend_compression
= 10, col_timeout = 537077448)

(dbx) p *error_msg
warning: Unable to access address 0x2f686f6d from core
(invalid char ptr (0x2f686f6d))

ModSecurity has been configured with:

C="xlc_r -g" ; export CC
./configure --prefix=/usr/local/apache \
--with-apxs=/usr/local/apache/bin/apxs \
--with-apr=/usr/local/apache/bin \
--with-apu=/usr/local/apache/bin \
--with-curl=/usr/local/curl \
--with-libxml=/usr/local/libxml \
--with-pcre=/home/user/tmp/httpd-2.2.22/srclib/pcre \
--enable-pcre-match-limit=10000 \
--enable-pcre-match-limit-recursion=10000

The normal test does not show any obvious problems:
% make CFLAGS=-DMSC_TEST test
All tests passed (574).

How can I further pinpoint the source of the crash?

--
Peter Heimann

------------------------------------------------------------------------------
Live Security Virtual Conference
Exclusive live event will cover all the ways today's security and
threat landscape has changed and how IT managers can respond. Discussions
will include endpoint security, mobile security and the latest in malware
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
_______________________________________________
mod-security-users mailing list
mod-security-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/mod-security-users
Commercial ModSecurity Rules and Support from Trustwave's SpiderLabs:
http://www.modsecurity.org/projects/commercial/rules/
http://www.modsecurity.org/projects/commercial/support/