Re: [mod-security-users] Segfault in Apache 2.2.9 with mod_security response filtering enabled
Brought to you by:
victorhora,
zimmerletw
From: Chris W. <c.d...@re...> - 2008-08-18 20:56:32
|
Brian Rectanus wrote: > Chris Wakelin wrote: >> Chris Wakelin wrote: >>> Chris Wakelin wrote: >>>> I've got a weird problem with Apache 2.2.9 and a particular page we >>>> reverse proxy, but only if a) response filtering is enabled in >>>> mod_security and b) it's Apache 2.2.9 (Apache 2.2.8 is fine). I've >>>> tried with mod_security 2.1.4, 2.1.5, 2.5.5 and 2.5.6, and core >>>> rules 1.6.1 and 1.5. >>>> >>> Something I just noticed, the downstream server (a Google Mini search >>> appliance) doesn't include Content-Length in its response: >>> >> >> Hope you guys enjoyed Blackhat etc. Did you get a chance to look at my >> segfault problem in Apache 2.2.9 where the downstream proxied server >> doesn't include Content-Length? >> >> I checked mod_substitute as a response filter with no problems (and >> actually mod_ssl is a response filter too I guess!). > > Sorry Chris, I thought you figured this out to be an Apache issue. I'll > take a closer look. > > Some questions, though: > > Have you reported a bug to Apache? If so what bug ID? Not yet. Is it likely to be an Apache bug? My guess is Apache changed something that mod_security relied on, but I may be completely wrong! > Is this only on Solaris 64 prefork? Or have you duplicated elsewhere? It's only Solaris I've tried. The binary is 32-bit though (compiled with GCC 3.4.3) but on a 64-bit platform. I think I tried worker as well (I'll try again to be sure). I could have a go on a Linux box instead, I suppose ... > > Would you get me a full backtrace (bt full) from gdb? > (gdb) bt full > #0 ap_http_outerror_filter (f=0xabd3f0, b=0xab2a10) at http_filters.c:1593 > r = (request_rec *) 0xabc5c0 > ctx = (outerror_filter_ctx_t *) 0xa9f4d8 > e = (apr_bucket *) 0xa446174 > #1 0x00045508 in ap_pass_brigade (next=0xabd3f0, bb=0xab2a10) at util_filter.c:526 > e = (apr_bucket *) 0x75652c20 > #2 0x0004a584 in ap_http_header_filter (f=0xabd3d8, b=0xab2a10) at http_filters.c:1302 > r = (request_rec *) 0xabc5c0 > c = (conn_rec *) 0xa9f418 > protocol = 0x604e0 "HTTP/1.1" > e = (apr_bucket *) 0xabd3c0 > b2 = (apr_bucket_brigade *) 0xa9f418 > h = {pool = 0xabc580, bb = 0xa9f418} > ctx = (header_filter_ctx *) 0x0 > ctype = 0xffbff3e0 "\r\n" > eb = (ap_bucket_error *) 0xffbff3e0 > #3 0x00045508 in ap_pass_brigade (next=0xabd3d8, bb=0xab2a10) at util_filter.c:526 > e = (apr_bucket *) 0x75652c20 > #4 0x000308d4 in ap_content_length_filter (f=0xabd3c0, b=0xab2a10) at protocol.c:1338 > r = (request_rec *) 0xabc5c0 > ctx = (struct content_length_ctx *) 0xa9f3a8 > e = (apr_bucket *) 0xa9cc48 > eos = 1 > eblock = APR_NONBLOCK_READ > #5 0x00045508 in ap_pass_brigade (next=0xabd3c0, bb=0xab2a10) at util_filter.c:526 > e = (apr_bucket *) 0x75652c20 > #6 0x0004bb34 in ap_byterange_filter (f=0xabd3a8, bb=0xab2a10) at byterange_filter.c:314 > r = (request_rec *) 0xabc5c0 > c = (conn_rec *) 0xa7bdf8 > ctx = (byterange_ctx *) 0x4b1f0 > e = (apr_bucket *) 0xabd3c0 > bsend = (apr_bucket_brigade *) 0x0 > range_start = 25781013456 > range_end = 4300325360 > current = 0x24221a22 <Address 0x24221a22 out of bounds> > clength = Unhandled dwarf expression opcode 0x93 Best Wishes, Chris -- --+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+- Christopher Wakelin, c.d...@re... IT Services Centre, The University of Reading, Tel: +44 (0)118 378 8439 Whiteknights, Reading, RG6 2AF, UK Fax: +44 (0)118 975 3094 |