[mod-security-users] Lua Segfaults
Brought to you by:
victorhora,
zimmerletw
From: Josh K. <jos...@gt...> - 2008-12-15 20:26:45
|
Testing out a Lua script today I discovered 2 mod_security variables which cause the apache process to segfault when accessed inside a lua script. The two variables are "ENV" and "RESPONSE_HEADERS_NAMES". An example script which will crash is: function main() m.log(1, "Entering the crasher") local var = m.getvar("RESPONSE_HEADERS_NAMES") m.log(1, "I made it, whew") return nil; end This was triggered with the rule: SecRuleScript /usr/local/sbin/modsec-scanner.lua "log,pass,phase:2" Also, it seems that while a REQUEST_BODY can be sent to the XML processor and validated using validateDTD or validateSchema, it is not available to the lua environment. And lastly, I would like to recommend that m.getvar() return 1 in all cases so that when the result is passed directly to a function like tostring() the function doesn't error about requiring a value to be passed. --- msc_lua.c.orig 2008-12-15 15:25:15.000000000 -0500 +++ msc_lua.c 2008-12-15 15:25:27.000000000 -0500 @@ -250,7 +250,7 @@ static int l_getvar(lua_State *L) { if (vx == NULL) { lua_pushnil(L); - return 0; + return 1; } /* Return variable value. */ should be all that is needed. Thanks, josh |