[mod-security-users] modsecurity memory leak with ruleUpdateTargetById
Brought to you by:
victorhora,
zimmerletw
From: <rp-...@be...> - 2012-06-22 18:25:37
|
Hello, There appears to be a significant memory leak when using modsecurity (v. 2.6.6 and earlier) with ruleUpdateTargetById directive *and* using alternation. ##################### # Memory usage sample: ##################### Memory usage(RSS) starts out at about 27m per apache child. An apache child process grew to >300m RSS after handling only about 100 requests. ##################### # Version info: ##################### - modsecurity version info: ModSecurity for Apache/2.6.6 (http://www.modsecurity.org/) configured. ModSecurity: APR compiled version="1.2.7"; loaded version="1.2.7" ModSecurity: PCRE compiled version="6.6"; loaded version="6.6 06-Feb-2006" ModSecurity: LIBXML compiled version="2.6.26" ##################### # Steps to reproduce: ##################### # Using a rule like this causes a memleak: SecAction "phase:1,nolog,noauditlog,pass, \ ctl:'ruleUpdateTargetById=950109;!ARGS:q|!ARGS:id|!ARGS:prefix|!ARGS:suffix', \ ctl:'ruleUpdateTargetById=950901;!ARGS:q|!ARGS:id|!ARGS:prefix|!ARGS:suffix', \ ctl:'ruleUpdateTargetById=950006;!ARGS:q|!ARGS:id|!ARGS:prefix|!ARGS:suffix'" # This rule does *not* cause a memleak (eg w/o alternation) SecAction "phase:1,nolog,noauditlog,pass, \ ctl:'ruleUpdateTargetById=950109;!ARGS:q', \ ctl:'ruleUpdateTargetById=950901;!ARGS:q', \ ctl:'ruleUpdateTargetById=950006;!ARGS:q'" -RP |